[sudo-users] cannot sudo after short time - ldap/nis configuration

Singh, Radesh (GTS) radesh_singh at ml.com
Wed Oct 21 12:34:09 EDT 2009


In the instances where I've seen this type of thing occur was with AD
users on systems using winbind. We had to run getent to refresh the
cache and keep things working fine. In those cases, we upgraded winbind
and saw the issue go away. It's been many moons, so I don't remember the
version of winbind or samba, but just a thought...


"...it is a gross language, one in which all sorts of sacrilege are
committed" - Shawn Singh commenting on vbscript

-----Original Message-----
From: sudo-users-bounces at courtesan.com
[mailto:sudo-users-bounces at courtesan.com] On Behalf Of Tony G.
Sent: Wednesday, October 21, 2009 12:19 PM
To: Jason Hamilton
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] cannot sudo after short time - ldap/nis

Have you tried to login and run sudo with nscd turned off? nscd can be a
nightmare or can be really helpful, try to verify it working without

Do you have sudoers in nsswitch.conf?

On Tue, Oct 20, 2009 at 9:07 AM, Jason Hamilton
<jason at meanasspenguin.org>wrote:

> Hi all,
> I've not been very successful finding a fix for this on google, so any
> help is appreciated.
> Running centos 5, with sudo "sudo-1.6.9p17-3.el5_3.1". The system is
> configured with ldap/nis and sudoers_base is also configured through
> LDAP. Everything works great upon initial login, I can 'sudo' whatever
> and it works - then a little while later - maybe 5 minutes, I get:
> me at foo:[12:03:36 PM]~$ sudo ls
> sudo: uid 1000 does not exist in the passwd file!
> me at foo:[12:04:25 PM]~$
> now, if I run "getent passwd me"
> the system looks at ldap, and gives me the user data and then sudo
> again.
> I'm running nscd on the system and it appears to be working properly.
> there something that I'm missing? I don't really want to run 'getent'
> a cron or some other hinky workaround.
> Thanks for any tips.
> --
> -Jason
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:

This message w/attachments (message) may be privileged, confidential or proprietary, and if you are not an intended recipient, please notify the sender, do not use or share it and delete it. The information contained in this e-mail was obtained from sources believed to be reliable; however, the accuracy or completeness of this information is not guaranteed. Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Merrill Lynch. Subject to applicable law, Merrill Lynch may monitor, review and retain e-communications (EC) traveling through its networks/systems. The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaran teed to be secure or error-free. References to "Merrill Lynch" are references to any company in the Merrill Lynch & Co., Inc. group of companies, which are wholly-owned by Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Past performance is no guarantee of future results. Attachments that are part of this E-communication may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link: http://www.ml.com/e-communications_terms/. By messaging with Merrill Lynch you consent to the foregoing.

More information about the sudo-users mailing list