Hi,

I have configured sudoers in my environment. But when I try to execute a command using sudo, the commands fails to get executed saying “sysadmin is not in the sudoers file. This incident will be reported.”

I am using sysadmin account as mentioned in the below sudoers ldif file.

sysadmin@10.150.14.144's password:

Last login: Mon Aug 29 14:58:50 2011 from 10.150.10.158

Could not chdir to home directory /home/sysadmin: No such file or directory

-bash-3.2$ sudo ls

[sudo] password for sysadmin:

sysadmin is not in the sudoers file. This incident will be reported.

-bash-3.2$ sudo -V

Sudo version 1.7.2p1

-bash-3.2$ sudo -l

[sudo] password for sysadmin:

Sorry, user sysadmin may not run sudo on devonly144.

-bash-3.2

On Server the sudoers file is

/etc/openldap/slapd.conf

include /usr/share/openldap2.4/schema/sudo.schema

index sudoUser eq

/etc/openldap/ldap.conf

sudoers_base ou=SUDOers,dc=comverse-in,dc=com

sudoers.ldif

# SUDOers, comverse-in.com

dn: ou=SUDOers,dc=comverse-in,dc=com

objectClass: top

objectClass: organizationalUnit

ou: SUDOers

dn: cn=defaults,ou=SUDOers,dc=comverse-in,dc=com

objectClass: top

objectClass: sudoRole

cn: defaults

description: Default sudoOption's go here

sudoOption: syslog=auth

dn: cn=root,ou=SUDOers,dc=comverse-in,dc=com

objectClass: top

objectClass: sudoRole

cn: root

sudoUser: root

sudoUser: sysadmin

sudoHost: ALL

sudoRunAsUser: ALL

sudoCommand: ALL

dn: cn=%wheel,ou=SUDOers,dc=comverse-in,dc=com

objectClass: top

objectClass: sudoRole

cn: %wheel

sudoUser: %wheel

sudoHost: ALL

sudoRunAsUser: ALL

sudoCommand: ALL

dn: cn=operator,ou=SUDOers,dc=comverse-in,dc=com

objectClass: top

objectClass: sudoRole

cn: operator

sudoUser: operator

sudoHost: ALL

sudoCommand: /usr/sbin/dump

sudoCommand: /usr/sbin/rdump

sudoCommand: /usr/sbin/restore

sudoCommand: /usr/sbin/rrestore

sudoCommand: /usr/bin/mt

sudoCommand: /usr/bin/kill

sudoCommand: /usr/sbin/shutdown

sudoCommand: /usr/sbin/halt

sudoCommand: /usr/sbin/reboot

sudoCommand: /usr/sbin/lpc

sudoCommand: /usr/bin/lprm

sudoCommand: sudoedit /etc/printcap

sudoCommand: /usr/oper/bin/

dn: cn=ALL,ou=SUDOers,dc=comverse-in,dc=com

objectClass: top

objectClass: sudoRole

cn: ALL

sudoUser: ALL

sudoHost: orion

sudoCommand: /sbin/umount /CDROM

sudoCommand: /sbin/mount -o nosuid\

sudoCommand: nodev /dev/cd0a /CDROM

sudoOption: !authenticate

On client:

/etc/ldap.conf

sudoers_base ou=SUDOers,dc=comverse-in,dc=com

nss_base_passwd ou=People,dc=comverse-in,dc=com?one

nss_base_shadow ou=People,dc=comverse-in,dc=com?one

nss_base_group ou=Group,dc=comverse-in,dc=com?one

/etc/pam.d/login

#%PAM-1.0

auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so

auth include system-auth

auth required pam_securetty.so

auth sufficient pam_ldap.so

auth required pam_stack.so service=system-auth

auth required pam_nologin.so

account required pam_nologin.so

account include system-auth

account sufficient pam_ldap.so

account required pam_stack.so service=system-auth

password include system-auth

password sufficient pam_ldap.so

password required pam_stack.so service=system-auth

# pam_selinux.so close should be the first session rule

session required pam_selinux.so close

session include system-auth

session required pam_loginuid.so

session optional pam_console.so

# pam_selinux.so open should only be followed by sessions to be executed in the user context

session required pam_selinux.so open

session optional pam_keyinit.so force revoke

session sufficient pam_ldap.so

session required pam_stack.so service=system-auth

session optional pam_console.so

session required /lib/security/pam_limits.so

/etc/nsswitch.conf

passwd: ldap files

shadow: ldap files

group: ldap files

Thanks and Regards,

Naga Chaitanya