Well, after three days of beating my head against my desk, I'm waving the white flag. I've got a CentOS 6.4 box (yeah, I know) that I blew away the OpenLDAP client and installed the freeipa-client as we're transitioning off this terrible OpenLDAP implementation here. Everything installed fine, and while I'm still tweaking the ansible playbook for completely flushing PAM and OpenLDAP stuff off the box (we have more than 100 other C6 boxes to migrate), everything works fine with logging in using our IPA credentials.
The only thing that /doesn't/ work is sudo. While debugging it, it was suggested (on the FreeIPA list) to update sudo. I've got a C6.4 box that I fully updated and sudo works fine on it. Unfortunately, I can't update this one fully, so I'm trying to update sudo only. The current version on this box is 1.8.6-7.el6.x86_64.
Here's the head scratcher. I cannot, in any fashion get yum to update sudo, it says no packages are marked for update. I tried simply downloading the RPM and installing and I get this:
[root@secure nnsops]# yum localinstall sudo-1.8.6p3-29.el6_9.x86_64.rpm Loaded plugins: changelog, fastestmirror Setting up Local Package Process Examining sudo-1.8.6p3-29.el6_9.x86_64.rpm: sudo-1.8.6p3-29.el6_9.x86_64 Nothing to do
A couple of people on the IPA list suggested explictly using the 6.9 repo URL. Nothing. So, I ran a yum update to see what packages would update and sudo isn't one of them. I've rebuilt the RPM database with no change in result. I'm completely at a loss here, and I've been using RPM and Yum for two decades.
Any other ideas?