[Freeipa-users] IPA Sudo - RHEL5
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Wed Feb 1 18:16:40 UTC 2012
On 02/01/2012 03:43 AM, Westerlund Johnny wrote:
> You pointed me in the correct direction. I only needed to setup ldap.conf in a correct way and it worked perfectly.
> the documentation for setting up sudo on rhel6 describes how to setup the nslcd.conf, i just did ldap.conf a symlink of that file and it worked.
>
> Thanks alot for your input.
>
> Regards
> johnny
>
> ________________________________________
> Från: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] för Stephen Gallagher [sgallagh at redhat.com]
> Skickat: den 1 februari 2012 13:35
> Till: freeipa-users at redhat.com
> Ämne: Re: [Freeipa-users] IPA Sudo - RHEL5
>
> On Wed, 2012-02-01 at 08:51 +0100, Westerlund Johnny wrote:
>> Hey all,
>>
>> I've been running IPA on a RHEL6.2 and so far it's looking great. HBAC
>> is awsome. The other machines in the domain is another RHEL 6.2 and one
>> RHEL 5.7.
>>
>> I've also configured SUDO and it was working great on all machines. But
>> thats changed now. The RHEL 6.2 and the ipaserver itself (also rhel6.2)
>> works great. But the RHEL 5.7 stopped working the other day, and
>> nothing i do can make it work again.
>>
>> I've followed the documentation at:
>> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/sudo.html
>> But i just cant seem to find the problem, so i'm starting to wonder if
>> it broke when i patched the system the other day.
>>
>> Both login and HBAC rules seem to work fine on the 5.7 box, but not
>> SUDO. I've tried running the sssd daemon interactivly and in debug
>> mode (sssd -i -d6) but it's hard to know what to look for. Anyone able
>> to give some troubleshooting tips?
>
> SUDO support doesn't go through SSSD[1]. It uses its own internal LDAP
> driver to talk to FreeIPA. So if you're suddenly having trouble there,
> I'd look into the sudo package.
>
>
>
> [1] This is a feature we're working on for Fedora and will be coming in
> future versions of RHEL 6, but probably not for RHEL 5
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
Just wanted to add here, that the Red Hat docs for 5.8 beta include and
identity management doc that specifies how to set this up under RHEL 5.
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5-Beta/html/Configuring_Identity_Management/configuring-rhel5.html#Setting_up_sudo_Rules-Client_Configuration_for_sudo_Rules
-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120201/2fd6b3eb/attachment.sig>
More information about the Freeipa-users
mailing list