[Freeipa-users] Setting up sudo in FreeIPA v2.2

[Dmitri Pal]

On 10/16/2012 06:04 PM, Rob Crittenden wrote:
> Toasted Penguin wrote:
>> I have the server setup to manage sudo and I configured a target client
>> to use the IPA server for sudo.  When a user tries to use sudo (in this
>> case "sudo su -") it fails and they get the error "user is not allowed
>> to run sudo on client-host.  This incident will be reported." I verified
>> via the log files that the client is making requests to the IPA server
>> when the user is attemping to use sudo and it fails.  I temporarily
>> disabled using the IPA server for sudo and I get the standard "User not
>> in the sudoers file...."
>> Its starting to look like the server rules maybe the issue but I believe
>> I have the sudo rule setup correctly.  I created a sudo command
>> "/bin/su", created a sudo rule "Sudo to root" , added the group the user
>> in question is a part of to the WHO-->User Groups; Added the Host Group
>> the target client host is part of to Access This Host-->Host Groups
>> and added the sudo command to the sudo rule via Allow-->Sudo Allow
>> Commands.  When I delete the sudo rule I get the same result as I did
>> when I temporarily disbled the client host using tghe IPA server for
>> sudo verification.
>> Any ideas why or where to look to figure out this issue?
>> Thanks,
>> David
>
> I took a look at the docs and they state to edit /etc/nscld.conf. You
> want /etc/ldap.conf for the configuration. Can you give that a try?
>
> Adding sudoers_debug 2 should provide copious information on stdout.
>

Also following another thread might help
https://www.redhat.com/archives/freeipa-users/2012-October/msg00097.html

> rob
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/