[Freeipa-users] Sudo issues with FreeIPA
Dimitar Georgievski
mitkany at gmail.com
Tue Dec 17 23:34:19 UTC 2013
Hi,
I am running FreeIPA 3.3.3 on CentOS 6.5. Everything works fine except
that I have problem enforcing sudo policies on the hosts that are part of
the managed domain.
When trying to run the following simple command as a user managed by
FreeIPA I got the following response:
*> sudo /usr/bin/vim test.txt*
*jsmith is not allowed to run sudo on myhost. This incident will be
reported.*
I might have missed in the configuration of the serve or SSSD on the
client host.
Is there any guideline for sudo integration with FreeIPA?
The following is the SSSD configuration on the client host:
[domain/example.net]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.net
id_provider = ipa
auth_provider = ipa
access_provider = ipa
sudo_provider = ldap
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname = ipaserver.example.net
chpass_provider = ipa
ipa_server = _srv_
ipa_backup_server = replica.example.net
dns_discovery_domain = example.net
[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2
domains = example.net
[nss]
[pam]
[sudo]
debug_level = 0x3ff0
[autofs]
[ssh]
[pac]
Thanks,
Dimitar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131217/ba9fa0af/attachment.htm>
More information about the Freeipa-users
mailing list