[Freeipa-users] Sudo issues with FreeIPA
Dmitri Pal
dpal at redhat.com
Tue Dec 17 23:47:58 UTC 2013
On 12/17/2013 06:34 PM, Dimitar Georgievski wrote:
> Hi,
>
> I am running FreeIPA 3.3.3 on CentOS 6.5. Everything works fine
> except that I have problem enforcing sudo policies on the hosts that
> are part of the managed domain.
>
> When trying to run the following simple command as a user managed by
> FreeIPA I got the following response:
>
> /> sudo /usr/bin/vim test.txt
> /
> /jsmith is not allowed to run sudo on myhost. This incident will be
> reported./
> /
> /
> / /I might have missed in the configuration of the serve or SSSD on
> the client host.
>
> Is there any guideline for sudo integration with FreeIPA?
>
> The following is the SSSD configuration on the client host:
>
> [domain/example.net <http://example.net>]
>
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = example.net <http://example.net>
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> sudo_provider = ldap
> ldap_tls_cacert = /etc/ipa/ca.crt
> ipa_hostname = ipaserver.example.net <http://ipaserver.example.net>
> chpass_provider = ipa
> ipa_server = _srv_
> ipa_backup_server = replica.example.net <http://replica.example.net>
>
>
> dns_discovery_domain = example.net <http://example.net>
>
>
>
> [sssd]
> services = nss, pam, ssh, sudo
> config_file_version = 2
>
> domains = example.net <http://example.net>
> [nss]
>
> [pam]
>
> [sudo]
> debug_level = 0x3ff0
>
> [autofs]
>
> [ssh]
>
> [pac]
>
> Thanks,
>
> Dimitar
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131217/b67f592f/attachment.htm>
More information about the Freeipa-users
mailing list