[Freeipa-users] Sudo Commands and groups confusion
Alexander Bokovoy
abokovoy at redhat.com
Wed Jun 12 09:10:31 UTC 2013
On Wed, 12 Jun 2013, Matt . wrote:
>Hi,
>
>A lot of people seem to have problem with Sudo and FreeIPA.
>
>How to enable sudo is described here:
>
>http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
>
>The problem we are facing, also discussed on IRC is that there is looked in
>the local sudoers file of the client if the loggedin user may sudo. Of
>course the username is not known there.
Not sure what exactly is your problem? Could you please rephrase and
show it with logs again?
If you are using SSSD's sudo integration against IPA server, then here
is what you need to get it working on Fedora 18/19 and RHEL 6.4:
1. install libsss_sudo package
2. Add/change following line to /etc/nsswitch.conf
sudoers: files sss
3. Make sure your /etc/sssd/sssd.conf looks like this example:
http://abbra.fedorapeople.org/.paste/sssd.conf.example
4. Restart sssd
These are the only actions I needed to get sudo working for IPA users on
Fedora 19 and RHEL 6.4.
Please note that
sudoers: files sss
gives you chance to have local users configured in local sudoers. If you
don't want them to be able to use sudo, just change the line in
/etc/nsswitch.conf to
sudoers: sss
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list