[Freeipa-users] Sudo Commands and groups confusion
James Hogarth
james.hogarth at gmail.com
Fri Jun 14 12:36:16 UTC 2013
> Is this in RHEL based systems only ? On Ubuntu there seems to be still
> issues.
>
> A full printout of the config file(s) would be nice to see as most people
> write other things down they have working, but the working ones don't write
> their full config down.
>
>
All my systems are CentOS 6.4 so YMMV on Ubuntu - I've not tested any
packages for debian based systems...
The full (sanitized for domains) config:
[root at backup hogarthj]# cat /etc/sssd/sssd.conf
[domain/example.com]
cache_credentials = True
krb5_store_password_if_offline = True
krb5_realm = EXAMPLE.COM
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_dyndns_update = True
ipa_server = _srv_, ipa01.example.com
ldap_tls_cacert = /etc/ipa/ca.crt
sudo_provider = ldap
ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
ldap_sasl_mech = GSSAPI
[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2
domains = example.com
[nss]
[pam]
[sudo]
[autofs]
[ssh]
The only other edit on the system to make this work was adding this line to
/etc/nsswitch.conf:
sudoers: files sss
This system was successfully working with the ldap-sudo.conf method before
but of course that had no load balancing and no caching.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130614/6a872608/attachment.htm>
More information about the Freeipa-users
mailing list