[Freeipa-users] sudo / sssd integration problems

John Moyer john.moyer at digitalreasoning.com
Fri Mar 22 03:59:01 UTC 2013 

Sorry that's all I have in my notes.  I'm sure others will have ideas.   Sorry I couldn't be more help. 

Thanks, 
_____________________________________________________
John Moyer

On Mar 21, 2013, at 11:50 PM, Brian Cook <bcook at redhat.com> wrote:

> Those packages are installed.  The second part is against what I am trying to accomplish.  My sudo rule is already created in IPA.  I just need SSSD to fetch it.
> 
> Thanks,
> Brian
> 
> 
> On Mar 21, 2013, at 8:37 PM, John Moyer <john.moyer at digitalreasoning.com> wrote:
> 
>> I had sudo issues similar to this, I can't remember the exact fix.  I have the following two things in my notes.  The second command would obviously need you to add the people you want to be able to sudo to the admins group after you add this.  
>> 
>> yum install ipa-client fprintd-pam -y
>> echo "%admins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
>> 
>> 
>> Thanks, 
>> _____________________________________________________
>> John Moyer
>> 
>> 
>> On Mar 21, 2013, at 11:27 PM, Brian Cook <bcook at redhat.com> wrote:
>> 
>>> Running F18 and following the instructions here:
>>> http://jhrozek.fedorapeople.org/sssd/1.9.1/man/sssd-sudo.5.html
>>> 
>>> When I try to run sudo -l as any user I get the following error:
>>> 
>>> bash-4.2$ sudo -l
>>> sudo: Unable to dlopen /usr/lib64/libsss_sudo.so: (null)
>>> sudo: Unable to initialize SSS source. Is SSSD installed on your machine?
>>> 
>>> 
>>> Nothing particularly interesting in the log with debug at 5.
>>> 
>>> Can someone point me in the right direction?
>>> 
>>> Thanks,
>>> Brian
>>> 
>>> 
>>> sssd.conf:
>>> 
>>> [domain/example.com]
>>> debug_level = 5
>>> cache_credentials = True
>>> krb5_store_password_if_offline = True
>>> ipa_domain = example.com
>>> id_provider = ipa
>>> auth_provider = ipa
>>> access_provider = ipa
>>> ipa_hostname = ipadevel.example.com
>>> chpass_provider = ipa
>>> ipa_server = ipadevel.example.com
>>> ldap_tls_cacert = /etc/ipa/ca.crt
>>> 
>>> sudo_provider = ldap
>>> ldap_uri = ldap://ipadevel.example.com
>>> ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
>>> ldap_sasl_mech = GSSAPI
>>> ldap_sasl_authid = host/ipadevel.example.com
>>> ldap_sasl_realm = EXAMPLE.COM
>>> krb5_server = ipadevel.example.com
>>> 
>>> 
>>> [sssd]
>>> services = nss, pam, ssh, sudo
>>> config_file_version = 2
>>> domains = example.com
>>> 
>>> [nss]
>>> 
>>> [pam]
>>> 
>>> [sudo]
>>> debug_level=5
>>> 
>>> [autofs]
>>> 
>>> [ssh]
>>> 
>>> [pac]
>>> 
>>> 
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130321/8e0d42d2/attachment.htm>

More information about the Freeipa-users mailing list