[Freeipa-users] sudo / sssd integration problems
Martin Kosek
mkosek at redhat.com
Fri Mar 22 08:28:29 UTC 2013
We already have a bug filed:
https://bugzilla.redhat.com/show_bug.cgi?id=924395
This should be fixed along with ticket adding sudo configuration support to
ipa-client-install:
https://fedorahosted.org/freeipa/ticket/3358
Martin
On 03/22/2013 07:13 AM, Brian Cook wrote:
> no problem, thanks for trying! I just figured it out.
>
> yum -y install libsss_sudo fixed it. Should this package be a dependency that
> gets pulled in when IPA client is installed? shall I file a bug?
>
> Thanks,
> Brian
>
> ---
> Brian Cook
> Solutions Architect, Red Hat, Inc.
> 407-212-7079
>
>
>
> On Mar 21, 2013, at 8:50 PM, Brian Cook <bcook at redhat.com
> <mailto:bcook at redhat.com>> wrote:
>
>> Those packages are installed. The second part is against what I am trying to
>> accomplish. My sudo rule is already created in IPA. I just need SSSD to
>> fetch it.
>>
>> Thanks,
>> Brian
>>
>>
>> On Mar 21, 2013, at 8:37 PM, John Moyer <john.moyer at digitalreasoning.com
>> <mailto:john.moyer at digitalreasoning.com>> wrote:
>>
>>> I had sudo issues similar to this, I can't remember the exact fix. I have
>>> the following two things in my notes. The second command would obviously
>>> need you to add the people you want to be able to sudo to the admins group
>>> after you add this.
>>>
>>> yum install ipa-client fprintd-pam -y
>>> echo "%admins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
>>>
>>>
>>> Thanks,
>>> _____________________________________________________
>>> John Moyer
>>>
>>>
>>> On Mar 21, 2013, at 11:27 PM, Brian Cook <bcook at redhat.com
>>> <mailto:bcook at redhat.com>> wrote:
>>>
>>>> Running F18 and following the instructions here:
>>>> http://jhrozek.fedorapeople.org/sssd/1.9.1/man/sssd-sudo.5.html
>>>>
>>>> When I try to run sudo -l as any user I get the following error:
>>>>
>>>> bash-4.2$ sudo -l
>>>> sudo: Unable to dlopen /usr/lib64/libsss_sudo.so: (null)
>>>> sudo: Unable to initialize SSS source. Is SSSD installed on your machine?
>>>>
>>>>
>>>> Nothing particularly interesting in the log with debug at 5.
>>>>
>>>> Can someone point me in the right direction?
>>>>
>>>> Thanks,
>>>> Brian
>>>>
>>>>
>>>> sssd.conf:
>>>>
>>>> [domain/example.com <http://example.com/>]
>>>> debug_level = 5
>>>> cache_credentials = True
>>>> krb5_store_password_if_offline = True
>>>> ipa_domain = example.com <http://example.com/>
>>>> id_provider = ipa
>>>> auth_provider = ipa
>>>> access_provider = ipa
>>>> ipa_hostname = ipadevel.example.com <http://ipadevel.example.com/>
>>>> chpass_provider = ipa
>>>> ipa_server = ipadevel.example.com <http://ipadevel.example.com/>
>>>> ldap_tls_cacert = /etc/ipa/ca.crt
>>>>
>>>> sudo_provider = ldap
>>>> ldap_uri = ldap://ipadevel.example.com
>>>> ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
>>>> ldap_sasl_mech = GSSAPI
>>>> ldap_sasl_authid = host/ipadevel.example.com <http://ipadevel.example.com/>
>>>> ldap_sasl_realm = EXAMPLE.COM <http://example.com/>
>>>> krb5_server = ipadevel.example.com <http://ipadevel.example.com/>
>>>>
>>>>
>>>> [sssd]
>>>> services = nss, pam, ssh, sudo
>>>> config_file_version = 2
>>>> domains = example.com <http://example.com/>
>>>>
>>>> [nss]
>>>>
>>>> [pam]
>>>>
>>>> [sudo]
>>>> debug_level=5
>>>>
>>>> [autofs]
>>>>
>>>> [ssh]
>>>>
>>>> [pac]
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list