[Freeipa-users] sudo client on CentOS 6.4?
Rob Crittenden
rcritten at redhat.com
Tue Oct 29 14:09:17 UTC 2013
Bret Wortman wrote:
> I'm trying to bring some CentOS 6.4 systems into our IPA network, and
> everything seems to be working find except sudo (which works against all
> our Fedora-based systems).
>
> I've set it up as documented on freeipa.org, and that same config as I
> said works for Fedora (I have adjusted to use /etc/nslcd.conf on CentOS
> instead of /etc/ldap.conf). If I remove "files" from /etc/nsswitch.conf,
> I get the following:
>
> $ sudo -iu root
> sudo: no valid sudoers sources found, quitting
> sudo: unable to initialize policy plugin
>
> I have sudoers_debug set to "1", but this is producing no output that
> I've been able to find. Not surprising, since it looks like the sudo
> command itself isn't ever querying ldap at all....
>
> What should I try next?
>
The configuration file you want is /etc/sudo-ldap.conf. See sudoers.ldap(5).
Not sure how great an example this is, but this is the one on my 6.4 dev
box:
binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
bindpw SecretPassword
ssl start_tls
tls_cacertfile /etc/ipa/ca.crt
tls_checkpeer yes
bind_timelimit 5
timelimit 15
uri ldap://ipa.example.com
sudoers_base ou=SUDOers,dc=example,dc=com
sudoers_debug 2
rob
More information about the Freeipa-users
mailing list