[Freeipa-users] sudo client on CentOS 6.4?
Bret Wortman
bret.wortman at damascusgrp.com
Tue Oct 29 14:46:25 UTC 2013
That did the trick. I'll update Puppet accordingly. Thanks, Rob.
Bret
On 10/29/2013 10:09 AM, Rob Crittenden wrote:
> Bret Wortman wrote:
>> I'm trying to bring some CentOS 6.4 systems into our IPA network, and
>> everything seems to be working find except sudo (which works against all
>> our Fedora-based systems).
>>
>> I've set it up as documented on freeipa.org, and that same config as I
>> said works for Fedora (I have adjusted to use /etc/nslcd.conf on CentOS
>> instead of /etc/ldap.conf). If I remove "files" from /etc/nsswitch.conf,
>> I get the following:
>>
>> $ sudo -iu root
>> sudo: no valid sudoers sources found, quitting
>> sudo: unable to initialize policy plugin
>>
>> I have sudoers_debug set to "1", but this is producing no output that
>> I've been able to find. Not surprising, since it looks like the sudo
>> command itself isn't ever querying ldap at all....
>>
>> What should I try next?
>>
>
> The configuration file you want is /etc/sudo-ldap.conf. See
> sudoers.ldap(5).
>
> Not sure how great an example this is, but this is the one on my 6.4
> dev box:
>
> binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
> bindpw SecretPassword
>
> ssl start_tls
> tls_cacertfile /etc/ipa/ca.crt
> tls_checkpeer yes
>
> bind_timelimit 5
> timelimit 15
>
> uri ldap://ipa.example.com
> sudoers_base ou=SUDOers,dc=example,dc=com
>
> sudoers_debug 2
>
>
> rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131029/209f46ad/attachment.p7s>
More information about the Freeipa-users
mailing list