[Freeipa-users] sudo with freeIPA
Jakub Hrozek
jhrozek at redhat.com
Mon Aug 25 12:11:09 UTC 2014
On Mon, Aug 25, 2014 at 06:51:27AM -0400, Megan . wrote:
> Good Morning,
>
> I'm very new to freeIPA. I'm running centOS 6.5 with freeIPA v3
>
> I have the freeIPA server up but i'm working on getting SUDO
> configured. Currently i'm having problems getting sudo commands to
> work on the client. I'm a bit unclear if i have everything configured
> correctly. The only thing that I can figure out might be an issue, is
> when i try the sudo command i see a filter search with
> objectclass=sudoRule but when i check the ldap server it has
These two searches are unrelated. The sudoRule objectlass is what we use
internally in sssd cache. On the LDAP side, sudoRole is used.
In general, only the [domain] process works with LDAP data, all others
(nss, pam, sudo, ...) work with cached data that might look totally
different.
> objectclass=sudoRole, so there are no results.
>
> Any ideas? Thank you in advance for any advice.
>
Can you put debug_level into the domain section as well and increase the
debug_level of both to 7?
>
>
> [tuser2 at map1 ~]$ sudo /sbin/iptables -L
> Enter RSA PIN+token:
> tuser2 is not allowed to run sudo on map1. This incident will be reported.
>
>
> CLIENT:
>
> yum installed libsss_sudo
>
> I added "nisdomainname dir1.server.example.com" to /etc/rc.d/rc.local
>
> **still not sure what this is for **
> Created a sudo user on ldap server
> ldappasswd -x -S -W -h dir1.server.example.com -ZZ -D "cn=Directory
> Manager" uid=sudo,cn=sysaccounts,cn=etc,dc=server,dc=example,dc=com
> **
The config file looks good to me.
More information about the Freeipa-users
mailing list