[Freeipa-users] How to use sudo rules on ubuntu
Tevfik Ceydeliler
tevfik.ceydeliler at astron.yasar.com.tr
Mon Sep 1 08:58:22 UTC 2014
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.grp
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = clnt.ipa.grp
chpass_provider = ipa
ipa_dyndns_update = True
ipa_server = _srv_, srv.ipa.grp
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2
domains = ipa.grp
ldap_sudo_search_base = ou=sudoers,ou=ipa,dc=grp
ldap_sasl_mech = GSSAPI
ldap=sasl_authid = host/cnlt2.ipa.grp
ldap_sasl_realm = IPA.GRP
ldap_netgroup_search_base = ou=SUDOers,dc=ipa,dc=grp
sudo_provider = ldap
ldap_uri = ldap://srv.ipa.grp
krb5_server = srv.ipa.grp
debulg_level = 6
[nss]
homedir_substring = /home
[pam]
[sudo]
debug_level = 6
[autofs]
[ssh]
[pac
On 01-09-2014 10:12, Lukas Slebodnik wrote:
> On (01/09/14 09:59), Tevfik Ceydeliler wrote:
>> Client side:
>> sssd --> 1.11.5
>> sudo --> 1.8.9p5-1ubuntu1 (sudo-ldap package conflicts)
> Thats good. The package sudo-ldap is not compiled with sssd support.
>
>> OS --> Ubuntu 14.04.1 LTS
> Do you have installed package libsss-sudo.
>
> Could you show us your sssd.conf file?
>
> BTW: Instructions for confugurations sudo with the SSSD back end
> are in man page sssd-sudo.
>
> LS
--
<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140901/714fe4fe/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.png
Type: image/png
Size: 15216 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140901/714fe4fe/attachment.png>
More information about the Freeipa-users
mailing list