[Freeipa-users] How to use sudo rules on ubuntu
Alexander Bokovoy
abokovoy at redhat.com
Mon Sep 1 09:20:21 UTC 2014
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
>
>libsss-sudo already installed.
>Here is my sssd.conf:
>[domain/ipa.grp]
>krb5_realm = IPA.GRP
>cache_credentials = True
>krb5_store_password_if_offline = True
>ipa_domain = ipa.grp
>id_provider = ipa
>auth_provider = ipa
>access_provider = ipa
>ipa_hostname = clnt.ipa.grp
>chpass_provider = ipa
>ipa_dyndns_update = True
>ipa_server = _srv_, srv.ipa.grp
>ldap_tls_cacert = /etc/ipa/ca.crt
>[sssd]
>services = nss, pam, ssh, sudo
>config_file_version = 2
>domains = ipa.grp
The options below have to be in [domain/...] section:
>ldap_sudo_search_base = ou=sudoers,ou=ipa,dc=grp
>ldap_sasl_mech = GSSAPI
>ldap=sasl_authid = host/cnlt2.ipa.grp
>ldap_sasl_realm = IPA.GRP
>ldap_netgroup_search_base = ou=SUDOers,dc=ipa,dc=grp
>sudo_provider = ldap
>ldap_uri = ldap://srv.ipa.grp
>krb5_server = srv.ipa.grp
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list