[Freeipa-users] How to use sudo rules on ubuntu
Jakub Hrozek
jhrozek at redhat.com
Mon Sep 1 10:51:16 UTC 2014
On Mon, Sep 01, 2014 at 12:20:21PM +0300, Alexander Bokovoy wrote:
> On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
> >
> >libsss-sudo already installed.
> >Here is my sssd.conf:
> >[domain/ipa.grp]
> >krb5_realm = IPA.GRP
> >cache_credentials = True
> >krb5_store_password_if_offline = True
> >ipa_domain = ipa.grp
> >id_provider = ipa
> >auth_provider = ipa
> >access_provider = ipa
> >ipa_hostname = clnt.ipa.grp
> >chpass_provider = ipa
> >ipa_dyndns_update = True
> >ipa_server = _srv_, srv.ipa.grp
> >ldap_tls_cacert = /etc/ipa/ca.crt
> >[sssd]
> >services = nss, pam, ssh, sudo
> >config_file_version = 2
> >domains = ipa.grp
>
> The options below have to be in [domain/...] section:
> >ldap_sudo_search_base = ou=sudoers,ou=ipa,dc=grp
> >ldap_sasl_mech = GSSAPI
> >ldap=sasl_authid = host/cnlt2.ipa.grp
Moreover this seems to be a typo. (ldap=sasl_authid insteat of
ldap_sasl_authid)
> >ldap_sasl_realm = IPA.GRP
> >ldap_netgroup_search_base = ou=SUDOers,dc=ipa,dc=grp
> >sudo_provider = ldap
> >ldap_uri = ldap://srv.ipa.grp
> >krb5_server = srv.ipa.grp
>
> --
> / Alexander Bokovoy
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list