[Freeipa-users] How to use sudo rules on ubuntu

Mon Sep 1 12:38:44 UTC 2014

I correct that line.
But still same:
tevfik at Darktower ~ $ ssh user1 at 10.1.1.174
user1 at 10.1.1.174's password:
Permission denied, please try again.
user1 at 10.1.1.174's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-24-generic x86_64)

  * Documentation:  https://help.ubuntu.com/

Last login: Mon Sep  1 13:47:08 2014 from 10.65.8.100
user1 at clnt:~$ su - user1 apt-get install
Password:
/usr/bin/apt-get: /usr/bin/apt-get: cannot execute binary file

Does anyone have an article about ubuntu+ipa entegration?

On 01-09-2014 14:18, Alexander Bokovoy wrote:
> On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
>>
>> I moved those lines. But still same.
> As Jakub pointed out, following option also is wrong:
>
> ldap=sasl_authid = host/cnlt2.ipa.grp
>
> it should be
>
> ldap_sasl_authid = host/cnlt2.ipa.grp
>
> note _ instead of = between ldap and sasl.
>
>> On 01-09-2014 12:20, Alexander Bokovoy wrote:
>>> On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
>>>>
>>>> libsss-sudo already installed.
>>>> Here is my sssd.conf:
>>>> [domain/ipa.grp]
>>>> krb5_realm = IPA.GRP
>>>> cache_credentials = True
>>>> krb5_store_password_if_offline = True
>>>> ipa_domain = ipa.grp
>>>> id_provider = ipa
>>>> auth_provider = ipa
>>>> access_provider = ipa
>>>> ipa_hostname = clnt.ipa.grp
>>>> chpass_provider = ipa
>>>> ipa_dyndns_update = True
>>>> ipa_server = _srv_, srv.ipa.grp
>>>> ldap_tls_cacert = /etc/ipa/ca.crt
>>>> [sssd]
>>>> services = nss, pam, ssh, sudo
>>>> config_file_version = 2
>>>> domains = ipa.grp
>>>
>>> The options below have to be in [domain/...] section:
>>>> ldap_sudo_search_base = ou=sudoers,ou=ipa,dc=grp
>>>> ldap_sasl_mech = GSSAPI
>>>> ldap=sasl_authid = host/cnlt2.ipa.grp
>>>> ldap_sasl_realm = IPA.GRP
>>>> ldap_netgroup_search_base = ou=SUDOers,dc=ipa,dc=grp
>>>> sudo_provider = ldap
>>>> ldap_uri = ldap://srv.ipa.grp
>>>> krb5_server = srv.ipa.grp
>>>
>>
>> -- 
>>
>>
>> <br>
>> <img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img>
>> <br><br>
>> Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki 
>> dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu 
>> Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal 
>> sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya 
>> kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve 
>> mesaji sisteminizden siliniz.The information contained in this e-mail 
>> and any files transmitted with it are intended solely for the use of 
>> the individual or entity to whom they are addressed and Yasar Group 
>> Companies do not accept legal responsibility for the contents. If you 
>> are not the intended recipient, please immediately notify the sender 
>> and delete it from your system.
>

-- 

<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140901/1e430578/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.png
Type: image/png
Size: 15216 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140901/1e430578/attachment.png>