[Freeipa-users] How to use sudo rules on ubuntu
Lukas Slebodnik
lslebodn at redhat.com
Tue Sep 2 08:13:39 UTC 2014
On (02/09/14 11:02), Tevfik Ceydeliler wrote:
>
>Step 0
>root at clnt:/home/awtadm# grep sudoers /etc/nsswitch.conf
>sudoers_debug: 1
>sudoers: files sss
>
>root at clnt:/home/awtadm# ipa-client-install --no-ntp
>IPA client is already configured on this system.
>
>root at clnt:/home/awtadm# grep services /etc/sssd/sssd.conf
>services = nss, pam, ssh, sudo
>
You need to restart sssd after modification of option "services" in
/etc/sssd/sssd.conf. I forgot to mention it.
>
>Step1 (there is some problem when create rule on CLI. No problem prompt on
>Web-based)
>...
>[root at srv ~]# ipa sudorule-add-option readfiles
>Sudo Option: !authenticate
>ipa: ERROR: no such entry
>
>...
> Then:
>awtadm at clnt:~$ su user1
>Password:
>uid=1423400004(user1) gid=1423400004(user1) groups=1423400004(user1)
>user1 at clnt:/home/awtadm$ sudo -l
>[sudo] password for user1:
>Sorry, user user1 may not run sudo on clnt.
There is no reason to try sudo commands if "sudo -l" fails.
It works for me on ubuntu 14.04. It is very likely you have problem
on FreeIPA Server. Other people can help you with server part,
I could help you just with client configuration.
(From my point of view, problem is solved)
One more time, please follow instructions:
http://www.freeipa.org/docs/master/html-desktop/index.html#sudo
LS
More information about the Freeipa-users
mailing list