[Freeipa-users] How to use sudo rules on ubuntu
Tevfik Ceydeliler
tevfik.ceydeliler at astron.yasar.com.tr
Mon Sep 8 08:24:57 UTC 2014
Is there any article to describe how to configure ubuntu client for ipa
and sudo policy?
On 02-09-2014 11:13, Lukas Slebodnik wrote:
> On (02/09/14 11:02), Tevfik Ceydeliler wrote:
>> Step 0
>> root at clnt:/home/awtadm# grep sudoers /etc/nsswitch.conf
>> sudoers_debug: 1
>> sudoers: files sss
>>
>> root at clnt:/home/awtadm# ipa-client-install --no-ntp
>> IPA client is already configured on this system.
>>
>> root at clnt:/home/awtadm# grep services /etc/sssd/sssd.conf
>> services = nss, pam, ssh, sudo
>>
> You need to restart sssd after modification of option "services" in
> /etc/sssd/sssd.conf. I forgot to mention it.
>
>> Step1 (there is some problem when create rule on CLI. No problem prompt on
>> Web-based)
>> ...
>> [root at srv ~]# ipa sudorule-add-option readfiles
>> Sudo Option: !authenticate
>> ipa: ERROR: no such entry
>>
>> ...
>> Then:
>> awtadm at clnt:~$ su user1
>> Password:
>> uid=1423400004(user1) gid=1423400004(user1) groups=1423400004(user1)
>> user1 at clnt:/home/awtadm$ sudo -l
>> [sudo] password for user1:
>> Sorry, user user1 may not run sudo on clnt.
> There is no reason to try sudo commands if "sudo -l" fails.
>
> It works for me on ubuntu 14.04. It is very likely you have problem
> on FreeIPA Server. Other people can help you with server part,
> I could help you just with client configuration.
> (From my point of view, problem is solved)
>
> One more time, please follow instructions:
> http://www.freeipa.org/docs/master/html-desktop/index.html#sudo
>
> LS
--
<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140908/376f4844/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.png
Type: image/png
Size: 15216 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140908/376f4844/attachment.png>
More information about the Freeipa-users
mailing list