[Freeipa-users] FreeIPA sudo configuration on FreeIPA, version: 4.1.0
Lukas Slebodnik
lslebodn at redhat.com
Tue Apr 7 12:16:06 UTC 2015
On (07/04/15 12:57), Jakub Hrozek wrote:
>On Tue, Apr 07, 2015 at 12:48:37PM +0200, Chamambo Martin wrote:
>> Sorry for the confusion about that one ,that client I used to aunthenticate
>> to a pure 389 directory server and I have since changed it to free ipa and
>> below is the correct configuration.
>>
>> I managed to add the line sudo_provider = ipa and im getting the below error
>> on my client
>
>I don't see it added to the config.
>
It's not necessary to add "sudo_provider = ipa" into domain section.
because if sudo_provider is not specified then it is automatically inherited
from "id_provider".
It is described in documentation [1] (point 4) and also in the manual page
sssd-sudo.
IIRC ipa-client-install should configure all necessary things on rhel 7.1
>If it's added, the next steps would be to add debug_level to the sudo
>and domain sections. https://fedorahosted.org/sssd/wiki/Troubleshooting
>has some notes on gathering the debug logs.
>
+1
LS
[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/Configuring_Services.html#configuring-sssd-sudo
More information about the Freeipa-users
mailing list