[Freeipa-users] FreeIPA sudo configuration on FreeIPA, version: 4.1.0
Chamambo Martin
chamambom at afri-com.net
Tue Apr 7 12:47:02 UTC 2015
Thanx for the feedback ,let me read a bit and will share how I managed to resolve it
-----Original Message-----
From: Lukas Slebodnik [mailto:lslebodn at redhat.com]
Sent: Tuesday, April 07, 2015 2:16 PM
To: Jakub Hrozek
Cc: Chamambo Martin; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] FreeIPA sudo configuration on FreeIPA, version: 4.1.0
On (07/04/15 12:57), Jakub Hrozek wrote:
>On Tue, Apr 07, 2015 at 12:48:37PM +0200, Chamambo Martin wrote:
>> Sorry for the confusion about that one ,that client I used to
>> aunthenticate to a pure 389 directory server and I have since changed
>> it to free ipa and below is the correct configuration.
>>
>> I managed to add the line sudo_provider = ipa and im getting the
>> below error on my client
>
>I don't see it added to the config.
>
It's not necessary to add "sudo_provider = ipa" into domain section.
because if sudo_provider is not specified then it is automatically inherited from "id_provider".
It is described in documentation [1] (point 4) and also in the manual page sssd-sudo.
IIRC ipa-client-install should configure all necessary things on rhel 7.1
>If it's added, the next steps would be to add debug_level to the sudo
>and domain sections. https://fedorahosted.org/sssd/wiki/Troubleshooting
>has some notes on gathering the debug logs.
>
+1
LS
[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/Configuring_Services.html#configuring-sssd-sudo
More information about the Freeipa-users
mailing list