[Freeipa-users] Configuring SUDO on centos and RHEL 5 clients
Martin Chamambo
chamambom at afri-com.net
Thu Apr 9 01:04:54 UTC 2015
I managed to install my ipa client on centos 5 using this command below
ipa-client-install --server cyclops.ai.co.zw --domain ai.co.zw
and it worked perfectly , i can getent passwd xxxx for users in the freeIPA server which is good.
I am now trying to configure SUDO on centos and there seem to be mixed views on how i can get it working but i have actually embraced the following
Use SSSD, don't use nslcd or anything that has pam_ldap or ldapd in the name
and here are my configs
cat /etc/nsswitch
sudoers: files sss
cat /etc/sssd/sssd.conf
[root at pinnochio ~]# cat /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
services = nss, pam
domains = ai.co.zw
[nss]
[sudo]
[pam]
[domain/ai.co.zw]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ai.co.zw
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_server = _srv_, cyclops.ai.co.zw
ldap_tls_cacert = /etc/ipa/ca.crt
wanted to add sudo services and ssh services on the Line services = nss, pam and kept getting error
(Thu Apr 9 02:04:35 2015) [sssd] [get_monitor_config] (0): Invalid service sudo
(Thu Apr 9 02:04:36 2015) [sssd] [get_monitor_config] (0): Invalid service sudo
(Thu Apr 9 02:08:27 2015) [sssd] [get_monitor_config] (0): Invalid service sudo
(Thu Apr 9 02:08:59 2015) [sssd] [get_monitor_config] (0): Invalid service sudo
(Thu Apr 9 02:09:35 2015) [sssd] [get_monitor_config] (0): Invalid service sudo
(Thu Apr 9 02:10:05 2015) [sssd] [get_monitor_config] (0): Invalid service ssh
i guess there is a different way of configuring SUDO on RHEL 5 or centos 5
More information about the Freeipa-users
mailing list