[Freeipa-users] Configuring SUDO on centos and RHEL 5 clients
Chamambo Martin
chamambom at afri-com.net
Thu Apr 9 17:39:14 UTC 2015
I managed to follow this up and here is the error im getting
[admin at pinnochio ~]$ sudo -l
LDAP Config Summary
===================
uri ldap://cyclops.ai.co.zw
ldap_version 3
sudoers_base ou=SUDOers,dc=ai,dc=co,dc=zw
binddn uid=sudo,cn=sysaccounts,cn=etc,dc=ai,dc=co,dc=zw
bindpw CDMA1xafri
bind_timelimit 5000
timelimit 15
ssl start_tls
tls_checkpeer (yes)
tls_cacertfile /etc/ipa/ca.crt
===================
sudo: ldap_initialize(ld, ldap://cyclops.ai.co.zw)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: tls_checkpeer -> 1
sudo: ldap_set_option: tls_cacertfile -> /etc/ipa/ca.crt
sudo: ldap_set_option: timelimit -> 15
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5)
sudo: ldap_start_tls_s() ok
sudo: ldap_sasl_bind_s() ok
sudo: no default options found!
sudo: ldap sudoHost '+mailservers' ... not
sudo: ldap sudoHost '+dev_server' ... not
sudo: ldap sudoHost '+dev_server' ... not
sudo: ldap sudoHost '+mailservers' ... not
sudo: user_matches=1
sudo: host_matches=0
sudo: sudo_ldap_lookup(52)=0x84
[sudo] password for admin:
Sorry, user admin may not run sudo on pinnochio.
[admin at pinnochio ~]$
My /etc/ldap.conf is like this
uri ldap://cyclops.ai.co.zw
sudoers_base ou=SUDOers,dc=ai,dc=co,dc=zw
binddn uid=sudo,cn=sysaccounts,cn=etc,dc=ai,dc=co,dc=zw
bindpw xxxxxxxx
ssl start_tls
tls_cacertfile /etc/ipa/ca.crt
tls_checkpeer yes
bind_timelimit 5
timelimit 15
/etc/nsswitch.conf
Sudoers files ldap
-----Original Message-----
From: Lukas Slebodnik [mailto:lslebodn at redhat.com]
Sent: Thursday, April 09, 2015 10:46 AM
To: Martin Chamambo
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Configuring SUDO on centos and RHEL 5 clients
On (09/04/15 01:04), Martin Chamambo wrote:
>I managed to install my ipa client on centos 5 using this command below
>
> ipa-client-install --server cyclops.ai.co.zw --domain ai.co.zw
>
Pease follow instruction for rhel 5
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Configuring_Identity_Management/configuring-rhel5.html#Setting_up_sudo_Rules-Client_Configuration_for_sudo_Rules
LS
More information about the Freeipa-users
mailing list