[Freeipa-users] Configuring SUDO on centos and RHEL 5 clients

Martin Chamambo chamambom at afri-com.net
Thu Apr 9 23:35:03 UTC 2015 

i was following this article for configuring RHEL5 clients 

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Configuring_Identity_Management/configuring-rhel5.html#step.nslcd5

and i guess i wasnt understanding this part 

Even though sudo uses NIS-style netgroups, it is not necessary to have a NIS server installed. Netgroups require that a NIS domain be named in their configuration, so sudo requires that a NIS domain be named for netgroups. However, that NIS domain does not actually need to exist.

i used this article to set the nisdomain

http://www.server-world.info/en/note?os=CentOS_6&p=nis&f=2

and voila its now working

===================
sudo: ldap_initialize(ld, ldap://cyclops.ai.co.zw)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: tls_checkpeer -> 1
sudo: ldap_set_option: tls_cacertfile -> /etc/ipa/ca.crt
sudo: ldap_set_option: timelimit -> 15
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5)

sudo: ldap_start_tls_s() ok
sudo: ldap_sasl_bind_s() ok
sudo: no default options found!
sudo: ldap sudoHost '+dev_server' ... not
sudo: ldap sudoHost '+mailservers' ... MATCH!
sudo: user_matches=1
sudo: host_matches=1

thanx jakub for pointing me to the right direction

________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Jakub Hrozek [jhrozek at redhat.com]
Sent: Thursday, April 09, 2015 8:02 PM
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Configuring SUDO on centos and RHEL 5 clients

On Thu, Apr 09, 2015 at 07:39:14PM +0200, Chamambo Martin wrote:
> I managed to follow this up and here is the error im getting
Here is the error:
> sudo: ldap sudoHost '+mailservers' ... not
> sudo: ldap sudoHost '+dev_server' ... not
> sudo: ldap sudoHost '+dev_server' ... not
> sudo: ldap sudoHost '+mailservers' ... not
> sudo: user_matches=1
> sudo: host_matches=0

So the user part of the rule matched but the host part did not. Check
your nisdomainname and whether the host is part of any of the netgroups
above.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list