[Freeipa-users] issues with sudo on RHEL5.8

[Nicolas Zin]

sure.

Let me come back on that matter a bit later on next week.


----- Mail original -----
De: "Dmitri Pal" <dpal at redhat.com>
À: freeipa-users at redhat.com
Envoyé: Mardi 17 Février 2015 19:39:40
Objet: Re: [Freeipa-users] issues with sudo on RHEL5.8

On 02/17/2015 05:18 AM, Nicolas Zin wrote:
> Thanks,
>
> that helps!
> I mistyped binddn and bindpw
>
> ----- Mail original -----
> De: "Lukasz Jaworski" <lukasz.jaworski at allegrogroup.com>
> À: "Nicolas Zin" <nicolas.zin at savoirfairelinux.com>
> Cc: freeipa-users at redhat.com
> Envoyé: Mardi 17 Février 2015 13:31:20
> Objet: Re: [Freeipa-users] issues with sudo on RHEL5.8
>
>> With a RHEL7 IDM installation, I try to make sudo working.
>> On RHEL6 no problem (via sssd)
>> On RHEL5.8 I don't manage to make it working (credential are good, I manage to request the schema, see below)
>> Where can I found more logs?
>> What did I forget?
>> [root at srv-rhel58-01 ~]# cat /etc/nss_ldap.conf
>> bindn uid=sudo,cn=sysaccounts,cn=etc,dc=company,dc=com
>> binpw redhat5Sudo
>> ssl start_tls
>> tls_cacertfile /etc/openldap/cacerts/ipa.crt
>> #tls_cacert /etc/openldap/cacerts/ipa.crt
>> tls_checkpeer yes
>> #uri ldap://srv-idm7-01.company.com, ldap://srv-idm7-02.company.com
>> uri ldap://srv-idm7-01.company.com
>> sudoers_base ou=SUDOers,dc=company,dc=com
>> sudoers_debug: 2
> change last line (remove ":") to:
> sudoers_debug 2
>
> And then try sudo.
>
> Check:
> /etc/nsswitch.conf
> should be:
> sudoers: files ldap
>
> Best regards,
> Ender
>
We quite frequently get questions about how to configure SUDO with IPA 
from RHEL5.x clients.
Would you mind sharing this configuration as a howto solution?
http://www.freeipa.org/page/HowTos

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project