[Freeipa-users] ipa / sudoers on centos 6.3 client
Lukas Slebodnik
lslebodn at redhat.com
Sat Jan 3 17:20:46 UTC 2015
On (02/01/15 22:13), William Muriithi wrote:
>Hi,
>
>I also think you will have to update to rhel 6.6 if you want to use sssd for sudo. If updating to 6.6 is not a problem, this would be least painful.
>
>> > > The problem is that I can't get sudo rules to work. I know that the
>> > > ipa client software version 3.0.0 doesn't automatically set up all the
>> > > configuration for sssd to control sudo access, but I have set up all
>> > > the configuration necessary manually:
>> > >
>> > >
>> > > On the client, /etc/nsswitch.conf has
>> > >
>> > >
>> > > sudoers files sss
>
>This will work only for rhel 6.6. Add ldap between files and sss if you wouldn't be using 6.6
>
It would worh with CentOS 6.4+
just configuration in sssd.conf would be different.
CentOS 6.4 and 6.5 *does not have* native sudo ipa provider,
but it is possible to configure sssd with ldap provider (more complicated).
CentOS 6.6 *has* native sudo ipa provider.
The best way hot to configure sssd <-> sudo is to follow instructions
in the manual page sssd-sudo.
LS
More information about the Freeipa-users
mailing list