[Freeipa-users] Ubuntu sssd client -- FreeIPA Server fed from AD

Jakub Hrozek jhrozek at redhat.com
Thu Mar 26 08:31:10 UTC 2015 

If you have SSSD 1.9.6 or newer all the sudo configuration boils down to including 'sss' for 'sudoers' in nsswitch.conf and sudo_provider=ipa in sssd.conf.

You also need a reasonably recent sudo itself. Posting versions of SSSD and sudo would help.

----- Original Message -----
From: "Gonzalo Fernandez Ordas" <g.fer.ordas at unicyber.co.uk>
To: "Rob Crittenden" <rcritten at redhat.com>, dpal at redhat.com
Cc: freeipa-users at redhat.com
Sent: Thursday, 26 March, 2015 6:21:19 AM
Subject: Re: [Freeipa-users] Ubuntu sssd client -- FreeIPA Server fed from AD

I have to test a few options to see how I can overcome that issue.
A pity as I nearly got everything setup in full.
Any findings I will get back to the list as this might be relevant for 
other users.


On 25/03/2015 19:56, Rob Crittenden wrote:
> Gonzalo Fernandez Ordas wrote:
>> Exactly the document i was having a look at.
>> In simple words,is possible to work this around and how,?
>> Otherwise i have to drop freeipa and get back to 389_ds as still seems
>> fully ldap sssd compatible.
>>
>> Have you got any doc clearly stating how to get this done?
>> I really invested many days on reaching this far being  sudo the last
>> tiny bit to get sorted which is hugely frustrated.
> How to configure sudo largely depends on the version of SSSD you have in
> Ubuntu. I'm not sure how configuring SSSD is going to affect your choice
> of server though. If you still use SSSD the same problem will exist
> regardless, right?
>
> rob
>
>> Thanks for all the support
>> Sent from Type Mail <http://r.typeapp.com>
>>
>> On Mar 25, 2015, at 5:35 PM, Dmitri Pal <dpal at redhat.com
>> <mailto:dpal at redhat.com>> wrote:
>>
>>      On 03/25/2015 08:32 PM, g.fer.ordas at unicyber.co.uk wrote:
>>
>>          Hi
>>
>>          I am setting up a plain and simple sssd service against my FreeIPA
>>          Server.
>>          The FreeIPA Server is a Centos 7.1 box with IPA version 4.1 and the
>>          client box is ubuntu: Ubuntu 12.04.5 LTS
>>
>>          The Users and Credentials are being Synched out of an AD Server
>>          (the
>>          passwords happened to be transferred using the PassSync Service)
>>
>>          Now.. I wanted to setup a very simple sssd service (not the FreeIPA
>>          client service)
>>          And so far I succeeded on synching the users along with the
>>          passwords
>>          using SSSD.
>>
>>          Now, Trying to get the sudo access sorted I cannot see that
>>          working,
>>          and I came across some documentation mentioning SSSD is NOT
>>          currently
>>          supporting IPA schema for the SUDOers
>>          if that is the case
>>
>>          Can anybody point me to the right document or procedure in terms of
>>          getting also the sudoers installed?
>>
>>          Would be possible , somehow, to have this sorted WITHOUT using the
>>          ipa-client?
>>
>>          many thanks!
>>
>>
>>
>>      http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
>>
>>
>>
>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list