[Freeipa-users] Ubuntu sssd client -- FreeIPA Server fed from AD
Jakub Hrozek
jhrozek at redhat.com
Thu Mar 26 08:31:10 UTC 2015
If you have SSSD 1.9.6 or newer all the sudo configuration boils down to including 'sss' for 'sudoers' in nsswitch.conf and sudo_provider=ipa in sssd.conf.
You also need a reasonably recent sudo itself. Posting versions of SSSD and sudo would help.
----- Original Message -----
From: "Gonzalo Fernandez Ordas" <g.fer.ordas at unicyber.co.uk>
To: "Rob Crittenden" <rcritten at redhat.com>, dpal at redhat.com
Cc: freeipa-users at redhat.com
Sent: Thursday, 26 March, 2015 6:21:19 AM
Subject: Re: [Freeipa-users] Ubuntu sssd client -- FreeIPA Server fed from AD
I have to test a few options to see how I can overcome that issue.
A pity as I nearly got everything setup in full.
Any findings I will get back to the list as this might be relevant for
other users.
On 25/03/2015 19:56, Rob Crittenden wrote:
> Gonzalo Fernandez Ordas wrote:
>> Exactly the document i was having a look at.
>> In simple words,is possible to work this around and how,?
>> Otherwise i have to drop freeipa and get back to 389_ds as still seems
>> fully ldap sssd compatible.
>>
>> Have you got any doc clearly stating how to get this done?
>> I really invested many days on reaching this far being sudo the last
>> tiny bit to get sorted which is hugely frustrated.
> How to configure sudo largely depends on the version of SSSD you have in
> Ubuntu. I'm not sure how configuring SSSD is going to affect your choice
> of server though. If you still use SSSD the same problem will exist
> regardless, right?
>
> rob
>
>> Thanks for all the support
>> Sent from Type Mail <http://r.typeapp.com>
>>
>> On Mar 25, 2015, at 5:35 PM, Dmitri Pal <dpal at redhat.com
>> <mailto:dpal at redhat.com>> wrote:
>>
>> On 03/25/2015 08:32 PM, g.fer.ordas at unicyber.co.uk wrote:
>>
>> Hi
>>
>> I am setting up a plain and simple sssd service against my FreeIPA
>> Server.
>> The FreeIPA Server is a Centos 7.1 box with IPA version 4.1 and the
>> client box is ubuntu: Ubuntu 12.04.5 LTS
>>
>> The Users and Credentials are being Synched out of an AD Server
>> (the
>> passwords happened to be transferred using the PassSync Service)
>>
>> Now.. I wanted to setup a very simple sssd service (not the FreeIPA
>> client service)
>> And so far I succeeded on synching the users along with the
>> passwords
>> using SSSD.
>>
>> Now, Trying to get the sudo access sorted I cannot see that
>> working,
>> and I came across some documentation mentioning SSSD is NOT
>> currently
>> supporting IPA schema for the SUDOers
>> if that is the case
>>
>> Can anybody point me to the right document or procedure in terms of
>> getting also the sudoers installed?
>>
>> Would be possible , somehow, to have this sorted WITHOUT using the
>> ipa-client?
>>
>> many thanks!
>>
>>
>>
>> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
>>
>>
>>
>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list