[Freeipa-users] Ubuntu sssd client -- FreeIPA Server fed from AD
g.fer.ordas at unicyber.co.uk
g.fer.ordas at unicyber.co.uk
Mon Mar 30 04:36:00 UTC 2015
Hey Guys
Not sure if I am missing any bit.... but this was the thing in the end:
http://generations.menteyarte.org/archives/195-freeipa-server-and-SSSD-on-Ubuntu.html
I managed to have it working and I have documented all those nasty bits
which might save people's time. The whole weekend gone but for the less
has been productive.
I am including the SUDO bit which is usually a pain in my experience..
Thanks
On 2015-03-26 08:31, Jakub Hrozek wrote:
> If you have SSSD 1.9.6 or newer all the sudo configuration boils down
> to including 'sss' for 'sudoers' in nsswitch.conf and
> sudo_provider=ipa in sssd.conf.
>
> You also need a reasonably recent sudo itself. Posting versions of
> SSSD and sudo would help.
>
> ----- Original Message -----
> From: "Gonzalo Fernandez Ordas" <g.fer.ordas at unicyber.co.uk>
> To: "Rob Crittenden" <rcritten at redhat.com>, dpal at redhat.com
> Cc: freeipa-users at redhat.com
> Sent: Thursday, 26 March, 2015 6:21:19 AM
> Subject: Re: [Freeipa-users] Ubuntu sssd client -- FreeIPA Server fed
> from AD
>
> I have to test a few options to see how I can overcome that issue.
> A pity as I nearly got everything setup in full.
> Any findings I will get back to the list as this might be relevant for
> other users.
>
>
> On 25/03/2015 19:56, Rob Crittenden wrote:
>> Gonzalo Fernandez Ordas wrote:
>>> Exactly the document i was having a look at.
>>> In simple words,is possible to work this around and how,?
>>> Otherwise i have to drop freeipa and get back to 389_ds as still
>>> seems
>>> fully ldap sssd compatible.
>>>
>>> Have you got any doc clearly stating how to get this done?
>>> I really invested many days on reaching this far being sudo the last
>>> tiny bit to get sorted which is hugely frustrated.
>> How to configure sudo largely depends on the version of SSSD you have
>> in
>> Ubuntu. I'm not sure how configuring SSSD is going to affect your
>> choice
>> of server though. If you still use SSSD the same problem will exist
>> regardless, right?
>>
>> rob
>>
>>> Thanks for all the support
>>> Sent from Type Mail <http://r.typeapp.com>
>>>
>>> On Mar 25, 2015, at 5:35 PM, Dmitri Pal <dpal at redhat.com
>>> <mailto:dpal at redhat.com>> wrote:
>>>
>>> On 03/25/2015 08:32 PM, g.fer.ordas at unicyber.co.uk wrote:
>>>
>>> Hi
>>>
>>> I am setting up a plain and simple sssd service against my
>>> FreeIPA
>>> Server.
>>> The FreeIPA Server is a Centos 7.1 box with IPA version 4.1
>>> and the
>>> client box is ubuntu: Ubuntu 12.04.5 LTS
>>>
>>> The Users and Credentials are being Synched out of an AD
>>> Server
>>> (the
>>> passwords happened to be transferred using the PassSync
>>> Service)
>>>
>>> Now.. I wanted to setup a very simple sssd service (not the
>>> FreeIPA
>>> client service)
>>> And so far I succeeded on synching the users along with the
>>> passwords
>>> using SSSD.
>>>
>>> Now, Trying to get the sudo access sorted I cannot see that
>>> working,
>>> and I came across some documentation mentioning SSSD is NOT
>>> currently
>>> supporting IPA schema for the SUDOers
>>> if that is the case
>>>
>>> Can anybody point me to the right document or procedure in
>>> terms of
>>> getting also the sudoers installed?
>>>
>>> Would be possible , somehow, to have this sorted WITHOUT
>>> using the
>>> ipa-client?
>>>
>>> many thanks!
>>>
>>>
>>>
>>>
>>> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
>>>
>>>
>>>
>>
More information about the Freeipa-users
mailing list