[Freeipa-users] Oracle Linux 5.5 - Legacy Question
Jeffrey Stormshak
jstormshak at cccis.com
Tue Nov 17 14:43:26 UTC 2015
Thank you for the response. If I may, can you expand more on the sudoers response?
More details from my configuration ...
The current setup for me is that all my sudoers rules/commands and groups are defined and stored in the RHEL 7.1 IDM LDAP. When I create the /etc/sudo-ldap.conf (snippet below), I'm still not able to get it working on these 5.5 Linux clients.
uri ldap://ldap-server-name/
sudoers_base ou=SUDOers,dc=EXAMPLE,dc=COM
binddn uid=sudo,cn=sysaccounts,cn=etc,dc=EXAMPLE,dc=COM
bindpw secret_pass
bind_timelimit 5
timelimit 15
In your experience, am I missing some other component? PAM Modules? Reference in the /etc/nsswitch.conf?
-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Jakub Hrozek
Sent: Tuesday, November 17, 2015 2:56 AM
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Oracle Linux 5.5 - Legacy Question
On Mon, Nov 16, 2015 at 08:58:37PM +0000, Jeffrey Stormshak wrote:
> Greetings ---
> I'm in the process of deploying the RHEL 7.1 IDM into my enterprise and we have a great number of Oracle Linux 5.5 servers. Upon research from Oracle (ULN Channels) the Linux "ipa-client" was only released for 5.6 and then upstream. I went ahead and configured the PAM/LDAP authentication method for 5.5 and so far its working as expected. With that history being said ...
>
> I'm having difficulty getting TLS and "sudoers" to be managed by the RHEL IDM to these 5.5 clients. Can anyone share some insight or documentation details on how to solve these two problems prior to my mass deployment? Any insight is greatly appreciated. Thanks!
Not sure about TLS but sudoers should be managed with their ldap config (there's no sssd, hence to sssd sudo integration..)
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list