[Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?
Tomas Simecek
simecek.tomas at gmail.com
Wed Jul 13 12:25:48 UTC 2016
Thanks for your information Lukas,
I have changed sudo_provider to ipa, restarted sssd and no difference.
Logfile still says "Access granted by HBAC rule..." and sudo says
simecek.tomas at sd-stc.cz is not allowed to run sudo on zp-cml-test.
Btw. man sssd-sudo says:
The following example shows how to configure SSSD to download
sudo rules from an LDAP server.
[sssd]
config_file_version = 2
services = nss, pam, sudo
domains = EXAMPLE
[domain/EXAMPLE]
id_provider = ldap
so I am not that sure what should be set on my version of sssd.
Any idea?
Thanks
T.
2016-07-13 13:44 GMT+02:00 Lukas Slebodnik <lslebodn at redhat.com>:
> On (13/07/16 13:36), Tomas Simecek wrote:
> >Lukas,
> >yes, I went through that guide and I configured sssd.conf as per the doc
> >(you can see it in the beginning of the thread).
> >
> >Actually the installation is:
> >[root at zp-cml-test sssd]# cat /etc/redhat-release
> >CentOS release 6.6 (Final)
> >
> >and versions are:
> >[root at zp-cml-test sssd]# rpm -qa |grep sssd
> >sssd-proxy-1.11.6-30.el6.x86_64
> >sssd-common-pac-1.11.6-30.el6.x86_64
> >sssd-ipa-1.11.6-30.el6.x86_64
> >sssd-1.11.6-30.el6.x86_64
> >sssd-common-1.11.6-30.el6.x86_64
> >sssd-ad-1.11.6-30.el6.x86_64
> >sssd-ldap-1.11.6-30.el6.x86_64
> >python-sssdconfig-1.11.6-30.el6.noarch
> >sssd-krb5-common-1.11.6-30.el6.x86_64
> >sssd-krb5-1.11.6-30.el6.x86_64
> >sssd-client-1.11.6-30.el6.x86_64
> >
> 1.11 has sudo_provider=ipa
>
> @see instructions in man sssd-sudo how to configure it.
> It should avoid issues with two different providers (ipa and ldap)
>
> >
> >There are some reasons why not to upgrade to later versions, believe me, I
> >would do it if I could :-)
> >
> You can at least try to upgrade sssd from 6.8 if you do not want
> to upgrade whole OS.
>
> LS
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160713/f6d90c7f/attachment.htm>
More information about the Freeipa-users
mailing list