[Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?

Tomas Simecek simecek.tomas at gmail.com
Wed Jul 13 13:02:56 UTC 2016 

Hi,
versions are:
sssd-client-1.11.6-30.el6.x86_64
sssd-ipa-1.11.6-30.el6.x86_64
ipa-client-3.0.0-50.el6.centos.1.x86_64
as part of:
CentOS release 6.6 (Final)

T.

2016-07-13 14:52 GMT+02:00 <ladner.danila at gmail.com>:

> Again what is client version on 6.5?
>
>
> Sent from my iPhone
>
> On Jul 13, 2016, at 8:25 AM, Tomas Simecek <simecek.tomas at gmail.com>
> wrote:
>
> Thanks for your information Lukas,
> I have changed sudo_provider to ipa, restarted sssd and no difference.
> Logfile still says "Access granted by HBAC rule..." and sudo says
> simecek.tomas at sd-stc.cz is not allowed to run sudo on zp-cml-test.
>
> Btw. man sssd-sudo says:
> The following example shows how to configure SSSD to download
> sudo rules from an LDAP server.
>
>            [sssd]
>            config_file_version = 2
>            services = nss, pam, sudo
>            domains = EXAMPLE
>
>            [domain/EXAMPLE]
>            id_provider = ldap
>
> so I am not that sure what should be set on my version of sssd.
>
> Any idea?
>
> Thanks
>
> T.
>
> 2016-07-13 13:44 GMT+02:00 Lukas Slebodnik <lslebodn at redhat.com>:
>
>> On (13/07/16 13:36), Tomas Simecek wrote:
>> >Lukas,
>> >yes, I went through that guide and I configured sssd.conf as per the doc
>> >(you can see it in the beginning of the thread).
>> >
>> >Actually the installation is:
>> >[root at zp-cml-test sssd]# cat /etc/redhat-release
>> >CentOS release 6.6 (Final)
>> >
>> >and versions are:
>> >[root at zp-cml-test sssd]# rpm -qa |grep sssd
>> >sssd-proxy-1.11.6-30.el6.x86_64
>> >sssd-common-pac-1.11.6-30.el6.x86_64
>> >sssd-ipa-1.11.6-30.el6.x86_64
>> >sssd-1.11.6-30.el6.x86_64
>> >sssd-common-1.11.6-30.el6.x86_64
>> >sssd-ad-1.11.6-30.el6.x86_64
>> >sssd-ldap-1.11.6-30.el6.x86_64
>> >python-sssdconfig-1.11.6-30.el6.noarch
>> >sssd-krb5-common-1.11.6-30.el6.x86_64
>> >sssd-krb5-1.11.6-30.el6.x86_64
>> >sssd-client-1.11.6-30.el6.x86_64
>> >
>> 1.11 has sudo_provider=ipa
>>
>> @see instructions in man sssd-sudo how to configure it.
>> It should avoid issues with two different providers (ipa and ldap)
>>
>> >
>> >There are some reasons why not to upgrade to later versions, believe me,
>> I
>> >would do it if I could :-)
>> >
>> You can at least try to upgrade sssd from 6.8 if you do not want
>> to upgrade whole OS.
>>
>> LS
>>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160713/2cf0a587/attachment.htm>

More information about the Freeipa-users mailing list