[Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?

Tomas Simecek simecek.tomas at gmail.com
Wed Jul 13 13:56:17 UTC 2016 

Thanks,
I will try. But I am afraid to update to more recent version then those in
official repos.

Thanks anyway.

T.

2016-07-13 15:39 GMT+02:00 <ladner.danila at gmail.com>:

> Update to at least 1.12 sssd and libsss_sudo. As I recall sudo ipa
> provider did not work under 1.11
>
> Sent from my iPhone
>
> On Jul 13, 2016, at 9:02 AM, Tomas Simecek <simecek.tomas at gmail.com>
> wrote:
>
> Hi,
> versions are:
> sssd-client-1.11.6-30.el6.x86_64
> sssd-ipa-1.11.6-30.el6.x86_64
> ipa-client-3.0.0-50.el6.centos.1.x86_64
> as part of:
> CentOS release 6.6 (Final)
>
> T.
>
> 2016-07-13 14:52 GMT+02:00 <ladner.danila at gmail.com>:
>
>> Again what is client version on 6.5?
>>
>>
>> Sent from my iPhone
>>
>> On Jul 13, 2016, at 8:25 AM, Tomas Simecek <simecek.tomas at gmail.com>
>> wrote:
>>
>> Thanks for your information Lukas,
>> I have changed sudo_provider to ipa, restarted sssd and no difference.
>> Logfile still says "Access granted by HBAC rule..." and sudo says
>> simecek.tomas at sd-stc.cz is not allowed to run sudo on zp-cml-test.
>>
>> Btw. man sssd-sudo says:
>> The following example shows how to configure SSSD to download
>> sudo rules from an LDAP server.
>>
>>            [sssd]
>>            config_file_version = 2
>>            services = nss, pam, sudo
>>            domains = EXAMPLE
>>
>>            [domain/EXAMPLE]
>>            id_provider = ldap
>>
>> so I am not that sure what should be set on my version of sssd.
>>
>> Any idea?
>>
>> Thanks
>>
>> T.
>>
>> 2016-07-13 13:44 GMT+02:00 Lukas Slebodnik <lslebodn at redhat.com>:
>>
>>> On (13/07/16 13:36), Tomas Simecek wrote:
>>> >Lukas,
>>> >yes, I went through that guide and I configured sssd.conf as per the doc
>>> >(you can see it in the beginning of the thread).
>>> >
>>> >Actually the installation is:
>>> >[root at zp-cml-test sssd]# cat /etc/redhat-release
>>> >CentOS release 6.6 (Final)
>>> >
>>> >and versions are:
>>> >[root at zp-cml-test sssd]# rpm -qa |grep sssd
>>> >sssd-proxy-1.11.6-30.el6.x86_64
>>> >sssd-common-pac-1.11.6-30.el6.x86_64
>>> >sssd-ipa-1.11.6-30.el6.x86_64
>>> >sssd-1.11.6-30.el6.x86_64
>>> >sssd-common-1.11.6-30.el6.x86_64
>>> >sssd-ad-1.11.6-30.el6.x86_64
>>> >sssd-ldap-1.11.6-30.el6.x86_64
>>> >python-sssdconfig-1.11.6-30.el6.noarch
>>> >sssd-krb5-common-1.11.6-30.el6.x86_64
>>> >sssd-krb5-1.11.6-30.el6.x86_64
>>> >sssd-client-1.11.6-30.el6.x86_64
>>> >
>>> 1.11 has sudo_provider=ipa
>>>
>>> @see instructions in man sssd-sudo how to configure it.
>>> It should avoid issues with two different providers (ipa and ldap)
>>>
>>> >
>>> >There are some reasons why not to upgrade to later versions, believe
>>> me, I
>>> >would do it if I could :-)
>>> >
>>> You can at least try to upgrade sssd from 6.8 if you do not want
>>> to upgrade whole OS.
>>>
>>> LS
>>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160713/20261763/attachment.htm>

More information about the Freeipa-users mailing list