[Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?
Danila Ladner
ladner.danila at gmail.com
Wed Jul 13 14:32:40 UTC 2016
Update to this one:
It has been running smoothly on 6.5
[root at dev-zlei.sec1 ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)
[root at dev-zlei.sec1 ~]# rpm -qa | grep sssd
sssd-client-1.12.4-47.el6.x86_64
sssd-ldap-1.12.4-47.el6.x86_64
sssd-ad-1.12.4-47.el6.x86_64
python-sssdconfig-1.12.4-47.el6.noarch
sssd-common-1.12.4-47.el6.x86_64
sssd-proxy-1.12.4-47.el6.x86_64
sssd-common-pac-1.12.4-47.el6.x86_64
sssd-krb5-1.12.4-47.el6.x86_64
sssd-ipa-1.12.4-47.el6.x86_64
sssd-krb5-common-1.12.4-47.el6.x86_64
sssd-1.12.4-47.el6.x86_64
On Wed, Jul 13, 2016 at 9:56 AM, Tomas Simecek <simecek.tomas at gmail.com>
wrote:
> Thanks,
> I will try. But I am afraid to update to more recent version then those in
> official repos.
>
> Thanks anyway.
>
> T.
>
> 2016-07-13 15:39 GMT+02:00 <ladner.danila at gmail.com>:
>
>> Update to at least 1.12 sssd and libsss_sudo. As I recall sudo ipa
>> provider did not work under 1.11
>>
>> Sent from my iPhone
>>
>> On Jul 13, 2016, at 9:02 AM, Tomas Simecek <simecek.tomas at gmail.com>
>> wrote:
>>
>> Hi,
>> versions are:
>> sssd-client-1.11.6-30.el6.x86_64
>> sssd-ipa-1.11.6-30.el6.x86_64
>> ipa-client-3.0.0-50.el6.centos.1.x86_64
>> as part of:
>> CentOS release 6.6 (Final)
>>
>> T.
>>
>> 2016-07-13 14:52 GMT+02:00 <ladner.danila at gmail.com>:
>>
>>> Again what is client version on 6.5?
>>>
>>>
>>> Sent from my iPhone
>>>
>>> On Jul 13, 2016, at 8:25 AM, Tomas Simecek <simecek.tomas at gmail.com>
>>> wrote:
>>>
>>> Thanks for your information Lukas,
>>> I have changed sudo_provider to ipa, restarted sssd and no difference.
>>> Logfile still says "Access granted by HBAC rule..." and sudo says
>>> simecek.tomas at sd-stc.cz is not allowed to run sudo on zp-cml-test.
>>>
>>> Btw. man sssd-sudo says:
>>> The following example shows how to configure SSSD to download
>>> sudo rules from an LDAP server.
>>>
>>> [sssd]
>>> config_file_version = 2
>>> services = nss, pam, sudo
>>> domains = EXAMPLE
>>>
>>> [domain/EXAMPLE]
>>> id_provider = ldap
>>>
>>> so I am not that sure what should be set on my version of sssd.
>>>
>>> Any idea?
>>>
>>> Thanks
>>>
>>> T.
>>>
>>> 2016-07-13 13:44 GMT+02:00 Lukas Slebodnik <lslebodn at redhat.com>:
>>>
>>>> On (13/07/16 13:36), Tomas Simecek wrote:
>>>> >Lukas,
>>>> >yes, I went through that guide and I configured sssd.conf as per the
>>>> doc
>>>> >(you can see it in the beginning of the thread).
>>>> >
>>>> >Actually the installation is:
>>>> >[root at zp-cml-test sssd]# cat /etc/redhat-release
>>>> >CentOS release 6.6 (Final)
>>>> >
>>>> >and versions are:
>>>> >[root at zp-cml-test sssd]# rpm -qa |grep sssd
>>>> >sssd-proxy-1.11.6-30.el6.x86_64
>>>> >sssd-common-pac-1.11.6-30.el6.x86_64
>>>> >sssd-ipa-1.11.6-30.el6.x86_64
>>>> >sssd-1.11.6-30.el6.x86_64
>>>> >sssd-common-1.11.6-30.el6.x86_64
>>>> >sssd-ad-1.11.6-30.el6.x86_64
>>>> >sssd-ldap-1.11.6-30.el6.x86_64
>>>> >python-sssdconfig-1.11.6-30.el6.noarch
>>>> >sssd-krb5-common-1.11.6-30.el6.x86_64
>>>> >sssd-krb5-1.11.6-30.el6.x86_64
>>>> >sssd-client-1.11.6-30.el6.x86_64
>>>> >
>>>> 1.11 has sudo_provider=ipa
>>>>
>>>> @see instructions in man sssd-sudo how to configure it.
>>>> It should avoid issues with two different providers (ipa and ldap)
>>>>
>>>> >
>>>> >There are some reasons why not to upgrade to later versions, believe
>>>> me, I
>>>> >would do it if I could :-)
>>>> >
>>>> You can at least try to upgrade sssd from 6.8 if you do not want
>>>> to upgrade whole OS.
>>>>
>>>> LS
>>>>
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160713/ece27883/attachment.htm>
More information about the Freeipa-users
mailing list