[Freeipa-users] How do I create single sudo grpoup for both Centos and Ubuntu?
Przemysław Orzechowski
przemek.orzechowski at makolab.pl
Wed May 4 07:51:04 UTC 2016
Hi
The problem was unclear for me with ubuntu and altrough in theory
everything should work it did not so (checked fiew things that came to
mind like kerberos sssd logs pam and figured out some problem with pam
sssd integration so i went with the simplest solution (reinstall
frreeipa-client on ubuntus)
I fixed the problem with sudo on ubuntu 14.4 and 16.4 with
ipa-client-install --uninstall
followed by
ipa-client-install --domain=myfqdndomain --principal=admin --mkhomedir
then checking /etc/sssd/sssd.conf if the sudo is in servicess line (it
was prior to uninstall) and appropiate mod to pam so mkhomedir actualy works
for some reason afer this ubuntus started working
i skiped ubuntu 12.4 or now
currently im trying to get su and su - to work i mean restrict it to
fiew admin users from ipa and local root.
from other things i observed (not related to the sudo issue i hope) was
that most of the ubuntu hosts did not register theyr A record on IPA
wheras all Centos based hosts did (just added missing records for
ubuntus manually so its not an issue)
Next step after i get su right will be search for a way to get
virt-manager work over ssh X forwarding for IPA users works for local
accounts only right now
Regards
Przemysław Orzechowski
W dniu 02.05.2016 o 16:22, Rob Crittenden pisze:
> Przemysław Orzechowski wrote:
>> Hi
>>
>> Im trying to create a single usergroup for sudo enabled users for both
>> Centos and Ubuntu users
>> The problem is on centos its group wheel (10), and on ubuntu its sudo
>> (27) how do i have tried to do it using ID view but somehow im not
>> getting it right
>>
>> btw
>> Centos clients versions 6.x, 7.x
>> Ubuntu clients versions 12.04,14.04,16.04
>> Ipa server is on Centos 7 IPA VERSION: 4.2.0, API_VERSION: 2.156
>>
>> Regards
>> Przemyław Orzechowski
>>
>
> But aren't these groups used only if you use files for sudo (and even
> that is just a default)? If you are using IPA to provide the sudo
> rules then the group you choose shouldn't matter.
>
> rob
>
More information about the Freeipa-users
mailing list