<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Thanks to Lukas:<br>
<pre wrap="">Step 0: Install freipa-client on ubuntu 14.04 and configure sudo integration
</pre>
<pre wrap="">root@ubuntu1404:/# ipa-client-install --no-ntp
root@ubuntu1404:/# echo "sudoers: files sss" >> /etc/nsswitch.conf
root@ubuntu1404:/# grep services /etc/sssd/sssd.conf
services = nss, pam
root@ubuntu1404:/# sed -i -e 's/\(services.*\)/\1, sudo/' /etc/sssd/sssd.conf
root@ubuntu1404:/# grep services /etc/sssd/sssd.conf
services = nss, pam, sudo
</pre>
<blockquote type="cite" style="color: #000000;">
<blockquote type="cite" style="color: #000000;">
<pre wrap="">Step 1: configure sudo rules for ordinary user
Please follow the instructions from FreeIPA documentation.
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/docs/master/html-desktop/index.html#sudo">http://www.freeipa.org/docs/master/html-desktop/index.html#sudo</a>
</pre>
</blockquote>
</blockquote>
<pre wrap=""> This step was skipped, becuase it was already done few months ago <span class="moz-smiley-s1" title=":-)"></span>
</pre>
<blockquote type="cite" style="color: #000000;">
<blockquote type="cite" style="color: #000000;">
<pre wrap="">Step 2: login to machine as ordinary user, which is allowed to use sudo.
</pre>
</blockquote>
</blockquote>
<pre wrap="">$ su usersssd01
Password:
$ id
uid=325600011(usersssd01) gid=325600011(usersssd01) groups=325600011(usersssd01),30011(biggroup1)
</pre>
<blockquote type="cite" style="color: #000000;">
<blockquote type="cite" style="color: #000000;">
<pre wrap="">Step 3: run command
sudo -l
// this command should show you which commands can be executed as root
// with sudo
</pre>
</blockquote>
</blockquote>
<pre wrap="">$ sudo -l
sudo: unable to resolve host ubuntu1404.example.test
[sudo] password for usersssd01:
Matching Defaults entries for usersssd01 on ubuntu1404:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User usersssd01 may run the following commands on ubuntu1404:
(root) /usr/bin/less, /usr/bin/vim
</pre>
<blockquote type="cite" style="color: #000000;">
<blockquote type="cite" style="color: #000000;">
<pre wrap="">Step 4: If there weren't any problems then user will be able to run command.
sudo some_command_listed_in_step3
</pre>
</blockquote>
</blockquote>
<pre wrap="">$ sudo /usr/bin/less /etc/shadow | wc -l
21
$ echo $?
0
$ sudo apt-get install mc
Sorry, user usersssd01 is not allowed to execute '/usr/bin/apt-get install mc' as root on ubuntu.example.test.
$ echo $?
1</pre>
<br>
<div class="moz-cite-prefix">On 17-09-2014 16:54, Sanju A wrote:<br>
</div>
<blockquote
cite="mid:OFDFB1E361.FAC66671-ON65257D56.004BD500-65257D56.004C5B1F@tcs.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<font face="sans-serif" size="2">Dear All,</font>
<br>
<br>
<font face="sans-serif" size="2">I am able to configure the sudo
settings
in Centos clients by adding/modifying the entries in
/etc/nsswitch.conf
and /etc/sudo-ldap.conf. What is the exact steps for the
configuration
in Ubuntu as I am not able find the configuration file
sudo-ldap.conf in
Ubuntu.</font>
<br>
<font face="sans-serif" size="2"><br>
<br>
Regards<br>
Sanju Abraham<br>
IS - Network/System Administrator<br>
Tata Consultancy Services<br>
TCS Centre SEZ Unit,<br>
Infopark PO,<br>
Kochi - 682042,Kerala<br>
India<br>
Ph:- +91 484 6187490<br>
Mailto: <a class="moz-txt-link-abbreviated" href="mailto:sanju.a@tcs.com">sanju.a@tcs.com</a><br>
Website: </font><a moz-do-not-send="true"
href="http://www.tcs.com/"><font face="sans-serif" size="2">http://www.tcs.com</font></a><font
face="sans-serif" size="2"><br>
____________________________________________<br>
Experience certainty. IT Services<br>
Business Solutions<br>
Consulting<br>
____________________________________________</font>
<p>=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you</p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<img src="cid:part3.04050309.02060604@astron.yasar.com.tr"
border="0"></div>
</body>
</html>
<table><tr><td bgcolor=#ffffff><font color=#000000><br><br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img><br>
<br><br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.<br>
</font></td></tr></table>