<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
Did u add this user to sudo rule/users ?<br>
<br>
<div class="moz-cite-prefix">On 18-09-2014 08:02, Sanju A wrote:<br>
</div>
<blockquote
cite="mid:OFB855DBC9.49796E5C-ON65257D57.001A82FF-65257D57.001BB280@tcs.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<font face="sans-serif" size="2">Dear All,</font>
<br>
<br>
<font face="sans-serif" size="2">I have tried with the settings as
mentioned
here. But still the issue persists.</font>
<br>
<br>
<img src="cid:part1.09050108.07070701@astron.yasar.com.tr"
style="border:0px solid;">
<br>
<font face="sans-serif" size="2"><br>
<br>
Regards<br>
Sanju Abraham<br>
IS - Network/System Administrator<br>
Tata Consultancy Services<br>
TCS Centre SEZ Unit,<br>
Infopark PO,<br>
Kochi - 682042,Kerala<br>
India<br>
Ph:- +91 484 6187490<br>
Mailto: <a class="moz-txt-link-abbreviated" href="mailto:sanju.a@tcs.com">sanju.a@tcs.com</a><br>
Website: </font><a moz-do-not-send="true"
href="http://www.tcs.com/"><font face="sans-serif" size="2">http://www.tcs.com</font></a><font
face="sans-serif" size="2"><br>
____________________________________________<br>
Experience certainty. IT Services<br>
Business Solutions<br>
Consulting<br>
____________________________________________</font>
<br>
<br>
<br>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">From:
</font><font face="sans-serif" size="1">Tevfik Ceydeliler
<a class="moz-txt-link-rfc2396E" href="mailto:tevfik.ceydeliler@astron.yasar.com.tr"><tevfik.ceydeliler@astron.yasar.com.tr></a></font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">To:
</font><font face="sans-serif" size="1"><a class="moz-txt-link-rfc2396E" href="mailto:freeipa-users@redhat.com"><freeipa-users@redhat.com></a></font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">Date:
</font><font face="sans-serif" size="1">17-09-2014 19:46</font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">Subject:
</font><font face="sans-serif" size="1">Re: [Freeipa-users]
sudo setup in Ubuntu</font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">Sent by:
</font><font face="sans-serif" size="1"><a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a></font>
<br>
<hr noshade="noshade">
<br>
<br>
<br>
<font size="3">Thanks to Lukas:</font>
<br>
<tt><font size="3">Step 0: Install freipa-client on ubuntu 14.04
and
configure sudo integration<br>
</font></tt>
<br>
<tt><font size="3">root@ubuntu1404:/# ipa-client-install --no-ntp<br>
root@ubuntu1404:/# echo "sudoers: files sss" >>
/etc/nsswitch.conf<br>
<br>
root@ubuntu1404:/# grep services /etc/sssd/sssd.conf<br>
services = nss, pam<br>
root@ubuntu1404:/# sed -i -e 's/\(services.*\)/\1, sudo/'
/etc/sssd/sssd.conf<br>
root@ubuntu1404:/# grep services /etc/sssd/sssd.conf<br>
services = nss, pam, sudo<br>
<br>
</font></tt>
<br>
<tt><font size="3">Step 1: configure sudo rules for ordinary user<br>
Please follow the instructions from FreeIPA documentation.<br>
</font></tt><a moz-do-not-send="true"
href="http://www.freeipa.org/docs/master/html-desktop/index.html#sudo"><tt><font
color="blue" size="3"><u>http://www.freeipa.org/docs/master/html-desktop/index.html#sudo</u></font></tt></a><tt><font
size="3"><br>
<br>
</font></tt>
<br>
<tt><font size="3"> This step was skipped, becuase it was already
done few months ago <br>
<br>
</font></tt>
<br>
<tt><font size="3">Step 2: login to machine as ordinary user,
which is
allowed to use sudo.<br>
</font></tt>
<br>
<tt><font size="3">$ su usersssd01<br>
Password:<br>
$ id<br>
uid=325600011(usersssd01) gid=325600011(usersssd01)
groups=325600011(usersssd01),30011(biggroup1)<br>
<br>
</font></tt>
<br>
<tt><font size="3">Step 3: run command<br>
sudo -l<br>
// this command should show you which commands can be
executed
as root<br>
// with sudo<br>
</font></tt>
<br>
<tt><font size="3">$ sudo -l<br>
sudo: unable to resolve host ubuntu1404.example.test<br>
[sudo] password for usersssd01:<br>
Matching Defaults entries for usersssd01 on ubuntu1404:<br>
env_reset, mail_badpass,<br>
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin<br>
<br>
User usersssd01 may run the following commands on ubuntu1404:<br>
(root) /usr/bin/less, /usr/bin/vim<br>
<br>
</font></tt>
<br>
<tt><font size="3">Step 4: If there weren't any problems then user
will
be able to run command.<br>
sudo some_command_listed_in_step3<br>
</font></tt>
<br>
<tt><font size="3">$ sudo /usr/bin/less /etc/shadow | wc -l<br>
21<br>
$ echo $?<br>
0<br>
<br>
$ sudo apt-get install mc<br>
Sorry, user usersssd01 is not allowed to execute
'/usr/bin/apt-get install
mc' as root on ubuntu.example.test.<br>
$ echo $?<br>
1</font></tt>
<br>
<br>
<font size="3">On 17-09-2014 16:54, Sanju A wrote:</font>
<br>
<font face="sans-serif" size="2">Dear All,</font><font size="3"> <br>
</font><font face="sans-serif" size="2"><br>
I am able to configure the sudo settings in Centos clients by
adding/modifying
the entries in /etc/nsswitch.conf and /etc/sudo-ldap.conf. What
is
the exact steps for the configuration in Ubuntu as I am not able
find the
configuration file sudo-ldap.conf in Ubuntu.</font><font
size="3"> </font><font face="sans-serif" size="2"><br>
<br>
<br>
Regards<br>
Sanju Abraham<br>
IS - Network/System Administrator<br>
Tata Consultancy Services<br>
TCS Centre SEZ Unit,<br>
Infopark PO,<br>
Kochi - 682042,Kerala<br>
India<br>
Ph:- +91 484 6187490<br>
Mailto: </font><a moz-do-not-send="true"
href="mailto:sanju.a@tcs.com"><font color="blue"
face="sans-serif" size="2"><u>sanju.a@tcs.com</u></font></a><font
face="sans-serif" size="2"><br>
Website: </font><a moz-do-not-send="true"
href="http://www.tcs.com/"><font color="blue" face="sans-serif"
size="2"><u>http://www.tcs.com</u></font></a><font
face="sans-serif" size="2"><br>
____________________________________________<br>
Experience certainty. IT Services<br>
Business Solutions<br>
Consulting<br>
____________________________________________</font><font
size="3"> </font>
<p><font size="3">=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you</font>
</p>
<p><font size="3"><br>
</font>
<br>
<br>
<font size="3">-- <br>
</font><img
src="cid:part6.03070207.09090403@astron.yasar.com.tr"
style="border:0px solid;" height="126" width="375">
<table style="border-collapse:collapse;" width="1286">
<tbody>
<tr height="8">
<td
style="border-style:solid;border-color:#000000;border-width:0px
0px 0px 0px;padding:1px 1px;" bgcolor="white"
width="1284"><font size="3"><br>
<br>
<br>
<br>
<br>
<br>
Bu elektronik postada bulunan tum fikir ve gorusler ve
ekindeki dosyalar
sadece adres sahip/sahiplerine ait olup, Yasar
Toplulugu Sirketleri bu
mesajin icerigi ile ilgili olarak hic bir hukuksal
sorumlulugu kabul etmez.
Eger gonderilmesi dusunulen kisi veya kurulus
degilseniz, lutfen gonderen
kisiyi derhal haberdar ediniz ve mesaji sisteminizden
siliniz.The information
contained in this e-mail and any files transmitted
with it are intended
solely for the use of the individual or entity to whom
they are addressed
and Yasar Group Companies do not accept legal
responsibility for the contents.
If you are not the intended recipient, please
immediately notify the sender
and delete it from your system.</font></td>
</tr>
</tbody>
</table>
<br>
<tt><font size="2">-- <br>
Manage your subscription for the Freeipa-users mailing list:<br>
</font></tt><a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"><tt><font
size="2">https://www.redhat.com/mailman/listinfo/freeipa-users</font></tt></a><tt><font
size="2"><br>
Go To </font></tt><a moz-do-not-send="true"
href="http://freeipa.org/"><tt><font size="2">http://freeipa.org</font></tt></a><tt><font
size="2">
for more info on the project</font></tt>
<br>
</p>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<img src="cid:part9.08080107.04070408@astron.yasar.com.tr"
border="0"></div>
</body>
</html>
<table><tr><td bgcolor=#ffffff><font color=#000000><br><br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img><br>
<br><br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.<br>
</font></td></tr></table>