Hi Patrick,

Firstly lets look at the sudo issue - I think you just need to add a second
sudo option to block the requirement for TTY:

  Rule name: full_control
  Description: Allow full command access on all hosts
  Enabled: TRUE
  Host category: all
  Command category: all
  RunAs User category: all
  Sudo order: 2
  Users: ...
  User Groups: ...
  Sudo Option: !authenticate, !requiretty

That should move that one along, fingers crossed its that simple!

Home directory creation - this one is controlled by a file
/etc/sysconfig/authconfig. You can enable the setting from the command line
and you'll notice a service "oddjob" which runs for this purpose. Here's
the command to get it going (feel free to read the man page for
confirmation):

$ authconfig --enablemkhomedir --update

Finally you mentioned issues with NTP - during client install you might
have noticed a warning about this - in fact my notes say its the first
thing it prints out if chrony is running. There is an installer option
"--force-ntpd" which will nuke chrony and push the configuration but at
this point you should probably go ahead and remove chrony manually, install
ntp and point it at your server instance. Note that yopu'll obviously need
to get the server instance running NTP and configured first. There are
plenty of articles online for that and its advisable to do a little
research to strengthen your configuration.

Hopefully that gets you to level 3!

Callum



On Wed, Jul 12, 2017 at 4:24 AM Patrick McHale via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Thanks Callum for your advice so far, I am now able to login to the client
> via the FreeIPA server authentication.
>
>
>
> I am having trouble getting sudo access working properly. I have followed
> the guide you mentioned but I still cannot sudo into the client. I have
> opened up
>
> everything under the created “sudo rule” but I am still not able to log in
> with sudo priviledges.
>
>
>
> So, as a test I have selected these commands within the “sudo rules” but
> no success here.
>
>
>
> Who – Anyone
>
> Access this host – Anyhost
>
> Run Commands – Any Command
>
>
>
> *From the command line*
>
> [root@ipa ~]# ipa sudorule-show sudo
>
>   Rule name: sudo
>
>   Enabled: TRUE
>
>   User category: all
>
>   Host category: all
>
>   Command category: all
>
>   RunAs User category: all
>
>   RunAs Group category: all
>
>   Sudo Option: !authenticate
>
>
>
> Would be grateful for some advice, I am missing something here.
>
>
>
> Regards
>
>
>
> *Patrick McHale*
>
> *Network and Systems Administrator*
>
> *Infrastructure team*
>
> *NZX REGULATED INFRASTRUCTURE & OPERATIONS*
>
>
>
> *NZX Limited*
> Level 1, NZX Centre, 11 Cable Street
>
> PO Box 2959 Wellington 6140
>
> New Zealand
>
> DDI:      +64 4 495 2884 <+64%204-495%202884>
>
> Mobile: +64 27 405 8340
>
> www.nzx.com
>
>
>
> [image: https://nzx.com/files/static/email_signatures/nzx-logo-email.png]
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
-- 
Callum Guy
Head of Information Security
X-on

-- 



*0333 332 0000  |  www.x-on.co.uk <http://www.x-on.co.uk>  |   ** 
<https://www.linkedin.com/company/x-on>   <https://www.facebook.com/XonTel> 
  <https://twitter.com/xonuk> * 
X-on is a trading name of Storacall Technology Ltd a limited company 
registered in England and Wales.
Registered Office : Avaland House, 110 London Road, Apsley, Hemel 
Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
The information in this e-mail is confidential and for use by the 
addressee(s) only. If you are not the intended recipient, please notify 
X-on immediately on +44(0)333 332 0000 and delete the
message from your computer. If you are not a named addressee you must not 
use, disclose, disseminate, distribute, copy, print or reply to this email. 
Views 
or opinions expressed by an individual
within this email may not necessarily reflect the views of X-on or its 
associated companies. Although X-on routinely screens for viruses, 
addressees should scan this email and any attachments
for viruses. X-on makes no representation or warranty as to the absence of 
viruses in this email or any attachments.

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to