Thanks a lot.
It works like a charm

On Sun, Oct 1, 2017 at 5:47 PM, Aaron Cole via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Hello!
>
> For sssd to pull sudo rules for external (local) users you will have to
> add a proxy domain into the /etc/sssd/sssd.conf, so sssd will know to go
> out to the ipa servers for the external sudo rules.  While this works it is
> still recommended to use local sudoers for local users.
>
> 1) Add proxy domain to /etc/sssd/sssd.conf.
>
> [domain/proxy]   <----------------------- Define this section(proxy domain)
> id_provider = proxy
> proxy_lib_name = files
> proxy_pam_target = system-auth-ac
> sudo_provider = ldap   <----------------- This could be 'ipa' as well
> ldap_uri = ldaps://rhel7-ipa-2.example.com
> ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
> ldap_tls_cacert = /etc/ipa/ca.crt
>
> 2) Add domain to "domains" line in the [sssd] section
>
> domains = example.com, proxy <------- Add a 'proxy' domain here
>
> 3) restart sssd.
>
> I used this article to setup mine.  https://access.redhat.com/
> solutions/2347541
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to