On Mon, Sep 20, 2021 at 09:16:20AM -0000, iulian roman via FreeIPA-users wrote: > Does anybody know if it is possible to have sudo rules in > FreeIPA for local accounts (accounts which are in /etc/passwd) ?
If you want to have local sudo rules, just define them normally. If you want to have sudo rules managed by the ipa server: 1. Install the package sssd-ldap. (Assuming RHEL) 2. Add this section to sssd.conf: -- [domain/files] id_provider = files sudo_provider = ldap ldap_uri = ldaps://my-ipaserver.example.com ldap_tls_cacert = /etc/ipa/ca.crt -- 3. Clean the cache and restart sssd: $ service sssd stop ; rm -rf /var/lib/sss/db/* ; service sssd start With this bit of configuration, sudo will pick up rules from the ldap server too. Ciao Dominik ^_^ ^_^ -- Dominik Vogt _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
