On 02/01/2012 03:43 AM, Westerlund Johnny wrote:
> You pointed me in the correct direction. I only needed to setup ldap.conf in 
> a correct way and it worked perfectly.
> the documentation for setting up sudo on rhel6 describes how to setup the 
> nslcd.conf, i just did ldap.conf a symlink of that file and it worked.
> 
> Thanks alot for your input.
> 
> Regards
> johnny
> 
> ________________________________________
> Från: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] 
> för Stephen Gallagher [sgall...@redhat.com]
> Skickat: den 1 februari 2012 13:35
> Till: freeipa-users@redhat.com
> Ämne: Re: [Freeipa-users] IPA Sudo - RHEL5
> 
> On Wed, 2012-02-01 at 08:51 +0100, Westerlund Johnny wrote:
>> Hey all,
>>
>> I've been running IPA on a RHEL6.2 and so far it's looking great. HBAC
>> is awsome. The other machines in the domain is another RHEL 6.2 and one
>> RHEL 5.7.
>>
>> I've also configured SUDO and it was working great on all machines. But
>> thats changed now. The RHEL 6.2 and the ipaserver itself (also rhel6.2)
>> works great. But the RHEL 5.7 stopped working the other day, and
>> nothing i do can make it work again.
>>
>> I've followed the documentation at:
>> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/sudo.html
>> But i just cant seem to find the problem, so i'm starting to wonder if
>> it broke when i patched the system the other day.
>>
>> Both login and HBAC rules seem to work fine on the 5.7 box, but not
>> SUDO.  I've tried running the sssd daemon interactivly and in debug
>> mode (sssd -i -d6) but it's hard to know what to look for. Anyone able
>> to give some troubleshooting tips?
> 
> SUDO support doesn't go through SSSD[1]. It uses its own internal LDAP
> driver to talk to FreeIPA. So if you're suddenly having trouble there,
> I'd look into the sudo package.
> 
> 
> 
> [1] This is a feature we're working on for Fedora and will be coming in
> future versions of RHEL 6, but probably not for RHEL 5
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Just wanted to add here, that the Red Hat docs for 5.8 beta include and
identity management doc that specifies how to set this up under RHEL 5.

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5-Beta/html/Configuring_Identity_Management/configuring-rhel5.html#Setting_up_sudo_Rules-Client_Configuration_for_sudo_Rules

-Erinn


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to