Rajnesh Kumar Siwal wrote:
Hi Rob,
This is the way I configured it:-
1. Added the details in /etc/ldap.conf :-
binddn uid=sudo,cn=sysaccounts,cn=etc,dc=chargepoint,dc=dmz
bindpw xxxxxxxxxxxxxxxx
ssl start_tls
tls_cacertfile /etc/ipa/ca.crt
tls_checkpeer yes
bind_timelimit 5
timelimit 15
uri ldap://ipa1.chargepoint.dmz
sudoers_base ou=SUDOers,dc=chargepoint,dc=dmz
sudoers_debug 1
2. Modified /etc/nsswitch.conf to fetch sudo details from ldap:-
sudoers: files ldap
3. So what I can understand from the above steps is that I am
interacting directly with the LDAP (389-ds) Server directly (because I
am not using sss (instead ldap is being used)).
What distribution and release number is the client?
Can you include what you see when you execute a sudo?
rob
On Mon, Feb 4, 2013 at 7:50 PM, Rob Crittenden <[email protected]> wrote:
Fred van Zwieten wrote:
Hi,
ipa-client-install should take care of setting up sudo on the client to
use IPA, afaik.
Not yet, https://fedorahosted.org/freeipa/ticket/3358
Essential line in nsswitch.conf:
sudoers: files ldap
Please read here
<https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#sudo>
Note that the configuration file name is wrong for RHEL 6. You need to use
/etc/sudo-ldap.conf.
rob
As for the second question. dc=example,dc=com is, well, an example.
example.com <http://example.com> is used throughout the documentation
for documentation purposes where a domain name is needed. Please replace
is with you're domain, e.g. dc=yourcompanyname,dc=com
Met vriendelijke groeten,
*
Fred*
On Mon, Feb 4, 2013 at 7:29 AM, Rajnesh Kumar Siwal
<[email protected] <mailto:[email protected]>> wrote:
I am planning to use the sudo feature on IPA 2.2. By default the IPA
client that I configured does not seems to use fetch the sudo user
details.
It looks that we need to modify nsswitch.conf and ldap.conf to
support it.
Can sssd take care of fetching the sudo user details ?
Secondly, I am not able to find the password for
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com . How do I find it ?
Will it be safe to change password of this sudo user or it may impact
the IPA Server ?
Please suggest.
--
Regards,
Rajnesh Kumar Siwal
_______________________________________________
Freeipa-users mailing list
[email protected] <mailto:[email protected]>
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
