IPA client details are :- [rsiwal@gw1-test ~]$ rpm -qa|grep -i -w ipa ipa-client-2.1.3-5.el5_9.2 [rsiwal@gw1-test ~]$ cat /etc/redhat-release CentOS release 5.6 (Final) [rsiwal@gw1-test ~]$ uname -a Linux gw1-test 2.6.18-238.el5 #1 SMP Thu Jan 13 15:51:15 EST 2011 x86_64 x86_64 x86_64 GNU/Linux
On Mon, Feb 4, 2013 at 9:37 PM, Rob Crittenden <[email protected]> wrote: > Rajnesh Kumar Siwal wrote: >> >> Hi Rob, >> >> This is the way I configured it:- >> 1. Added the details in /etc/ldap.conf :- >> binddn uid=sudo,cn=sysaccounts,cn=etc,dc=chargepoint,dc=dmz >> bindpw xxxxxxxxxxxxxxxx >> >> ssl start_tls >> tls_cacertfile /etc/ipa/ca.crt >> tls_checkpeer yes >> >> bind_timelimit 5 >> timelimit 15 >> >> uri ldap://ipa1.chargepoint.dmz >> sudoers_base ou=SUDOers,dc=chargepoint,dc=dmz >> sudoers_debug 1 >> >> 2. Modified /etc/nsswitch.conf to fetch sudo details from ldap:- >> sudoers: files ldap >> >> 3. So what I can understand from the above steps is that I am >> interacting directly with the LDAP (389-ds) Server directly (because I >> am not using sss (instead ldap is being used)). > > > What distribution and release number is the client? > > Can you include what you see when you execute a sudo? > > rob > > >> >> >> On Mon, Feb 4, 2013 at 7:50 PM, Rob Crittenden <[email protected]> >> wrote: >>> >>> Fred van Zwieten wrote: >>>> >>>> >>>> Hi, >>>> >>>> ipa-client-install should take care of setting up sudo on the client to >>>> use IPA, afaik. >>>> >>> >>> Not yet, https://fedorahosted.org/freeipa/ticket/3358 >>> >>>> Essential line in nsswitch.conf: >>>> sudoers: files ldap >>>> >>>> Please read here >>>> >>>> >>>> <https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#sudo> >>> >>> >>> >>> Note that the configuration file name is wrong for RHEL 6. You need to >>> use >>> /etc/sudo-ldap.conf. >>> >>> rob >>> >>>> >>>> As for the second question. dc=example,dc=com is, well, an example. >>>> example.com <http://example.com> is used throughout the documentation >>>> >>>> for documentation purposes where a domain name is needed. Please replace >>>> is with you're domain, e.g. dc=yourcompanyname,dc=com >>>> >>>> Met vriendelijke groeten, >>>> * >>>> Fred* >>>> >>>> >>>> >>>> On Mon, Feb 4, 2013 at 7:29 AM, Rajnesh Kumar Siwal >>>> <[email protected] <mailto:[email protected]>> wrote: >>>> >>>> I am planning to use the sudo feature on IPA 2.2. By default the >>>> IPA >>>> client that I configured does not seems to use fetch the sudo user >>>> details. >>>> >>>> It looks that we need to modify nsswitch.conf and ldap.conf to >>>> support it. >>>> >>>> Can sssd take care of fetching the sudo user details ? >>>> >>>> Secondly, I am not able to find the password for >>>> uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com . How do I find it >>>> ? >>>> Will it be safe to change password of this sudo user or it may >>>> impact >>>> the IPA Server ? >>>> >>>> Please suggest. >>>> >>>> >>>> -- >>>> Regards, >>>> Rajnesh Kumar Siwal >>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> [email protected] <mailto:[email protected]> >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> [email protected] >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> >>> >> >> >> > -- Regards, Rajnesh Kumar Siwal _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
