IPA client details are :-
[rsiwal@gw1-test ~]$ rpm -qa|grep -i -w ipa
ipa-client-2.1.3-5.el5_9.2
[rsiwal@gw1-test ~]$ cat /etc/redhat-release
CentOS release 5.6 (Final)
[rsiwal@gw1-test ~]$ uname -a
Linux gw1-test 2.6.18-238.el5 #1 SMP Thu Jan 13 15:51:15 EST 2011
x86_64 x86_64 x86_64 GNU/Linux


On Mon, Feb 4, 2013 at 9:37 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
> Rajnesh Kumar Siwal wrote:
>>
>> Hi Rob,
>>
>> This is the way I configured it:-
>> 1. Added the details in /etc/ldap.conf :-
>> binddn uid=sudo,cn=sysaccounts,cn=etc,dc=chargepoint,dc=dmz
>> bindpw xxxxxxxxxxxxxxxx
>>
>> ssl start_tls
>> tls_cacertfile /etc/ipa/ca.crt
>> tls_checkpeer yes
>>
>> bind_timelimit 5
>> timelimit 15
>>
>> uri ldap://ipa1.chargepoint.dmz
>> sudoers_base ou=SUDOers,dc=chargepoint,dc=dmz
>> sudoers_debug 1
>>
>> 2. Modified /etc/nsswitch.conf to fetch sudo details from ldap:-
>> sudoers:    files ldap
>>
>> 3. So what I can understand from the above steps is that I am
>> interacting directly with the LDAP (389-ds) Server directly (because I
>> am not using sss (instead ldap is being used)).
>
>
> What distribution and release number is the client?
>
> Can you include what you see when you execute a sudo?
>
> rob
>
>
>>
>>
>> On Mon, Feb 4, 2013 at 7:50 PM, Rob Crittenden <rcrit...@redhat.com>
>> wrote:
>>>
>>> Fred van Zwieten wrote:
>>>>
>>>>
>>>> Hi,
>>>>
>>>> ipa-client-install should take care of setting up sudo on the client to
>>>> use IPA, afaik.
>>>>
>>>
>>> Not yet, https://fedorahosted.org/freeipa/ticket/3358
>>>
>>>> Essential line in nsswitch.conf:
>>>> sudoers:    files ldap
>>>>
>>>> Please read here
>>>>
>>>>
>>>> <https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#sudo>
>>>
>>>
>>>
>>> Note that the configuration file name is wrong for RHEL 6. You need to
>>> use
>>> /etc/sudo-ldap.conf.
>>>
>>> rob
>>>
>>>>
>>>> As for the second question. dc=example,dc=com is, well, an example.
>>>> example.com <http://example.com> is used throughout the documentation
>>>>
>>>> for documentation purposes where a domain name is needed. Please replace
>>>> is with you're domain, e.g. dc=yourcompanyname,dc=com
>>>>
>>>> Met vriendelijke groeten,
>>>> *
>>>> Fred*
>>>>
>>>>
>>>>
>>>> On Mon, Feb 4, 2013 at 7:29 AM, Rajnesh Kumar Siwal
>>>> <rajnesh.si...@gmail.com <mailto:rajnesh.si...@gmail.com>> wrote:
>>>>
>>>>      I am planning to use the sudo feature on IPA 2.2. By default the
>>>> IPA
>>>>      client that I configured does not seems to use fetch the sudo user
>>>>      details.
>>>>
>>>>      It looks that we need to modify nsswitch.conf and ldap.conf to
>>>>      support it.
>>>>
>>>>      Can sssd take care of fetching the sudo user details ?
>>>>
>>>>      Secondly, I am not able to find the password for
>>>>      uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com . How do I find it
>>>> ?
>>>>      Will it be safe to change password of this sudo user or it may
>>>> impact
>>>>      the IPA Server ?
>>>>
>>>>      Please suggest.
>>>>
>>>>
>>>>      --
>>>>      Regards,
>>>>      Rajnesh Kumar Siwal
>>>>
>>>>      _______________________________________________
>>>>      Freeipa-users mailing list
>>>>      Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
>>>>      https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users@redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>>>
>>
>>
>>
>



-- 
Regards,
Rajnesh Kumar Siwal

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to