Those packages are installed.  The second part is against what I am trying to 
accomplish.  My sudo rule is already created in IPA.  I just need SSSD to fetch 
it.

Thanks,
Brian


On Mar 21, 2013, at 8:37 PM, John Moyer <john.mo...@digitalreasoning.com> wrote:

> I had sudo issues similar to this, I can't remember the exact fix.  I have 
> the following two things in my notes.  The second command would obviously 
> need you to add the people you want to be able to sudo to the admins group 
> after you add this.  
> 
> yum install ipa-client fprintd-pam -y
> echo "%admins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
> 
> 
> Thanks, 
> _____________________________________________________
> John Moyer
> 
> 
> On Mar 21, 2013, at 11:27 PM, Brian Cook <bc...@redhat.com> wrote:
> 
>> Running F18 and following the instructions here:
>> http://jhrozek.fedorapeople.org/sssd/1.9.1/man/sssd-sudo.5.html
>> 
>> When I try to run sudo -l as any user I get the following error:
>> 
>> bash-4.2$ sudo -l
>> sudo: Unable to dlopen /usr/lib64/libsss_sudo.so: (null)
>> sudo: Unable to initialize SSS source. Is SSSD installed on your machine?
>> 
>> 
>> Nothing particularly interesting in the log with debug at 5.
>> 
>> Can someone point me in the right direction?
>> 
>> Thanks,
>> Brian
>> 
>> 
>> sssd.conf:
>> 
>> [domain/example.com]
>> debug_level = 5
>> cache_credentials = True
>> krb5_store_password_if_offline = True
>> ipa_domain = example.com
>> id_provider = ipa
>> auth_provider = ipa
>> access_provider = ipa
>> ipa_hostname = ipadevel.example.com
>> chpass_provider = ipa
>> ipa_server = ipadevel.example.com
>> ldap_tls_cacert = /etc/ipa/ca.crt
>> 
>> sudo_provider = ldap
>> ldap_uri = ldap://ipadevel.example.com
>> ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
>> ldap_sasl_mech = GSSAPI
>> ldap_sasl_authid = host/ipadevel.example.com
>> ldap_sasl_realm = EXAMPLE.COM
>> krb5_server = ipadevel.example.com
>> 
>> 
>> [sssd]
>> services = nss, pam, ssh, sudo
>> config_file_version = 2
>> domains = example.com
>> 
>> [nss]
>> 
>> [pam]
>> 
>> [sudo]
>> debug_level=5
>> 
>> [autofs]
>> 
>> [ssh]
>> 
>> [pac]
>> 
>> 
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> 

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to