We already have a bug filed: https://bugzilla.redhat.com/show_bug.cgi?id=924395
This should be fixed along with ticket adding sudo configuration support to ipa-client-install: https://fedorahosted.org/freeipa/ticket/3358 Martin On 03/22/2013 07:13 AM, Brian Cook wrote: > no problem, thanks for trying! I just figured it out. > > yum -y install libsss_sudo fixed it. Should this package be a dependency that > gets pulled in when IPA client is installed? shall I file a bug? > > Thanks, > Brian > > --- > Brian Cook > Solutions Architect, Red Hat, Inc. > 407-212-7079 > > > > On Mar 21, 2013, at 8:50 PM, Brian Cook <bc...@redhat.com > <mailto:bc...@redhat.com>> wrote: > >> Those packages are installed. The second part is against what I am trying to >> accomplish. My sudo rule is already created in IPA. I just need SSSD to >> fetch it. >> >> Thanks, >> Brian >> >> >> On Mar 21, 2013, at 8:37 PM, John Moyer <john.mo...@digitalreasoning.com >> <mailto:john.mo...@digitalreasoning.com>> wrote: >> >>> I had sudo issues similar to this, I can't remember the exact fix. I have >>> the following two things in my notes. The second command would obviously >>> need you to add the people you want to be able to sudo to the admins group >>> after you add this. >>> >>> yum install ipa-client fprintd-pam -y >>> echo "%admins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers >>> >>> >>> Thanks, >>> _____________________________________________________ >>> John Moyer >>> >>> >>> On Mar 21, 2013, at 11:27 PM, Brian Cook <bc...@redhat.com >>> <mailto:bc...@redhat.com>> wrote: >>> >>>> Running F18 and following the instructions here: >>>> http://jhrozek.fedorapeople.org/sssd/1.9.1/man/sssd-sudo.5.html >>>> >>>> When I try to run sudo -l as any user I get the following error: >>>> >>>> bash-4.2$ sudo -l >>>> sudo: Unable to dlopen /usr/lib64/libsss_sudo.so: (null) >>>> sudo: Unable to initialize SSS source. Is SSSD installed on your machine? >>>> >>>> >>>> Nothing particularly interesting in the log with debug at 5. >>>> >>>> Can someone point me in the right direction? >>>> >>>> Thanks, >>>> Brian >>>> >>>> >>>> sssd.conf: >>>> >>>> [domain/example.com <http://example.com/>] >>>> debug_level = 5 >>>> cache_credentials = True >>>> krb5_store_password_if_offline = True >>>> ipa_domain = example.com <http://example.com/> >>>> id_provider = ipa >>>> auth_provider = ipa >>>> access_provider = ipa >>>> ipa_hostname = ipadevel.example.com <http://ipadevel.example.com/> >>>> chpass_provider = ipa >>>> ipa_server = ipadevel.example.com <http://ipadevel.example.com/> >>>> ldap_tls_cacert = /etc/ipa/ca.crt >>>> >>>> sudo_provider = ldap >>>> ldap_uri = ldap://ipadevel.example.com >>>> ldap_sudo_search_base = ou=sudoers,dc=example,dc=com >>>> ldap_sasl_mech = GSSAPI >>>> ldap_sasl_authid = host/ipadevel.example.com <http://ipadevel.example.com/> >>>> ldap_sasl_realm = EXAMPLE.COM <http://example.com/> >>>> krb5_server = ipadevel.example.com <http://ipadevel.example.com/> >>>> >>>> >>>> [sssd] >>>> services = nss, pam, ssh, sudo >>>> config_file_version = 2 >>>> domains = example.com <http://example.com/> >>>> >>>> [nss] >>>> >>>> [pam] >>>> >>>> [sudo] >>>> debug_level=5 >>>> >>>> [autofs] >>>> >>>> [ssh] >>>> >>>> [pac] >>>> >>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com> >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com> >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users