On Wed, 12 Jun 2013, Matt . wrote:
Hi,
A lot of people seem to have problem with Sudo and FreeIPA.
How to enable sudo is described here:
http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
The problem we are facing, also discussed on IRC is that there is looked in
the local sudoers file of the client if the loggedin user may sudo. Of
course the username is not known there.
Not sure what exactly is your problem? Could you please rephrase and
show it with logs again?
If you are using SSSD's sudo integration against IPA server, then here
is what you need to get it working on Fedora 18/19 and RHEL 6.4:
1. install libsss_sudo package
2. Add/change following line to /etc/nsswitch.conf
sudoers: files sss
3. Make sure your /etc/sssd/sssd.conf looks like this example:
http://abbra.fedorapeople.org/.paste/sssd.conf.example
4. Restart sssd
These are the only actions I needed to get sudo working for IPA users on
Fedora 19 and RHEL 6.4.
Please note that
sudoers: files sss
gives you chance to have local users configured in local sudoers. If you
don't want them to be able to use sudo, just change the line in
/etc/nsswitch.conf to
sudoers: sss
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
