Hi,

The package as you described is installed, the configlines are set as you
show it.

This is what I see in auth.log, my sssd_sudo does not show a thing:

Jun 12 11:19:16 server sudo: pam_unix(sudo:auth): authentication failure;
logname=USERNAME uid=866600006 euid=0 tty=/dev/pts/0 ruser=USERNAME rhost=
user=USERNAME
Jun 12 11:19:16 server sudo: pam_sss(sudo:auth): User info message: Your
password will expire in 89 day(s).
Jun 12 11:19:16 server sudo: pam_sss(sudo:auth): authentication success;
logname=USERNAME uid=866600006 euid=0 tty=/dev/pts/0 ruser=USERNAME rhost=
user=USERNAME
Jun 12 11:19:16 server sudo: USERNAME : user NOT in sudoers ; TTY=pts/0 ;
PWD=/ ; USER=root ; COMMAND=/bin/su
Jun 12 11:19:16 server sudo: unable to execute /usr/sbin/sendmail: No such
file or directory

I really cannot figure out what to check more.


2013/6/12 Alexander Bokovoy <aboko...@redhat.com>

> On Wed, 12 Jun 2013, Matt . wrote:
>
>> Hi,
>>
>> A lot of people seem to have problem with Sudo and FreeIPA.
>>
>> How to enable sudo is described here:
>>
>> http://www.freeipa.org/images/**7/77/Freeipa30_SSSD_SUDO_**
>> Integration.pdf<http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf>
>>
>> The problem we are facing, also discussed on IRC is that there is looked
>> in
>> the local sudoers file of the client if the loggedin user may sudo. Of
>> course the username is not known there.
>>
> Not sure what exactly is your problem? Could you please rephrase and
> show it with logs again?
>
> If you are using SSSD's sudo integration against IPA server, then here
> is what you need to get it working on Fedora 18/19 and RHEL 6.4:
>
> 1. install libsss_sudo package
>
> 2. Add/change following line to /etc/nsswitch.conf
>
> sudoers: files sss
>
> 3. Make sure your /etc/sssd/sssd.conf looks like this example:
> http://abbra.fedorapeople.org/**.paste/sssd.conf.example<http://abbra.fedorapeople.org/.paste/sssd.conf.example>
> 4. Restart sssd
>
> These are the only actions I needed to get sudo working for IPA users on
> Fedora 19 and RHEL 6.4.
>
> Please note that    sudoers: files sss
> gives you chance to have local users configured in local sudoers. If you
> don't want them to be able to use sudo, just change the line in
> /etc/nsswitch.conf to
>    sudoers: sss
>
>
> --
> / Alexander Bokovoy
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to