Hi, The package as you described is installed, the configlines are set as you show it.
This is what I see in auth.log, my sssd_sudo does not show a thing: Jun 12 11:19:16 server sudo: pam_unix(sudo:auth): authentication failure; logname=USERNAME uid=866600006 euid=0 tty=/dev/pts/0 ruser=USERNAME rhost= user=USERNAME Jun 12 11:19:16 server sudo: pam_sss(sudo:auth): User info message: Your password will expire in 89 day(s). Jun 12 11:19:16 server sudo: pam_sss(sudo:auth): authentication success; logname=USERNAME uid=866600006 euid=0 tty=/dev/pts/0 ruser=USERNAME rhost= user=USERNAME Jun 12 11:19:16 server sudo: USERNAME : user NOT in sudoers ; TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/bin/su Jun 12 11:19:16 server sudo: unable to execute /usr/sbin/sendmail: No such file or directory I really cannot figure out what to check more. 2013/6/12 Alexander Bokovoy <aboko...@redhat.com> > On Wed, 12 Jun 2013, Matt . wrote: > >> Hi, >> >> A lot of people seem to have problem with Sudo and FreeIPA. >> >> How to enable sudo is described here: >> >> http://www.freeipa.org/images/**7/77/Freeipa30_SSSD_SUDO_** >> Integration.pdf<http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf> >> >> The problem we are facing, also discussed on IRC is that there is looked >> in >> the local sudoers file of the client if the loggedin user may sudo. Of >> course the username is not known there. >> > Not sure what exactly is your problem? Could you please rephrase and > show it with logs again? > > If you are using SSSD's sudo integration against IPA server, then here > is what you need to get it working on Fedora 18/19 and RHEL 6.4: > > 1. install libsss_sudo package > > 2. Add/change following line to /etc/nsswitch.conf > > sudoers: files sss > > 3. Make sure your /etc/sssd/sssd.conf looks like this example: > http://abbra.fedorapeople.org/**.paste/sssd.conf.example<http://abbra.fedorapeople.org/.paste/sssd.conf.example> > 4. Restart sssd > > These are the only actions I needed to get sudo working for IPA users on > Fedora 19 and RHEL 6.4. > > Please note that sudoers: files sss > gives you chance to have local users configured in local sudoers. If you > don't want them to be able to use sudo, just change the line in > /etc/nsswitch.conf to > sudoers: sss > > > -- > / Alexander Bokovoy >
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users