> Is this in RHEL based systems only ? On Ubuntu there seems to be still > issues. > > A full printout of the config file(s) would be nice to see as most people > write other things down they have working, but the working ones don't write > their full config down. > > All my systems are CentOS 6.4 so YMMV on Ubuntu - I've not tested any packages for debian based systems...
The full (sanitized for domains) config: [root@backup hogarthj]# cat /etc/sssd/sssd.conf [domain/example.com] cache_credentials = True krb5_store_password_if_offline = True krb5_realm = EXAMPLE.COM ipa_domain = example.com id_provider = ipa auth_provider = ipa access_provider = ipa chpass_provider = ipa ipa_dyndns_update = True ipa_server = _srv_, ipa01.example.com ldap_tls_cacert = /etc/ipa/ca.crt sudo_provider = ldap ldap_sudo_search_base = ou=sudoers,dc=example,dc=com ldap_sasl_mech = GSSAPI [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = example.com [nss] [pam] [sudo] [autofs] [ssh] The only other edit on the system to make this work was adding this line to /etc/nsswitch.conf: sudoers: files sss This system was successfully working with the ldap-sudo.conf method before but of course that had no load balancing and no caching.
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
