> Is this in RHEL based systems only ? On Ubuntu there seems to be still
> issues.
>
> A full printout of the config file(s) would be nice to see as most people
> write other things down they have working, but the working ones don't write
> their full config down.
>
>
All my systems are CentOS 6.4 so YMMV on Ubuntu - I've not tested any
packages for debian based systems...

The full (sanitized for domains) config:

[root@backup hogarthj]# cat /etc/sssd/sssd.conf
[domain/example.com]

cache_credentials = True
krb5_store_password_if_offline = True
krb5_realm = EXAMPLE.COM
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_dyndns_update = True
ipa_server = _srv_, ipa01.example.com
ldap_tls_cacert = /etc/ipa/ca.crt
sudo_provider = ldap
ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
ldap_sasl_mech = GSSAPI



[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2

domains = example.com
[nss]

[pam]

[sudo]

[autofs]

[ssh]

The only other edit on the system to make this work was adding this line to
/etc/nsswitch.conf:

sudoers: files sss


This system was successfully working with the ldap-sudo.conf method before
but of course that had no load balancing and no caching.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to