> Is this in RHEL based systems only ? On Ubuntu there seems to be still
> issues.
> A full printout of the config file(s) would be nice to see as most people
> write other things down they have working, but the working ones don't write
> their full config down.
All my systems are CentOS 6.4 so YMMV on Ubuntu - I've not tested any
packages for debian based systems...

The full (sanitized for domains) config:

[root@backup hogarthj]# cat /etc/sssd/sssd.conf

cache_credentials = True
krb5_store_password_if_offline = True
krb5_realm = EXAMPLE.COM
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_dyndns_update = True
ipa_server = _srv_, ipa01.example.com
ldap_tls_cacert = /etc/ipa/ca.crt
sudo_provider = ldap
ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
ldap_sasl_mech = GSSAPI

services = nss, pam, ssh, sudo
config_file_version = 2

domains = example.com





The only other edit on the system to make this work was adding this line to

sudoers: files sss

This system was successfully working with the ldap-sudo.conf method before
but of course that had no load balancing and no caching.
Freeipa-users mailing list

Reply via email to