Bret Wortman wrote:
I'm trying to bring some CentOS 6.4 systems into our IPA network, and
everything seems to be working find except sudo (which works against all
our Fedora-based systems).

I've set it up as documented on freeipa.org, and that same config as I
said works for Fedora (I have adjusted to use /etc/nslcd.conf on CentOS
instead of /etc/ldap.conf). If I remove "files" from /etc/nsswitch.conf,
I get the following:

$ sudo -iu root
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

I have sudoers_debug set to "1", but this is producing no output that
I've been able to find. Not surprising, since it looks like the sudo
command itself isn't ever querying ldap at all....

What should I try next?


The configuration file you want is /etc/sudo-ldap.conf. See sudoers.ldap(5).

Not sure how great an example this is, but this is the one on my 6.4 dev box:

binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
bindpw SecretPassword

ssl start_tls
tls_cacertfile /etc/ipa/ca.crt
tls_checkpeer yes

bind_timelimit 5
timelimit 15

uri ldap://ipa.example.com
sudoers_base ou=SUDOers,dc=example,dc=com

sudoers_debug 2


rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to