That did the trick. I'll update Puppet accordingly. Thanks, Rob.
Bret On 10/29/2013 10:09 AM, Rob Crittenden wrote:
Bret Wortman wrote:I'm trying to bring some CentOS 6.4 systems into our IPA network, and everything seems to be working find except sudo (which works against all our Fedora-based systems). I've set it up as documented on freeipa.org, and that same config as I said works for Fedora (I have adjusted to use /etc/nslcd.conf on CentOS instead of /etc/ldap.conf). If I remove "files" from /etc/nsswitch.conf, I get the following: $ sudo -iu root sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin I have sudoers_debug set to "1", but this is producing no output that I've been able to find. Not surprising, since it looks like the sudo command itself isn't ever querying ldap at all.... What should I try next?The configuration file you want is /etc/sudo-ldap.conf. See sudoers.ldap(5).Not sure how great an example this is, but this is the one on my 6.4 dev box:binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com bindpw SecretPassword ssl start_tls tls_cacertfile /etc/ipa/ca.crt tls_checkpeer yes bind_timelimit 5 timelimit 15 uri ldap://ipa.example.com sudoers_base ou=SUDOers,dc=example,dc=com sudoers_debug 2 rob
Description: S/MIME Cryptographic Signature
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users