I am running FreeIPA 3.3.3 on CentOS 6.5.  Everything works fine except
that I have problem enforcing sudo policies on the hosts that are part of
the managed domain.

When trying to run the following simple command as a user managed by
FreeIPA I got the following response:

*> sudo /usr/bin/vim test.txt*
*jsmith is not allowed to run sudo on myhost.  This incident will be

 I might have missed in the configuration of the serve or SSSD on the
client host.

Is there any guideline for sudo integration with FreeIPA?

The following is the SSSD configuration on the client host:


cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.net
id_provider = ipa
auth_provider = ipa
access_provider = ipa
sudo_provider = ldap
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname = ipaserver.example.net
chpass_provider = ipa
ipa_server = _srv_
ipa_backup_server = replica.example.net

dns_discovery_domain = example.net

services = nss, pam, ssh, sudo
config_file_version = 2

domains = example.net


debug_level = 0x3ff0





Freeipa-users mailing list

Reply via email to