Hi, I am running FreeIPA 3.3.3 on CentOS 6.5. Everything works fine except that I have problem enforcing sudo policies on the hosts that are part of the managed domain.
When trying to run the following simple command as a user managed by FreeIPA I got the following response: *> sudo /usr/bin/vim test.txt* *jsmith is not allowed to run sudo on myhost. This incident will be reported.* I might have missed in the configuration of the serve or SSSD on the client host. Is there any guideline for sudo integration with FreeIPA? The following is the SSSD configuration on the client host: [domain/example.net] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = example.net id_provider = ipa auth_provider = ipa access_provider = ipa sudo_provider = ldap ldap_tls_cacert = /etc/ipa/ca.crt ipa_hostname = ipaserver.example.net chpass_provider = ipa ipa_server = _srv_ ipa_backup_server = replica.example.net dns_discovery_domain = example.net [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = example.net [nss] [pam] [sudo] debug_level = 0x3ff0 [autofs] [ssh] [pac] Thanks, Dimitar
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users