Thanks Dmitri. Those settings for ldap in sssd.conf fixed the issue. Dimitar
On Tue, Dec 17, 2013 at 6:47 PM, Dmitri Pal <[email protected]> wrote: > On 12/17/2013 06:34 PM, Dimitar Georgievski wrote: > > Hi, > > I am running FreeIPA 3.3.3 on CentOS 6.5. Everything works fine except > that I have problem enforcing sudo policies on the hosts that are part of > the managed domain. > > When trying to run the following simple command as a user managed by > FreeIPA I got the following response: > > > *> sudo /usr/bin/vim test.txt * > *jsmith is not allowed to run sudo on myhost. This incident will be > reported.* > > I might have missed in the configuration of the serve or SSSD on the > client host. > > Is there any guideline for sudo integration with FreeIPA? > > The following is the SSSD configuration on the client host: > > [domain/example.net] > > cache_credentials = True > krb5_store_password_if_offline = True > ipa_domain = example.net > id_provider = ipa > auth_provider = ipa > access_provider = ipa > sudo_provider = ldap > ldap_tls_cacert = /etc/ipa/ca.crt > ipa_hostname = ipaserver.example.net > chpass_provider = ipa > ipa_server = _srv_ > ipa_backup_server = replica.example.net > > > dns_discovery_domain = example.net > > > > [sssd] > services = nss, pam, ssh, sudo > config_file_version = 2 > > domains = example.net > [nss] > > [pam] > > [sudo] > debug_level = 0x3ff0 > > [autofs] > > [ssh] > > [pac] > > Thanks, > > Dimitar > > > _______________________________________________ > Freeipa-users mailing > [email protected]https://www.redhat.com/mailman/listinfo/freeipa-users > > > http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs?www.redhat.com/carveoutcosts/ > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
