Thanks Dmitri. Those settings for ldap in sssd.conf fixed the issue.

Dimitar


On Tue, Dec 17, 2013 at 6:47 PM, Dmitri Pal <d...@redhat.com> wrote:

>  On 12/17/2013 06:34 PM, Dimitar Georgievski wrote:
>
> Hi,
>
>  I am running FreeIPA 3.3.3 on CentOS 6.5.  Everything works fine except
> that I have problem enforcing sudo policies on the hosts that are part of
> the managed domain.
>
>  When trying to run the following simple command as a user managed by
> FreeIPA I got the following response:
>
>
> *> sudo /usr/bin/vim test.txt *
> *jsmith is not allowed to run sudo on myhost.  This incident will be
> reported.*
>
>   I might have missed in the configuration of the serve or SSSD on the
> client host.
>
>  Is there any guideline for sudo integration with FreeIPA?
>
>  The following is the SSSD configuration on the client host:
>
>   [domain/example.net]
>
>  cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = example.net
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> sudo_provider = ldap
> ldap_tls_cacert = /etc/ipa/ca.crt
> ipa_hostname = ipaserver.example.net
> chpass_provider = ipa
> ipa_server = _srv_
> ipa_backup_server = replica.example.net
>
>
>  dns_discovery_domain = example.net
>
>
>
>  [sssd]
> services = nss, pam, ssh, sudo
> config_file_version = 2
>
>  domains = example.net
> [nss]
>
>  [pam]
>
>  [sudo]
> debug_level = 0x3ff0
>
>  [autofs]
>
>  [ssh]
>
>  [pac]
>
>  Thanks,
>
>  Dimitar
>
>
> _______________________________________________
> Freeipa-users mailing 
> listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to