Hi Dmitri, One follow up question about the management of the SSSD local cache. I've tried to clean cache entries with the sss_cache utility, but it looks like this utility is not working. I was able to confirm with ldbsearch that records for specific entries were not removed from the cache.
This seems to be a bug. I can use ldpdel with a restart of the SSSD daemon, but just wanted to confirm with you. I suspect you would know more about this problem. Unfortunately I wasn't able to find any info yet about this potential bug. thanks Dimitar On Tue, Dec 17, 2013 at 10:40 PM, Dimitar Georgievski <mitk...@gmail.com>wrote: > Thanks Dmitri. Those settings for ldap in sssd.conf fixed the issue. > > Dimitar > > > On Tue, Dec 17, 2013 at 6:47 PM, Dmitri Pal <d...@redhat.com> wrote: > >> On 12/17/2013 06:34 PM, Dimitar Georgievski wrote: >> >> Hi, >> >> I am running FreeIPA 3.3.3 on CentOS 6.5. Everything works fine except >> that I have problem enforcing sudo policies on the hosts that are part of >> the managed domain. >> >> When trying to run the following simple command as a user managed by >> FreeIPA I got the following response: >> >> >> *> sudo /usr/bin/vim test.txt * >> *jsmith is not allowed to run sudo on myhost. This incident will be >> reported.* >> >> I might have missed in the configuration of the serve or SSSD on the >> client host. >> >> Is there any guideline for sudo integration with FreeIPA? >> >> The following is the SSSD configuration on the client host: >> >> [domain/example.net] >> >> cache_credentials = True >> krb5_store_password_if_offline = True >> ipa_domain = example.net >> id_provider = ipa >> auth_provider = ipa >> access_provider = ipa >> sudo_provider = ldap >> ldap_tls_cacert = /etc/ipa/ca.crt >> ipa_hostname = ipaserver.example.net >> chpass_provider = ipa >> ipa_server = _srv_ >> ipa_backup_server = replica.example.net >> >> >> dns_discovery_domain = example.net >> >> >> >> [sssd] >> services = nss, pam, ssh, sudo >> config_file_version = 2 >> >> domains = example.net >> [nss] >> >> [pam] >> >> [sudo] >> debug_level = 0x3ff0 >> >> [autofs] >> >> [ssh] >> >> [pac] >> >> Thanks, >> >> Dimitar >> >> >> _______________________________________________ >> Freeipa-users mailing >> listFreeipafirstname.lastname@example.org://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager for IdM portfolio >> Red Hat Inc. >> >> >> ------------------------------- >> Looking to carve out IT costs?www.redhat.com/carveoutcosts/ >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipaemail@example.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> > >
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users