Hi Dmitri,

One follow up question about the management of the SSSD local cache. I've
tried to clean cache entries with the sss_cache utility, but it looks like
this utility is not working. I was able to confirm with ldbsearch that
records for specific entries were not removed from the cache.

This seems to be a bug. I can use ldpdel with a restart of the SSSD daemon,
but just wanted to confirm with you. I suspect you would know more about
this problem.  Unfortunately I wasn't able to find any info yet about this
potential bug.

thanks

Dimitar


On Tue, Dec 17, 2013 at 10:40 PM, Dimitar Georgievski <mitk...@gmail.com>wrote:

> Thanks Dmitri. Those settings for ldap in sssd.conf fixed the issue.
>
> Dimitar
>
>
> On Tue, Dec 17, 2013 at 6:47 PM, Dmitri Pal <d...@redhat.com> wrote:
>
>>  On 12/17/2013 06:34 PM, Dimitar Georgievski wrote:
>>
>> Hi,
>>
>>  I am running FreeIPA 3.3.3 on CentOS 6.5.  Everything works fine except
>> that I have problem enforcing sudo policies on the hosts that are part of
>> the managed domain.
>>
>>  When trying to run the following simple command as a user managed by
>> FreeIPA I got the following response:
>>
>>
>> *> sudo /usr/bin/vim test.txt *
>> *jsmith is not allowed to run sudo on myhost.  This incident will be
>> reported.*
>>
>>   I might have missed in the configuration of the serve or SSSD on the
>> client host.
>>
>>  Is there any guideline for sudo integration with FreeIPA?
>>
>>  The following is the SSSD configuration on the client host:
>>
>>   [domain/example.net]
>>
>>  cache_credentials = True
>> krb5_store_password_if_offline = True
>> ipa_domain = example.net
>> id_provider = ipa
>> auth_provider = ipa
>> access_provider = ipa
>> sudo_provider = ldap
>> ldap_tls_cacert = /etc/ipa/ca.crt
>> ipa_hostname = ipaserver.example.net
>> chpass_provider = ipa
>> ipa_server = _srv_
>> ipa_backup_server = replica.example.net
>>
>>
>>  dns_discovery_domain = example.net
>>
>>
>>
>>  [sssd]
>> services = nss, pam, ssh, sudo
>> config_file_version = 2
>>
>>  domains = example.net
>> [nss]
>>
>>  [pam]
>>
>>  [sudo]
>> debug_level = 0x3ff0
>>
>>  [autofs]
>>
>>  [ssh]
>>
>>  [pac]
>>
>>  Thanks,
>>
>>  Dimitar
>>
>>
>> _______________________________________________
>> Freeipa-users mailing 
>> listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager for IdM portfolio
>> Red Hat Inc.
>>
>>
>> -------------------------------
>> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to