On Mon, Aug 25, 2014 at 06:51:27AM -0400, Megan . wrote:
> Good Morning,
> I'm very new to freeIPA.  I'm running centOS 6.5 with freeIPA v3
> I have the freeIPA server up but i'm working on getting SUDO
> configured.  Currently i'm having problems getting sudo commands to
> work on the client.  I'm a bit unclear if i have everything configured
> correctly.  The only thing that I can figure out might be an issue, is
> when i try the sudo command i see a filter search with
> objectclass=sudoRule but when i check the ldap server it has

These two searches are unrelated. The sudoRule objectlass is what we use
internally in sssd cache. On the LDAP side, sudoRole is used.

In general, only the [domain] process works with LDAP data, all others
(nss, pam, sudo, ...) work with cached data that might look totally

> objectclass=sudoRole, so there are no results.
> Any ideas?  Thank you in advance for any advice.

Can you put debug_level into the domain section as well and increase the
debug_level of both to 7?

> [tuser2@map1 ~]$ sudo /sbin/iptables -L
> Enter RSA PIN+token:
> tuser2 is not allowed to run sudo on map1.  This incident will be reported.
> yum installed libsss_sudo
> I added "nisdomainname dir1.server.example.com" to /etc/rc.d/rc.local
> **still not sure what this is for **
> Created a sudo user on ldap server
> ldappasswd -x -S -W -h dir1.server.example.com -ZZ -D "cn=Directory
> Manager" uid=sudo,cn=sysaccounts,cn=etc,dc=server,dc=example,dc=com
> **

The config file looks good to me.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to