On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
libsss-sudo already installed. Here is my sssd.conf: [domain/ipa.grp] krb5_realm = IPA.GRP cache_credentials = True krb5_store_password_if_offline = True ipa_domain = ipa.grp id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = clnt.ipa.grp chpass_provider = ipa ipa_dyndns_update = True ipa_server = _srv_, srv.ipa.grp ldap_tls_cacert = /etc/ipa/ca.crt [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = ipa.grp
The options below have to be in [domain/...] section:
ldap_sudo_search_base = ou=sudoers,ou=ipa,dc=grp ldap_sasl_mech = GSSAPI ldap=sasl_authid = host/cnlt2.ipa.grp ldap_sasl_realm = IPA.GRP ldap_netgroup_search_base = ou=SUDOers,dc=ipa,dc=grp sudo_provider = ldap ldap_uri = ldap://srv.ipa.grp krb5_server = srv.ipa.grp
-- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
