I correct that line.
But still same:
tevfik@Darktower ~ $ ssh user1@10.1.1.174
user1@10.1.1.174's password:
Permission denied, please try again.
user1@10.1.1.174's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-24-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

Last login: Mon Sep  1 13:47:08 2014 from 10.65.8.100
user1@clnt:~$ su - user1 apt-get install
Password:
/usr/bin/apt-get: /usr/bin/apt-get: cannot execute binary file

Does anyone have an article about ubuntu+ipa entegration?

On 01-09-2014 14:18, Alexander Bokovoy wrote:
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:

I moved those lines. But still same.
As Jakub pointed out, following option also is wrong:

ldap=sasl_authid = host/cnlt2.ipa.grp

it should be

ldap_sasl_authid = host/cnlt2.ipa.grp

note _ instead of = between ldap and sasl.

On 01-09-2014 12:20, Alexander Bokovoy wrote:
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:

libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.grp
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = clnt.ipa.grp
chpass_provider = ipa
ipa_dyndns_update = True
ipa_server = _srv_, srv.ipa.grp
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2
domains = ipa.grp

The options below have to be in [domain/...] section:
ldap_sudo_search_base = ou=sudoers,ou=ipa,dc=grp
ldap_sasl_mech = GSSAPI
ldap=sasl_authid = host/cnlt2.ipa.grp
ldap_sasl_realm = IPA.GRP
ldap_netgroup_search_base = ou=SUDOers,dc=ipa,dc=grp
sudo_provider = ldap
ldap_uri = ldap://srv.ipa.grp
krb5_server = srv.ipa.grp


--


<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg";> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.


--


<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg";> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece 
adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi 
ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi 
dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar 
ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail 
and any files transmitted with it are intended solely for the use of the 
individual or entity to whom they are addressed and Yasar Group Companies do 
not accept legal responsibility for the contents. If you are not the intended 
recipient, please immediately notify the sender and delete it from your system.
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to