On (01/09/14 17:52), Tevfik Ceydeliler wrote: > >1. I think I configure instead of this document Sorry you didn't.
>2. I can login with ordinary user login and sudo are not the same think. My FreeIPA server is alredy properly configured with sudo rules. I tried to install freipa-client on ubuntu 14.04 and it owrked without any problem. >>Step 0: Install freipa-client on ubuntu 14.04 and configure sudo integration root@ubuntu1404:/# ipa-client-install --no-ntp root@ubuntu1404:/# echo "sudoers: files sss" >> /etc/nsswitch.conf root@ubuntu1404:/# grep services /etc/sssd/sssd.conf services = nss, pam root@ubuntu1404:/# sed -i -e 's/\(services.*\)/\1, sudo/' /etc/sssd/sssd.conf root@ubuntu1404:/# grep services /etc/sssd/sssd.conf services = nss, pam, sudo >>Step 1: configure sudo rules for ordinary user >> Please follow the instructions from FreeIPA documentation. >> http://www.freeipa.org/docs/master/html-desktop/index.html#sudo >> This step was skipped, becuase it was already done few months ago :-) >>Step 2: login to machine as ordinary user, which is allowed to use sudo. $ su usersssd01 Password: $ id uid=325600011(usersssd01) gid=325600011(usersssd01) groups=325600011(usersssd01),30011(biggroup1) >>Step 3: run command >> sudo -l >> // this command should show you which commands can be executed as root >> // with sudo $ sudo -l sudo: unable to resolve host ubuntu1404.example.test [sudo] password for usersssd01: Matching Defaults entries for usersssd01 on ubuntu1404: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin User usersssd01 may run the following commands on ubuntu1404: (root) /usr/bin/less, /usr/bin/vim >>Step 4: If there weren't any problems then user will be able to run command. >> sudo some_command_listed_in_step3 $ sudo /usr/bin/less /etc/shadow | wc -l 21 $ echo $? 0 $ sudo apt-get install mc Sorry, user usersssd01 is not allowed to execute '/usr/bin/apt-get install mc' as root on ubuntu.example.test. $ echo $? 1 LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project