I restart client after change sssd.conf.

On 02-09-2014 11:13, Lukas Slebodnik wrote:
On (02/09/14 11:02), Tevfik Ceydeliler wrote:
Step 0
root@clnt:/home/awtadm# grep sudoers /etc/nsswitch.conf
sudoers_debug:    1
sudoers: files sss

root@clnt:/home/awtadm# ipa-client-install --no-ntp
IPA client is already configured on this system.

root@clnt:/home/awtadm# grep services /etc/sssd/sssd.conf
services = nss, pam, ssh, sudo

You need to restart sssd after modification of option "services" in
/etc/sssd/sssd.conf. I forgot to mention it.

Step1 (there is some problem when create rule on CLI. No problem prompt on
Web-based)
...
[root@srv ~]# ipa sudorule-add-option readfiles
Sudo Option: !authenticate
ipa: ERROR: no such entry

...
Then:
awtadm@clnt:~$ su user1
Password:
uid=1423400004(user1) gid=1423400004(user1) groups=1423400004(user1)
user1@clnt:/home/awtadm$ sudo -l
[sudo] password for user1:
Sorry, user user1 may not run sudo on clnt.
There is no reason to try sudo commands if "sudo -l" fails.

It works for me on ubuntu 14.04. It is very likely you have problem
on FreeIPA Server. Other people can help you with server part,
I could help you just with client configuration.
(From my point of view, problem is solved)

One more time, please follow instructions:
     http://www.freeipa.org/docs/master/html-desktop/index.html#sudo

LS

--


<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg";> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece 
adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi 
ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi 
dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar 
ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail 
and any files transmitted with it are intended solely for the use of the 
individual or entity to whom they are addressed and Yasar Group Companies do 
not accept legal responsibility for the contents. If you are not the intended 
recipient, please immediately notify the sender and delete it from your system.
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to