Hi Lukas,
After you warned me, I reinstall IPA server and client, and replica.
After that I did your directives shown below.
Everything looked ok.
I got output like you tell.
But after couple of hours later I try to conenct client host by using ssh and test again.
ANd suprise! client again cant use sudo.

What happened??

On 01-09-2014 19:05, Lukas Slebodnik wrote:
On (01/09/14 17:52), Tevfik Ceydeliler wrote:
1. I think I configure instead of this document
Sorry you didn't.

2. I can login with ordinary user
login and sudo are not the same think.

My FreeIPA server is alredy properly configured with sudo rules.
I tried to install freipa-client on ubuntu 14.04 and it owrked without any
problem.

Step 0: Install freipa-client on ubuntu 14.04 and configure sudo integration
root@ubuntu1404:/# ipa-client-install --no-ntp
root@ubuntu1404:/# echo "sudoers: files sss" >> /etc/nsswitch.conf

root@ubuntu1404:/# grep services /etc/sssd/sssd.conf
services = nss, pam
root@ubuntu1404:/# sed -i -e 's/\(services.*\)/\1, sudo/' /etc/sssd/sssd.conf
root@ubuntu1404:/# grep services /etc/sssd/sssd.conf
services = nss, pam, sudo

Step 1: configure sudo rules for ordinary user
     Please follow the instructions from FreeIPA documentation.
     http://www.freeipa.org/docs/master/html-desktop/index.html#sudo

   This step was skipped, becuase it was already done few months ago :-)

Step 2: login to machine as ordinary user, which is allowed to use sudo.
$ su usersssd01
Password:
$ id
uid=325600011(usersssd01) gid=325600011(usersssd01) 
groups=325600011(usersssd01),30011(biggroup1)

Step 3: run command
     sudo -l
     // this command should show you which commands can be executed as root
     // with sudo
$ sudo -l
sudo: unable to resolve host ubuntu1404.example.test
[sudo] password for usersssd01:
Matching Defaults entries for usersssd01 on ubuntu1404:
     env_reset, mail_badpass,
     
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin

User usersssd01 may run the following commands on ubuntu1404:
     (root) /usr/bin/less, /usr/bin/vim

Step 4: If there weren't any problems then user will be able to run command.
     sudo some_command_listed_in_step3
$ sudo /usr/bin/less /etc/shadow | wc -l
21
$ echo $?
0

$ sudo apt-get install mc
Sorry, user usersssd01 is not allowed to execute '/usr/bin/apt-get install mc' 
as root on ubuntu.example.test.
$ echo $?
1

LS

--


<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg";> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece 
adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi 
ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi 
dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar 
ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail 
and any files transmitted with it are intended solely for the use of the 
individual or entity to whom they are addressed and Yasar Group Companies do 
not accept legal responsibility for the contents. If you are not the intended 
recipient, please immediately notify the sender and delete it from your system.
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to