On Fri, 17 Oct 2014, Vaclav Adamec wrote:
Hi,
is there any valid documentation/setup to get sudo working?
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/example-configuring-sudo.html
is not usable, modification of another files are needed to get at least
attempts to ldap (for example on CentOS /etc/sudo-ldap.conf). Other
documentation or googled setup seems to sometimes mixture of not very
compatible settings.
So far all attempts fails, if you want to see actual setup and state see
public gist -
https://gist.github.com/VAdamec/58880b3bb476a0b826e6#file-freeipa-403-debug-log
Any help would be appreciated, also if there is any public
training/certification please get me know (I found only RedHat which is
based on older versions)
FreeIPA 4.0.3 has sudo configuration integrated into ipa-client-install
by default. If you don't want to use that, you can run
ipa-client-install --no-sudo.
Now, I'm confused by your logs. They are a mixture of unrelated things:
- you have nslcd and sssd configured at the same time. Why?
- you don't need to configure /etc/sudo-ldap.conf if you are using
sssd.
As Dmitri said, configuration described in
http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
and also covered in SSSD manual pages, sssd-sudo(5). In particular, it
says since sssd 1.10.0:
-----------
When the SSSD is configured to use IPA as the ID provider, the sudo
provider is automatically enabled. The sudo search base is configured to
use the compat tree (ou=sudoers,$DC).
-----------
Prior to that it included detailed configuration how to set up sudo for
SSSD with IPA provider.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
