I am having problems with sudo and using _srv_ in the sssd config.

This works:

# For the SUDO integration

sudo_provider = ldap

ldap_uri = ldap://test-freeipa-1.cloud.domain.de

ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=native-instruments,dc=de

ldap_sasl_mech = GSSAPI

ldap_sasl_authid = host/test-freeipa-client-3.cloud.domain.de

ldap_sasl_realm = CLOUD.DOMAIN.DE

krb5_server = test-freeipa-2.cloud.domain.de


This does not work:

# For the SUDO integration

sudo_provider = ldap

ldap_uri = _srv_

ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=domain,dc=de

ldap_sasl_mech = GSSAPI

ldap_sasl_authid = host/test-freeipa-client-3.cloud.domain.de

ldap_sasl_realm = CLOUD.DOMAIN.DE

krb5_server = _srv_


Thanks,

Andrew


On 19 March 2015 at 10:29, Jakub Hrozek <jhro...@redhat.com> wrote:

> On Thu, Mar 19, 2015 at 08:42:42AM +0100, Andrew Holway wrote:
> > Cool stuff. Thanks.
> >
> > I had a look at our SRV records and found the following:
> > _kerberos-master._tcp
> > _kerberos-master._udp
> > _kerberos._tcp
> > _kerberos._udp
> > _kpasswd._tcp
> > _kpasswd._udp
> > _ldap._tcp
> > _ntp._udp
> >
> > No mention of and ipa srv records. Does sssd use _ldap._tcp?
>
> Yes, for the IPA back end it does.
>
> For the AD back end we use the special MS records for looking up sites
> or Global Catalog servers, but for IPA we stick to the standard
> services.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to