Hi,

I am having one of those really annoying pesky troubles.

I add clients to freeipa but the first time I am logging in and trying to
sudo with my freeipa credentials the sudo is not working. If I restart the
SSSD process this usually fixes it but not always. Im going to try and do
some systematic tests and collect some logs but I thought someone might
have a clue.

I noticed that when I was using "ldap_uri = _srv_" vs "ldap_uri =
ldap://address"; I was getting the same problem so I am thinking its a DNS
lookup glitch?

Cheers,

Andrew


[domain/cloud.domain.de]


cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = cloud.domain.de
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = test-freeipa-client-3.cloud.domain.de
chpass_provider = ipa
ipa_dyndns_update = True
#check DNS SRV record for ipa service location.
ipa_server = _srv_
ldap_tls_cacert = /etc/ipa/ca.crt


# For the SUDO integration
sudo_provider = ipa
#ldap_uri = _srv_
#ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=domain,dc=de
#ldap_sasl_mech = GSSAPI
#ldap_sasl_authid = host/test-freeipa-client-3.cloud.domain.de
#ldap_sasl_realm = CLOUD.DOMAIN.DE
#krb5_server = _srv_


debug_level = 9
[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2
domains = cloud.domain.de

debug_level = 9
[nss]
[pam]
[sudo]
[autofs]
[ssh]
[pac]
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to