If you have SSSD 1.9.6 or newer all the sudo configuration boils down to including 'sss' for 'sudoers' in nsswitch.conf and sudo_provider=ipa in sssd.conf.
You also need a reasonably recent sudo itself. Posting versions of SSSD and sudo would help. ----- Original Message ----- From: "Gonzalo Fernandez Ordas" <g.fer.or...@unicyber.co.uk> To: "Rob Crittenden" <rcrit...@redhat.com>, d...@redhat.com Cc: email@example.com Sent: Thursday, 26 March, 2015 6:21:19 AM Subject: Re: [Freeipa-users] Ubuntu sssd client -- FreeIPA Server fed from AD I have to test a few options to see how I can overcome that issue. A pity as I nearly got everything setup in full. Any findings I will get back to the list as this might be relevant for other users. On 25/03/2015 19:56, Rob Crittenden wrote: > Gonzalo Fernandez Ordas wrote: >> Exactly the document i was having a look at. >> In simple words,is possible to work this around and how,? >> Otherwise i have to drop freeipa and get back to 389_ds as still seems >> fully ldap sssd compatible. >> >> Have you got any doc clearly stating how to get this done? >> I really invested many days on reaching this far being sudo the last >> tiny bit to get sorted which is hugely frustrated. > How to configure sudo largely depends on the version of SSSD you have in > Ubuntu. I'm not sure how configuring SSSD is going to affect your choice > of server though. If you still use SSSD the same problem will exist > regardless, right? > > rob > >> Thanks for all the support >> Sent from Type Mail <http://r.typeapp.com> >> >> On Mar 25, 2015, at 5:35 PM, Dmitri Pal <d...@redhat.com >> <mailto:d...@redhat.com>> wrote: >> >> On 03/25/2015 08:32 PM, g.fer.or...@unicyber.co.uk wrote: >> >> Hi >> >> I am setting up a plain and simple sssd service against my FreeIPA >> Server. >> The FreeIPA Server is a Centos 7.1 box with IPA version 4.1 and the >> client box is ubuntu: Ubuntu 12.04.5 LTS >> >> The Users and Credentials are being Synched out of an AD Server >> (the >> passwords happened to be transferred using the PassSync Service) >> >> Now.. I wanted to setup a very simple sssd service (not the FreeIPA >> client service) >> And so far I succeeded on synching the users along with the >> passwords >> using SSSD. >> >> Now, Trying to get the sudo access sorted I cannot see that >> working, >> and I came across some documentation mentioning SSSD is NOT >> currently >> supporting IPA schema for the SUDOers >> if that is the case >> >> Can anybody point me to the right document or procedure in terms of >> getting also the sudoers installed? >> >> Would be possible , somehow, to have this sorted WITHOUT using the >> ipa-client? >> >> many thanks! >> >> >> >> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf >> >> >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project