If you have SSSD 1.9.6 or newer all the sudo configuration boils down to including 'sss' for 'sudoers' in nsswitch.conf and sudo_provider=ipa in sssd.conf.
You also need a reasonably recent sudo itself. Posting versions of SSSD and sudo would help. ----- Original Message ----- From: "Gonzalo Fernandez Ordas" <[email protected]> To: "Rob Crittenden" <[email protected]>, [email protected] Cc: [email protected] Sent: Thursday, 26 March, 2015 6:21:19 AM Subject: Re: [Freeipa-users] Ubuntu sssd client -- FreeIPA Server fed from AD I have to test a few options to see how I can overcome that issue. A pity as I nearly got everything setup in full. Any findings I will get back to the list as this might be relevant for other users. On 25/03/2015 19:56, Rob Crittenden wrote: > Gonzalo Fernandez Ordas wrote: >> Exactly the document i was having a look at. >> In simple words,is possible to work this around and how,? >> Otherwise i have to drop freeipa and get back to 389_ds as still seems >> fully ldap sssd compatible. >> >> Have you got any doc clearly stating how to get this done? >> I really invested many days on reaching this far being sudo the last >> tiny bit to get sorted which is hugely frustrated. > How to configure sudo largely depends on the version of SSSD you have in > Ubuntu. I'm not sure how configuring SSSD is going to affect your choice > of server though. If you still use SSSD the same problem will exist > regardless, right? > > rob > >> Thanks for all the support >> Sent from Type Mail <http://r.typeapp.com> >> >> On Mar 25, 2015, at 5:35 PM, Dmitri Pal <[email protected] >> <mailto:[email protected]>> wrote: >> >> On 03/25/2015 08:32 PM, [email protected] wrote: >> >> Hi >> >> I am setting up a plain and simple sssd service against my FreeIPA >> Server. >> The FreeIPA Server is a Centos 7.1 box with IPA version 4.1 and the >> client box is ubuntu: Ubuntu 12.04.5 LTS >> >> The Users and Credentials are being Synched out of an AD Server >> (the >> passwords happened to be transferred using the PassSync Service) >> >> Now.. I wanted to setup a very simple sssd service (not the FreeIPA >> client service) >> And so far I succeeded on synching the users along with the >> passwords >> using SSSD. >> >> Now, Trying to get the sudo access sorted I cannot see that >> working, >> and I came across some documentation mentioning SSSD is NOT >> currently >> supporting IPA schema for the SUDOers >> if that is the case >> >> Can anybody point me to the right document or procedure in terms of >> getting also the sudoers installed? >> >> Would be possible , somehow, to have this sorted WITHOUT using the >> ipa-client? >> >> many thanks! >> >> >> >> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf >> >> >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
