Not sure if I am missing any bit.... but this was the thing in the end:
I managed to have it working and I have documented all those nasty bits
which might save people's time. The whole weekend gone but for the less
has been productive.
I am including the SUDO bit which is usually a pain in my experience..
On 2015-03-26 08:31, Jakub Hrozek wrote:
If you have SSSD 1.9.6 or newer all the sudo configuration boils down
to including 'sss' for 'sudoers' in nsswitch.conf and
sudo_provider=ipa in sssd.conf.
You also need a reasonably recent sudo itself. Posting versions of
SSSD and sudo would help.
----- Original Message -----
From: "Gonzalo Fernandez Ordas" <g.fer.or...@unicyber.co.uk>
To: "Rob Crittenden" <rcrit...@redhat.com>, d...@redhat.com
Sent: Thursday, 26 March, 2015 6:21:19 AM
Subject: Re: [Freeipa-users] Ubuntu sssd client -- FreeIPA Server fed
I have to test a few options to see how I can overcome that issue.
A pity as I nearly got everything setup in full.
Any findings I will get back to the list as this might be relevant for
On 25/03/2015 19:56, Rob Crittenden wrote:
Gonzalo Fernandez Ordas wrote:
How to configure sudo largely depends on the version of SSSD you have
Ubuntu. I'm not sure how configuring SSSD is going to affect your
Exactly the document i was having a look at.
In simple words,is possible to work this around and how,?
Otherwise i have to drop freeipa and get back to 389_ds as still
fully ldap sssd compatible.
Have you got any doc clearly stating how to get this done?
I really invested many days on reaching this far being sudo the last
tiny bit to get sorted which is hugely frustrated.
of server though. If you still use SSSD the same problem will exist
Thanks for all the support
Sent from Type Mail <http://r.typeapp.com>
On Mar 25, 2015, at 5:35 PM, Dmitri Pal <d...@redhat.com
On 03/25/2015 08:32 PM, g.fer.or...@unicyber.co.uk wrote:
I am setting up a plain and simple sssd service against my
The FreeIPA Server is a Centos 7.1 box with IPA version 4.1
client box is ubuntu: Ubuntu 12.04.5 LTS
The Users and Credentials are being Synched out of an AD
passwords happened to be transferred using the PassSync
Now.. I wanted to setup a very simple sssd service (not the
And so far I succeeded on synching the users along with the
Now, Trying to get the sudo access sorted I cannot see that
and I came across some documentation mentioning SSSD is NOT
supporting IPA schema for the SUDOers
if that is the case
Can anybody point me to the right document or procedure in
getting also the sudoers installed?
Would be possible , somehow, to have this sorted WITHOUT
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project