Hey Guys

Not sure if I am missing any bit.... but this was the thing in the end:


I managed to have it working and I have documented all those nasty bits which might save people's time. The whole weekend gone but for the less has been productive.

I am including the SUDO bit which is usually a pain in my experience..


On 2015-03-26 08:31, Jakub Hrozek wrote:
If you have SSSD 1.9.6 or newer all the sudo configuration boils down
to including 'sss' for 'sudoers' in nsswitch.conf and
sudo_provider=ipa in sssd.conf.

You also need a reasonably recent sudo itself. Posting versions of
SSSD and sudo would help.

----- Original Message -----
From: "Gonzalo Fernandez Ordas" <g.fer.or...@unicyber.co.uk>
To: "Rob Crittenden" <rcrit...@redhat.com>, d...@redhat.com
Cc: freeipa-users@redhat.com
Sent: Thursday, 26 March, 2015 6:21:19 AM
Subject: Re: [Freeipa-users] Ubuntu sssd client -- FreeIPA Server fed from AD

I have to test a few options to see how I can overcome that issue.
A pity as I nearly got everything setup in full.
Any findings I will get back to the list as this might be relevant for
other users.

On 25/03/2015 19:56, Rob Crittenden wrote:
Gonzalo Fernandez Ordas wrote:
Exactly the document i was having a look at.
In simple words,is possible to work this around and how,?
Otherwise i have to drop freeipa and get back to 389_ds as still seems
fully ldap sssd compatible.

Have you got any doc clearly stating how to get this done?
I really invested many days on reaching this far being  sudo the last
tiny bit to get sorted which is hugely frustrated.
How to configure sudo largely depends on the version of SSSD you have in Ubuntu. I'm not sure how configuring SSSD is going to affect your choice
of server though. If you still use SSSD the same problem will exist
regardless, right?


Thanks for all the support
Sent from Type Mail <http://r.typeapp.com>

On Mar 25, 2015, at 5:35 PM, Dmitri Pal <d...@redhat.com
<mailto:d...@redhat.com>> wrote:

     On 03/25/2015 08:32 PM, g.fer.or...@unicyber.co.uk wrote:


I am setting up a plain and simple sssd service against my FreeIPA
The FreeIPA Server is a Centos 7.1 box with IPA version 4.1 and the
         client box is ubuntu: Ubuntu 12.04.5 LTS

The Users and Credentials are being Synched out of an AD Server
passwords happened to be transferred using the PassSync Service)

Now.. I wanted to setup a very simple sssd service (not the FreeIPA
         client service)
         And so far I succeeded on synching the users along with the
         using SSSD.

         Now, Trying to get the sudo access sorted I cannot see that
         and I came across some documentation mentioning SSSD is NOT
         supporting IPA schema for the SUDOers
         if that is the case

Can anybody point me to the right document or procedure in terms of
         getting also the sudoers installed?

Would be possible , somehow, to have this sorted WITHOUT using the

         many thanks!


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to