Sorry for the confusion about that one ,that client I used to aunthenticate
to a pure 389 directory server and I have since changed it to free ipa and
below is the correct configuration.

I managed to add the line sudo_provider = ipa and im getting the below error
on my client

[admin@ironhide postfix]$ sudo vim access
[sudo] password for admin: 
Sorry, user admin is not allowed to execute '/usr/bin/vim access' as root on
[admin@ironhide postfix]$

[root@ironhide ~]# cat /etc/sssd/sssd.conf 

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain =
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname =
chpass_provider = ipa
ipa_server = _srv_,
ldap_tls_cacert = /etc/ipa/ca.crt
services = nss, sudo, pam, ssh
config_file_version = 2

domains =
homedir_substring = /home







[root@ironhide ~]#

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to