Sorry for the confusion about that one ,that client I used to aunthenticate to a pure 389 directory server and I have since changed it to free ipa and below is the correct configuration.
I managed to add the line sudo_provider = ipa and im getting the below error on my client [admin@ironhide postfix]$ sudo vim access [sudo] password for admin: Sorry, user admin is not allowed to execute '/usr/bin/vim access' as root on ironhide.ai.co.zw. [admin@ironhide postfix]$ [root@ironhide ~]# cat /etc/sssd/sssd.conf [domain/ai.co.zw] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = ai.co.zw id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = ironhide.ai.co.zw chpass_provider = ipa ipa_server = _srv_, cyclops.ai.co.zw ldap_tls_cacert = /etc/ipa/ca.crt [sssd] services = nss, sudo, pam, ssh config_file_version = 2 domains = ai.co.zw [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [root@ironhide ~]# -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
