On (07/04/15 12:57), Jakub Hrozek wrote: >On Tue, Apr 07, 2015 at 12:48:37PM +0200, Chamambo Martin wrote: >> Sorry for the confusion about that one ,that client I used to aunthenticate >> to a pure 389 directory server and I have since changed it to free ipa and >> below is the correct configuration. >> >> I managed to add the line sudo_provider = ipa and im getting the below error >> on my client > >I don't see it added to the config. > It's not necessary to add "sudo_provider = ipa" into domain section. because if sudo_provider is not specified then it is automatically inherited from "id_provider".
It is described in documentation  (point 4) and also in the manual page sssd-sudo. IIRC ipa-client-install should configure all necessary things on rhel 7.1 >If it's added, the next steps would be to add debug_level to the sudo >and domain sections. https://fedorahosted.org/sssd/wiki/Troubleshooting >has some notes on gathering the debug logs. > +1 LS  https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/Configuring_Services.html#configuring-sssd-sudo -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project