On (08/04/15 09:25), Chamambo Martin wrote:
>I am running FreeIPA, version: 4.1.0 and everything is working well except
ipa-client-install on CentOS 7.1 should configure sudo by default.
>I have 3 questions
> 1: I have configured the bare minimum sudo configuration without
>hostgroups and netgroups , just sudo commands and sudo command groups that
>have been added as sudo rules .....this should work right
and sudo rules with netgroups shuld work on CentOS 7.1 as well
because nisdomainname should be configured.
> 2: I have centos 6.6 and redhat 6.6 clients using the sssd
>service ,is that enough for sudo to work if the configs are as below
>sudoers: files sss
>cache_credentials = True
>krb5_store_password_if_offline = True
>ipa_domain = ai.co.zw
>id_provider = ipa
>auth_provider = ipa
>access_provider = ipa
>ipa_hostname = ironhide.ai.co.zw
>chpass_provider = ipa
>ipa_server = _srv_, cyclops.ai.co.zw
>ldap_tls_cacert = /etc/ipa/ca.crt
>services = nss, sudo, pam, ssh
>config_file_version = 2
>domains = ai.co.zw
>homedir_substring = /home
The default value of this option is "/home"
You can remove it. Where did you find it?
If you do not use netgroups (or hostgroups) in sudo rules
then this configuration should work on rhel 6.6 (sssd >= 1.10)
The same steps are decribed in manual page sssd-sudo.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project