I managed to install my ipa client on centos 5 using this command below ipa-client-install --server cyclops.ai.co.zw --domain ai.co.zw
and it worked perfectly , i can getent passwd xxxx for users in the freeIPA server which is good. I am now trying to configure SUDO on centos and there seem to be mixed views on how i can get it working but i have actually embraced the following Use SSSD, don't use nslcd or anything that has pam_ldap or ldapd in the name and here are my configs cat /etc/nsswitch sudoers: files sss cat /etc/sssd/sssd.conf [root@pinnochio ~]# cat /etc/sssd/sssd.conf [sssd] config_file_version = 2 services = nss, pam domains = ai.co.zw [nss] [sudo] [pam] [domain/ai.co.zw] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = ai.co.zw id_provider = ipa auth_provider = ipa access_provider = ipa chpass_provider = ipa ipa_server = _srv_, cyclops.ai.co.zw ldap_tls_cacert = /etc/ipa/ca.crt wanted to add sudo services and ssh services on the Line services = nss, pam and kept getting error (Thu Apr 9 02:04:35 2015) [sssd] [get_monitor_config] (0): Invalid service sudo (Thu Apr 9 02:04:36 2015) [sssd] [get_monitor_config] (0): Invalid service sudo (Thu Apr 9 02:08:27 2015) [sssd] [get_monitor_config] (0): Invalid service sudo (Thu Apr 9 02:08:59 2015) [sssd] [get_monitor_config] (0): Invalid service sudo (Thu Apr 9 02:09:35 2015) [sssd] [get_monitor_config] (0): Invalid service sudo (Thu Apr 9 02:10:05 2015) [sssd] [get_monitor_config] (0): Invalid service ssh i guess there is a different way of configuring SUDO on RHEL 5 or centos 5 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
