I managed to install my ipa client on centos 5 using this command below

 ipa-client-install --server cyclops.ai.co.zw --domain ai.co.zw


and it worked perfectly , i can getent passwd xxxx for users in the freeIPA 
server which is good.

I am now trying to configure SUDO on centos and there seem to be mixed views on 
how i can get it working but i have actually embraced the following 

Use SSSD, don't use nslcd or anything that has pam_ldap or ldapd in the name

and here are my configs 

cat /etc/nsswitch

sudoers:  files sss


cat /etc/sssd/sssd.conf 

[root@pinnochio ~]# cat /etc/sssd/sssd.conf 
[sssd]
config_file_version = 2
services = nss, pam


domains = ai.co.zw
[nss]

[sudo]

[pam]


[domain/ai.co.zw]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ai.co.zw
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_server = _srv_, cyclops.ai.co.zw
ldap_tls_cacert = /etc/ipa/ca.crt


wanted to add sudo services and ssh services on the Line services = nss, pam 
and kept getting error 

(Thu Apr  9 02:04:35 2015) [sssd] [get_monitor_config] (0): Invalid service sudo
(Thu Apr  9 02:04:36 2015) [sssd] [get_monitor_config] (0): Invalid service sudo
(Thu Apr  9 02:08:27 2015) [sssd] [get_monitor_config] (0): Invalid service sudo
(Thu Apr  9 02:08:59 2015) [sssd] [get_monitor_config] (0): Invalid service sudo
(Thu Apr  9 02:09:35 2015) [sssd] [get_monitor_config] (0): Invalid service sudo
(Thu Apr  9 02:10:05 2015) [sssd] [get_monitor_config] (0): Invalid service ssh


i guess there is a different way of configuring SUDO on RHEL 5 or centos 5


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to