On Wed, 16 Sep 2015, Gustavo Mateus wrote:
Hi,
I have an IPA server running on redhat and I'm trying find the best way to
get my amazon linux instances to use it for authentication, ssh key
management and sudo rules.
I'm now trying to use SSSD to achieve those goals. Authentication is
working but I'm having problems to get the user public ssh keys using
/usr/bin/sss_ssh_authorizedkeys.
This is my sssd.conf:
[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2
domains = default
re_expression = (?P<name>.+)
[domain/default]
debug_level = 8
cache_credentials = True
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://ipa.my.domain.com
ldap_search_base = cn=compat,dc=my,dc=domain,dc=com
ldap_tls_cacert = /etc/openldap/cacerts/ipa.crt
ldap_user_ssh_public_key = ipaSshPubKey
The original configuration was done using ipa-advise ipa-advise
config-redhat-sssd-before-1-9. I just hanged the services parameter to
include "ssh, sudo" and "ldap_user_ssh_public_key"
Change your ldap_search_base to 'cn=accounts,dc=my,dc=domain,dc=com'
ipa-advise recipes are templates, mostly to allow old non-RFC2307bis
clients to be configured. You have SSSD, it supports RFC2307bis.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
