> On 24 Mar 2016, at 17:21, Ash Alam <aa...@paperlesspost.com> wrote: > > Hello > > I am looking for some guidance on how to properly do sudo with Freeipa. I > have read up on what i need to do but i cant seem to get to work correctly. > Now with sudoers.d i can accomplish this fairly quickly. > > Example: > > %dev ALL=(ALL) NOPASSWD:/usr/bin/chef-client > > What i have configured in Freeipa Sudo Rules: > > Sudo Option: !authenticate > Who: dev (group) > Access this host: testing (group) > Run Commands: set of commands that are defined. > > Now when i apply this, it still does not work as it asks for a password for > the user and then fails. I am hoping to allow a group to only run certain > commands without requiring password. >
You should first find out why sudo fails completely. We have this guide that should help you: https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO About asking for passwords -- defining a special sudo rule called 'defaults' and then adding '!authenticate' should help: Add a special Sudo rule for default Sudo server configuration: ipa sudorule-add defaults Set a default Sudo option: ipa sudorule-add-option defaults --sudooption '!authenticate' -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project