> On 24 Mar 2016, at 17:21, Ash Alam <aa...@paperlesspost.com> wrote:
> I am looking for some guidance on how to properly do sudo with Freeipa. I
> have read up on what i need to do but i cant seem to get to work correctly.
> Now with sudoers.d i can accomplish this fairly quickly.
> %dev ALL=(ALL) NOPASSWD:/usr/bin/chef-client
> What i have configured in Freeipa Sudo Rules:
> Sudo Option: !authenticate
> Who: dev (group)
> Access this host: testing (group)
> Run Commands: set of commands that are defined.
> Now when i apply this, it still does not work as it asks for a password for
> the user and then fails. I am hoping to allow a group to only run certain
> commands without requiring password.
You should first find out why sudo fails completely. We have this guide that
should help you:
About asking for passwords -- defining a special sudo rule called 'defaults'
and then adding '!authenticate' should help:
Add a special Sudo rule for default Sudo server configuration:
ipa sudorule-add defaults
Set a default Sudo option:
ipa sudorule-add-option defaults --sudooption '!authenticate'
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project