Hi
The problem was unclear for me with ubuntu and altrough in theory
everything should work it did not so (checked fiew things that came to
mind like kerberos sssd logs pam and figured out some problem with pam
sssd integration so i went with the simplest solution (reinstall
frreeipa-client on ubuntus)
I fixed the problem with sudo on ubuntu 14.4 and 16.4 with
ipa-client-install --uninstall
followed by
ipa-client-install --domain=myfqdndomain --principal=admin --mkhomedir
then checking /etc/sssd/sssd.conf if the sudo is in servicess line (it
was prior to uninstall) and appropiate mod to pam so mkhomedir actualy works
for some reason afer this ubuntus started working
i skiped ubuntu 12.4 or now
currently im trying to get su and su - to work i mean restrict it to
fiew admin users from ipa and local root.
from other things i observed (not related to the sudo issue i hope) was
that most of the ubuntu hosts did not register theyr A record on IPA
wheras all Centos based hosts did (just added missing records for
ubuntus manually so its not an issue)
Next step after i get su right will be search for a way to get
virt-manager work over ssh X forwarding for IPA users works for local
accounts only right now
Regards
Przemysław Orzechowski
W dniu 02.05.2016 o 16:22, Rob Crittenden pisze:
Przemysław Orzechowski wrote:
Hi
Im trying to create a single usergroup for sudo enabled users for both
Centos and Ubuntu users
The problem is on centos its group wheel (10), and on ubuntu its sudo
(27) how do i have tried to do it using ID view but somehow im not
getting it right
btw
Centos clients versions 6.x, 7.x
Ubuntu clients versions 12.04,14.04,16.04
Ipa server is on Centos 7 IPA VERSION: 4.2.0, API_VERSION: 2.156
Regards
Przemyław Orzechowski
But aren't these groups used only if you use files for sudo (and even
that is just a default)? If you are using IPA to provide the sudo
rules then the group you choose shouldn't matter.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project