Re: [Freeipa-users] How do I create single sudo grpoup for both Centos and Ubuntu?

Wed, 04 May 2016 00:56:22 -0700 

Hi
The problem was unclear for me with ubuntu and altrough in theory everything should work it did not so (checked fiew things that came to mind like kerberos sssd logs pam and figured out some problem with pam sssd integration so i went with the simplest solution (reinstall frreeipa-client on ubuntus) 

I fixed the problem with sudo on ubuntu 14.4 and 16.4 with
ipa-client-install --uninstall
followed by
ipa-client-install --domain=myfqdndomain --principal=admin --mkhomedir

then checking /etc/sssd/sssd.conf if the sudo is in servicess line (it 
was prior to uninstall) and appropiate mod to pam so mkhomedir actualy works

for some reason afer this ubuntus started working
i skiped ubuntu 12.4 or now


currently im trying to get su and su - to work i mean restrict it to 
fiew admin users from ipa and local root.



from other things i observed (not related to the sudo issue i hope) was 
that most of the ubuntu hosts did not register theyr A record on IPA 
wheras all Centos based hosts did (just added missing records for 
ubuntus manually so its not an issue)



Next step after i get su right will be search for a way to get 
virt-manager work over ssh X forwarding for IPA users works for local 
accounts only right now


Regards
Przemysław Orzechowski

W dniu 02.05.2016 o 16:22, Rob Crittenden pisze:

Przemysław Orzechowski wrote:

Hi

Im trying to create a single usergroup for sudo enabled users for both
Centos and Ubuntu users
The problem is on centos its group wheel (10), and on ubuntu its sudo
(27) how do i have tried to do it using ID view but somehow im not
getting it right

btw
Centos clients versions 6.x, 7.x
Ubuntu clients versions 12.04,14.04,16.04
Ipa server is on Centos 7  IPA VERSION: 4.2.0, API_VERSION: 2.156

Regards
Przemyław Orzechowski




But aren't these groups used only if you use files for sudo (and even 
that is just a default)? If you are using IPA to provide the sudo 
rules then the group you choose shouldn't matter.


rob



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project





















					Reply via email to