Lukas, yes, I went through that guide and I configured sssd.conf as per the doc (you can see it in the beginning of the thread).
Actually the installation is: [root@zp-cml-test sssd]# cat /etc/redhat-release CentOS release 6.6 (Final) and versions are: [root@zp-cml-test sssd]# rpm -qa |grep sssd sssd-proxy-1.11.6-30.el6.x86_64 sssd-common-pac-1.11.6-30.el6.x86_64 sssd-ipa-1.11.6-30.el6.x86_64 sssd-1.11.6-30.el6.x86_64 sssd-common-1.11.6-30.el6.x86_64 sssd-ad-1.11.6-30.el6.x86_64 sssd-ldap-1.11.6-30.el6.x86_64 python-sssdconfig-1.11.6-30.el6.noarch sssd-krb5-common-1.11.6-30.el6.x86_64 sssd-krb5-1.11.6-30.el6.x86_64 sssd-client-1.11.6-30.el6.x86_64 There are some reasons why not to upgrade to later versions, believe me, I would do it if I could :-) T. 2016-07-13 13:27 GMT+02:00 Lukas Slebodnik <lsleb...@redhat.com>: > On (13/07/16 11:18), Tomas Simecek wrote: > >Dear freeIPA gurus, > >in previous thread ( > >https://www.redhat.com/archives/freeipa-users/2016-July/msg00046.html) > you > >helped me make sudo working for AD users on Centos 7.0 ( > >spcss-2t-www.linuxdomain.cz). > >It was caused by not knowing sudo needs to be enabled in HBAC rules. > >Now it works properly on Centos 7.0 client. > >But it does not work on Centos 6.5 (zp-cml-test.linuxdomain.cz) with the > >same sssd.conf setup. > >Error message is always: > > > A) I would not recommend to use such obsolete distribution as CentOS 6.5 > There is quite old version of sssd (1.9.x) which has some bugs which > are solved in later versions. Better would be use the latest CentOS 6.8 > or at least CentOS 6.7 > > B) Have you tried to follow instructions > https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO > > Please provide any comments how we can improve troubleshooting wiki. > > LS >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project