Re: [Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?

Wed, 13 Jul 2016 06:05:08 -0700 

Again what is client version on 6.5?


Sent from my iPhone

> On Jul 13, 2016, at 8:25 AM, Tomas Simecek <simecek.to...@gmail.com> wrote:
> 
> Thanks for your information Lukas,
> I have changed sudo_provider to ipa, restarted sssd and no difference.
> Logfile still says "Access granted by HBAC rule..." and sudo says 
> simecek.to...@sd-stc.cz is not allowed to run sudo on zp-cml-test.
> 
> Btw. man sssd-sudo says: 
> The following example shows how to configure SSSD to download
> sudo rules from an LDAP server.
> 
>            [sssd]
>            config_file_version = 2
>            services = nss, pam, sudo
>            domains = EXAMPLE
> 
>            [domain/EXAMPLE]
>            id_provider = ldap
> 
> so I am not that sure what should be set on my version of sssd.
> 
> Any idea?
> 
> Thanks
> 
> T.
> 
> 2016-07-13 13:44 GMT+02:00 Lukas Slebodnik <lsleb...@redhat.com>:
>> On (13/07/16 13:36), Tomas Simecek wrote:
>> >Lukas,
>> >yes, I went through that guide and I configured sssd.conf as per the doc
>> >(you can see it in the beginning of the thread).
>> >
>> >Actually the installation is:
>> >[root@zp-cml-test sssd]# cat /etc/redhat-release
>> >CentOS release 6.6 (Final)
>> >
>> >and versions are:
>> >[root@zp-cml-test sssd]# rpm -qa |grep sssd
>> >sssd-proxy-1.11.6-30.el6.x86_64
>> >sssd-common-pac-1.11.6-30.el6.x86_64
>> >sssd-ipa-1.11.6-30.el6.x86_64
>> >sssd-1.11.6-30.el6.x86_64
>> >sssd-common-1.11.6-30.el6.x86_64
>> >sssd-ad-1.11.6-30.el6.x86_64
>> >sssd-ldap-1.11.6-30.el6.x86_64
>> >python-sssdconfig-1.11.6-30.el6.noarch
>> >sssd-krb5-common-1.11.6-30.el6.x86_64
>> >sssd-krb5-1.11.6-30.el6.x86_64
>> >sssd-client-1.11.6-30.el6.x86_64
>> >
>> 1.11 has sudo_provider=ipa
>> 
>> @see instructions in man sssd-sudo how to configure it.
>> It should avoid issues with two different providers (ipa and ldap)
>> 
>> >
>> >There are some reasons why not to upgrade to later versions, believe me, I
>> >would do it if I could :-)
>> >
>> You can at least try to upgrade sssd from 6.8 if you do not want
>> to upgrade whole OS.
>> 
>> LS
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to