Again what is client version on 6.5?
Sent from my iPhone > On Jul 13, 2016, at 8:25 AM, Tomas Simecek <simecek.to...@gmail.com> wrote: > > Thanks for your information Lukas, > I have changed sudo_provider to ipa, restarted sssd and no difference. > Logfile still says "Access granted by HBAC rule..." and sudo says > simecek.to...@sd-stc.cz is not allowed to run sudo on zp-cml-test. > > Btw. man sssd-sudo says: > The following example shows how to configure SSSD to download > sudo rules from an LDAP server. > > [sssd] > config_file_version = 2 > services = nss, pam, sudo > domains = EXAMPLE > > [domain/EXAMPLE] > id_provider = ldap > > so I am not that sure what should be set on my version of sssd. > > Any idea? > > Thanks > > T. > > 2016-07-13 13:44 GMT+02:00 Lukas Slebodnik <lsleb...@redhat.com>: >> On (13/07/16 13:36), Tomas Simecek wrote: >> >Lukas, >> >yes, I went through that guide and I configured sssd.conf as per the doc >> >(you can see it in the beginning of the thread). >> > >> >Actually the installation is: >> >[root@zp-cml-test sssd]# cat /etc/redhat-release >> >CentOS release 6.6 (Final) >> > >> >and versions are: >> >[root@zp-cml-test sssd]# rpm -qa |grep sssd >> >sssd-proxy-1.11.6-30.el6.x86_64 >> >sssd-common-pac-1.11.6-30.el6.x86_64 >> >sssd-ipa-1.11.6-30.el6.x86_64 >> >sssd-1.11.6-30.el6.x86_64 >> >sssd-common-1.11.6-30.el6.x86_64 >> >sssd-ad-1.11.6-30.el6.x86_64 >> >sssd-ldap-1.11.6-30.el6.x86_64 >> >python-sssdconfig-1.11.6-30.el6.noarch >> >sssd-krb5-common-1.11.6-30.el6.x86_64 >> >sssd-krb5-1.11.6-30.el6.x86_64 >> >sssd-client-1.11.6-30.el6.x86_64 >> > >> 1.11 has sudo_provider=ipa >> >> @see instructions in man sssd-sudo how to configure it. >> It should avoid issues with two different providers (ipa and ldap) >> >> > >> >There are some reasons why not to upgrade to later versions, believe me, I >> >would do it if I could :-) >> > >> You can at least try to upgrade sssd from 6.8 if you do not want >> to upgrade whole OS. >> >> LS > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project