OK :)
No panic for my self :)
I found what was wrong. now ok.
Thnx so much
On 17-09-2014 14:53, Lukas Slebodnik wrote:
On (17/09/14 13:57), Tevfik Ceydeliler wrote:
Hi Lukas,
After you warned me, I reinstall IPA server and client, and replica.
After that I did your directives shown below.
Is there any article to describe how to configure ubuntu client for ipa
and sudo policy?
On 02-09-2014 11:13, Lukas Slebodnik wrote:
On (02/09/14 11:02), Tevfik Ceydeliler wrote:
Step 0
root@clnt:/home/awtadm# grep sudoers /etc/nsswitch.conf
sudoers_debug:1
sudoers: files sss
On (08/09/14 11:24), Tevfik Ceydeliler wrote:
Is there any article to describe how to configure ubuntu client for ipa and
sudo policy?
I have already described steps in this thread.
It works for me. You did the same steps. It means there is problem on server
side.
LS
--
Manage your
Step 0
root@clnt:/home/awtadm# grep sudoers /etc/nsswitch.conf
sudoers_debug:1
sudoers: files sss
root@clnt:/home/awtadm# ipa-client-install --no-ntp
IPA client is already configured on this system.
root@clnt:/home/awtadm# grep services /etc/sssd/sssd.conf
services = nss, pam, ssh, sudo
On (02/09/14 11:02), Tevfik Ceydeliler wrote:
Step 0
root@clnt:/home/awtadm# grep sudoers /etc/nsswitch.conf
sudoers_debug:1
sudoers: files sss
root@clnt:/home/awtadm# ipa-client-install --no-ntp
IPA client is already configured on this system.
root@clnt:/home/awtadm# grep services
I restart client after change sssd.conf.
On 02-09-2014 11:13, Lukas Slebodnik wrote:
On (02/09/14 11:02), Tevfik Ceydeliler wrote:
Step 0
root@clnt:/home/awtadm# grep sudoers /etc/nsswitch.conf
sudoers_debug:1
sudoers: files sss
root@clnt:/home/awtadm# ipa-client-install --no-ntp
IPA
Hi
sssd_sudo.log is attached
But there is no log about sssd_domain_name.log (In my case sssd_ipa.grp.log)
On 29-08-2014 16:14, Jakub Hrozek wrote:
On Fri, Aug 29, 2014 at 03:07:08PM +0200, Jakub Hrozek wrote:
On Fri, Aug 29, 2014 at 03:45:38PM +0300, Tevfik Ceydeliler wrote:
this package is
Client side:
sssd -- 1.11.5
sudo -- 1.8.9p5-1ubuntu1 (sudo-ldap package conflicts)
OS -- Ubuntu 14.04.1 LTS
On 29-08-2014 17:53, Lukas Slebodnik wrote:
On (29/08/14 17:37), Tevfik Ceydeliler wrote:
Thnx for document. I know this.
I think there is no problem abot configuration generally.
On (01/09/14 09:59), Tevfik Ceydeliler wrote:
Client side:
sssd -- 1.11.5
sudo -- 1.8.9p5-1ubuntu1 (sudo-ldap package conflicts)
Thats good. The package sudo-ldap is not compiled with sssd support.
OS -- Ubuntu 14.04.1 LTS
Do you have installed package libsss-sudo.
Could you show us your
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.grp
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = clnt.ipa.grp
chpass_provider = ipa
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.grp
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname =
On Mon, Sep 01, 2014 at 12:20:21PM +0300, Alexander Bokovoy wrote:
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.grp
I moved those lines. But still same.
On 01-09-2014 12:20, Alexander Bokovoy wrote:
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
I moved those lines. But still same.
As Jakub pointed out, following option also is wrong:
ldap=sasl_authid = host/cnlt2.ipa.grp
it should be
ldap_sasl_authid = host/cnlt2.ipa.grp
note _ instead of = between ldap and sasl.
On 01-09-2014
On (01/09/14 12:20), Alexander Bokovoy wrote:
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.grp
id_provider = ipa
I correct that line.
But still same:
tevfik@Darktower ~ $ ssh user1@10.1.1.174
user1@10.1.1.174's password:
Permission denied, please try again.
user1@10.1.1.174's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-24-generic x86_64)
* Documentation: https://help.ubuntu.com/
Last
On (01/09/14 15:38), Tevfik Ceydeliler wrote:
I correct that line.
But still same:
tevfik@Darktower ~ $ ssh user1@10.1.1.174
user1@10.1.1.174's password:
Permission denied, please try again.
user1@10.1.1.174's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-24-generic x86_64)
*
Actually All I wanna do is , give permission to user to use some
commanf. for example apt-get or something else.
I Think I can do it with IPA
right?
On 01-09-2014 15:42, Lukas Slebodnik wrote:
ogin: Mon Sep 1 13:47:08 2014 from 10.65.8.100
user1@clnt:~$ su - user1 apt-get install
Password:
On (01/09/14 15:48), Tevfik Ceydeliler wrote:
Actually All I wanna do is , give permission to user to use some commanf. for
example apt-get or something else.
I Think I can do it with IPA
right?
Yes, but you need to use sudo.
Step 1: configure sudo rules for ordinary user
Please follow the
On Mon, Sep 1, 2014 at 2:48 PM, Tevfik Ceydeliler
tevfik.ceydeli...@astron.yasar.com.tr wrote:
Actually All I wanna do is , give permission to user to use some commanf.
for example apt-get or something else.
I Think I can do it with IPA
right?
sure, I do it all the time. But Lukas was
I think something wrong or miss in ym configuration:
user1@clnt:~$ sudo /usr/bin/apt-get install
[sudo] password for user1:
user1 is not allowed to run sudo on clnt. This incident will be reported.
On 01-09-2014 16:05, Natxo Asenjo wrote:
On Mon, Sep 1, 2014 at 2:48 PM, Tevfik Ceydeliler
1. I think I configure instead of this document
2. I can login with ordinary user
3.
Irun the command:
ssh user1@10.1.1.174
user1@10.1.1.174's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-24-generic x86_64)
* Documentation: https://help.ubuntu.com/
Last login: Mon Sep 1
On (01/09/14 17:52), Tevfik Ceydeliler wrote:
1. I think I configure instead of this document
Sorry you didn't.
2. I can login with ordinary user
login and sudo are not the same think.
My FreeIPA server is alredy properly configured with sudo rules.
I tried to install freipa-client on ubuntu
On Fri, Aug 29, 2014 at 09:30:55AM +0300, Tevfik Ceydeliler wrote:
Here is my configuration adn client output. I dont know what is wrong
Please keep the freeipa-users list in the CC list; other users might run
into the same problem.
===
ok sorry.
On 29-08-2014 11:27, Jakub Hrozek wrote:
On Fri, Aug 29, 2014 at 09:30:55AM +0300, Tevfik Ceydeliler wrote:
Here is my configuration adn client output. I dont know what is wrong
Please keep the freeipa-users list in the CC list; other users might run
into the same problem.
I moved these configuration lines under [domain] section. Then reboot
the client. But same result..
On 29-08-2014 11:27, Jakub Hrozek wrote:
On Fri, Aug 29, 2014 at 09:30:55AM +0300, Tevfik Ceydeliler wrote:
Here is my configuration adn client output. I dont know what is wrong
Please keep
On Fri, Aug 29, 2014 at 01:15:28PM +0300, Tevfik Ceydeliler wrote:
I moved these configuration lines under [domain] section. Then reboot the
client. But same result..
Please make sure libsss_sudo is installed. If it is, then we need to see
the logs from the [sudo] and [domain] sections of
this package is installed
root@clnt:/home/awtadm# apt-get install libsss-sudo
Reading package lists... Done
Building dependency tree
Reading state information... Done
libsss-sudo is already the newest version.
libsss-sudo set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and
On Fri, Aug 29, 2014 at 03:45:38PM +0300, Tevfik Ceydeliler wrote:
this package is installed
root@clnt:/home/awtadm# apt-get install libsss-sudo
Reading package lists... Done
Building dependency tree
Reading state information... Done
libsss-sudo is already the newest version.
On Fri, Aug 29, 2014 at 03:07:08PM +0200, Jakub Hrozek wrote:
On Fri, Aug 29, 2014 at 03:45:38PM +0300, Tevfik Ceydeliler wrote:
this package is installed
root@clnt:/home/awtadm# apt-get install libsss-sudo
Reading package lists... Done
Building dependency tree
Reading state
On (28/08/14 14:15), Tevfik Ceydeliler wrote:
Hi,
I try to apply sudo policies on ubuntu client.
Is there any examples how to apply it?
Regards...
You may be interested in this presentation.
http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
LS
--
Manage your subscription
Thnx for document. I know this.
I think there is no problem abot configuration generally. Maybe some
nish details.
Problem is why dont work in my test env.
On 29-08-2014 16:44, Lukas Slebodnik wrote:
On (28/08/14 14:15), Tevfik Ceydeliler wrote:
Hi,
I try to apply sudo policies on ubuntu
On (29/08/14 17:37), Tevfik Ceydeliler wrote:
Thnx for document. I know this.
I think there is no problem abot configuration generally. Maybe some nish
details.
Problem is why dont work in my test env.
Could you write more details about version of sssd, sudo?
Which ubuntu release do you use?
Hi,
I try to apply sudo policies on ubuntu client.
Is there any examples how to apply it?
Regards...
--
br
img src=http://www.yasar.com.tr/banner/yhbanner.jpg; /img
brbr
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece
adres sahip/sahiplerine ait olup, Yasar
On Thu, Aug 28, 2014 at 02:15:43PM +0300, Tevfik Ceydeliler wrote:
Hi,
I try to apply sudo policies on ubuntu client.
Is there any examples how to apply it?
Regards...
Depends on your sssd and sudo versions but in general I don't think
there are any Ubuntu-specific issues.
As long as you
35 matches
Mail list logo
