Hi,
I try to apply sudo policies on ubuntu client.
Is there any examples how to apply it?
Regards...
--
br
img src=http://www.yasar.com.tr/banner/yhbanner.jpg; /img
brbr
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece
adres sahip/sahiplerine ait olup, Yasar
ok sorry.
On 29-08-2014 11:27, Jakub Hrozek wrote:
On Fri, Aug 29, 2014 at 09:30:55AM +0300, Tevfik Ceydeliler wrote:
Here is my configuration adn client output. I dont know what is wrong
Please keep the freeipa-users list in the CC list; other users might run
into the same problem
I moved these configuration lines under [domain] section. Then reboot
the client. But same result..
On 29-08-2014 11:27, Jakub Hrozek wrote:
On Fri, Aug 29, 2014 at 09:30:55AM +0300, Tevfik Ceydeliler wrote:
Here is my configuration adn client output. I dont know what is wrong
Please keep
and 15 not upgraded.
sssd_sudo and sssd_domain logs are empty under /var/log/sssd
On 29-08-2014 14:23, Jakub Hrozek wrote:
On Fri, Aug 29, 2014 at 01:15:28PM +0300, Tevfik Ceydeliler wrote:
I moved these configuration lines under [domain] section. Then reboot the
client. But same result..
Please
Thnx for document. I know this.
I think there is no problem abot configuration generally. Maybe some
nish details.
Problem is why dont work in my test env.
On 29-08-2014 16:44, Lukas Slebodnik wrote:
On (28/08/14 14:15), Tevfik Ceydeliler wrote:
Hi,
I try to apply sudo policies on ubuntu
Hi
sssd_sudo.log is attached
But there is no log about sssd_domain_name.log (In my case sssd_ipa.grp.log)
On 29-08-2014 16:14, Jakub Hrozek wrote:
On Fri, Aug 29, 2014 at 03:07:08PM +0200, Jakub Hrozek wrote:
On Fri, Aug 29, 2014 at 03:45:38PM +0300, Tevfik Ceydeliler wrote:
this package
Client side:
sssd -- 1.11.5
sudo -- 1.8.9p5-1ubuntu1 (sudo-ldap package conflicts)
OS -- Ubuntu 14.04.1 LTS
On 29-08-2014 17:53, Lukas Slebodnik wrote:
On (29/08/14 17:37), Tevfik Ceydeliler wrote:
Thnx for document. I know this.
I think there is no problem abot configuration generally
), Tevfik Ceydeliler wrote:
Client side:
sssd -- 1.11.5
sudo -- 1.8.9p5-1ubuntu1 (sudo-ldap package conflicts)
Thats good. The package sudo-ldap is not compiled with sssd support.
OS -- Ubuntu 14.04.1 LTS
Do you have installed package libsss-sudo.
Could you show us your sssd.conf file?
BTW
I moved those lines. But still same.
On 01-09-2014 12:20, Alexander Bokovoy wrote:
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain
, 01 Sep 2014, Tevfik Ceydeliler wrote:
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.grp
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname
Actually All I wanna do is , give permission to user to use some
commanf. for example apt-get or something else.
I Think I can do it with IPA
right?
On 01-09-2014 15:42, Lukas Slebodnik wrote:
ogin: Mon Sep 1 13:47:08 2014 from 10.65.8.100
user1@clnt:~$ su - user1 apt-get install
Password:
I think something wrong or miss in ym configuration:
user1@clnt:~$ sudo /usr/bin/apt-get install
[sudo] password for user1:
user1 is not allowed to run sudo on clnt. This incident will be reported.
On 01-09-2014 16:05, Natxo Asenjo wrote:
On Mon, Sep 1, 2014 at 2:48 PM, Tevfik Ceydeliler
:57 2014 from 10.65.8.100
user1@clnt:~$ sudo -l
[sudo] password for user1:
User user1 is not allowed to run sudo on clnt.
user1@clnt:~$
4. ??
On 01-09-2014 16:04, Lukas Slebodnik wrote:
On (01/09/14 15:48), Tevfik Ceydeliler wrote:
Actually All I wanna do is , give permission to user to use some
] password for user1:
user1 is not allowed to run sudo on clnt. This incident will be reported.
0
user1@clnt:~$ sudo -l
[sudo] password for user1:
User user1 is not allowed to run sudo on clnt.
On 01-09-2014 19:05, Lukas Slebodnik wrote:
On (01/09/14 17:52), Tevfik Ceydeliler wrote:
1. I think I
I restart client after change sssd.conf.
On 02-09-2014 11:13, Lukas Slebodnik wrote:
On (02/09/14 11:02), Tevfik Ceydeliler wrote:
Step 0
root@clnt:/home/awtadm# grep sudoers /etc/nsswitch.conf
sudoers_debug:1
sudoers: files sss
root@clnt:/home/awtadm# ipa-client-install --no-ntp
IPA
Is there any article to describe how to configure ubuntu client for ipa
and sudo policy?
On 02-09-2014 11:13, Lukas Slebodnik wrote:
On (02/09/14 11:02), Tevfik Ceydeliler wrote:
Step 0
root@clnt:/home/awtadm# grep sudoers /etc/nsswitch.conf
sudoers_debug:1
sudoers: files sss
root
Hi,
I try to create replica to my IPA Server env.
When I try to use :
ipa-replica-prepare rep.ipa.grp --ip-address 10.1.1.183
At the end I have an error:
[root@srv ~]# ipa-replica-prepare rep.ipa.grp --ip-address 10.1.1.183
Directory Manager (existing master)
Hi,
I try to create replica to my IPA Server env.
When I try to use :
ipa-replica-prepare rep.ipa.grp --ip-address 10.1.1.183
At the end I have an error:
[root@srv ~]# ipa-replica-prepare rep.ipa.grp --ip-address 10.1.1.183
Directory Manager (existing master)
rep.ipa.grp
[root@rep ~]# ping srvipa.grp
ping: unknown host srvipa.grp
On 09-09-2014 10:42, Tevfik Ceydeliler wrote:
Hi,
I try to create replica to my IPA Server env.
When I try to use :
ipa-replica-prepare rep.ipa.grp --ip-address 10.1.1.183
At the end I have an error
Another symptom is :
--
[root@srv ~]# service named status
rndc: connect failed: 127.0.0.1#953: connection refused
named dead but pid file exists
---
On 09-09-2014 11:00, Tevfik Ceydeliler wrote:
By the way,
When i try to ping rep.pa.grp from srv.ipa.grp cant resolve IP address.
There is same
Finally Found solution.
check the file /etc/sysconfig/named and comment
#ROOTDIR=/var/named/chroot
line.
And restart named service
On 09-09-2014 11:29, Tevfik Ceydeliler wrote:
Another symptom is :
--
[root@srv ~]# service named status
rndc: connect failed: 127.0.0.1#953: connection refused
: *** PROCESS START ***
And
[root@srv httpd]# service iptables status
iptables: Firewall is not running
Seems no problem here.
Which service not available?
On 11-09-2014 14:18, Petr Vobornik wrote:
Hello Tevfik,
comments inline
On 11.9.2014 12:24, Tevfik Ceydeliler wrote:
Hi all,
I tried to do
Yes I can use ipa on cli
On 11-09-2014 20:17, Petr Vobornik wrote:
On 11.9.2014 13:36, Tevfik Ceydeliler wrote:
hi,
thnx for comment.
I really dont care sibgle sign on or something like that now :)
All I want I try to get back my ipa server :)
I check IPA status and :
[root@srv httpd]# ipactl
OK :)
No panic for my self :)
I found what was wrong. now ok.
Thnx so much
On 17-09-2014 14:53, Lukas Slebodnik wrote:
On (17/09/14 13:57), Tevfik Ceydeliler wrote:
Hi Lukas,
After you warned me, I reinstall IPA server and client, and replica.
After that I did your directives shown below
Thanks to Lukas:
Step 0: Install freipa-client on ubuntu 14.04 and configure sudo integration
root@ubuntu1404:/# ipa-client-install --no-ntp
root@ubuntu1404:/# echo sudoers: files sss /etc/nsswitch.conf
root@ubuntu1404:/# grep services /etc/sssd/sssd.conf
services = nss, pam
From: Tevfik Ceydeliler tevfik.ceydeli...@astron.yasar.com.tr
To: freeipa-users@redhat.com
Date: 17-09-2014 19:46
Subject: Re: [Freeipa-users] sudo setup in Ubuntu
Sent by: freeipa-users-boun...@redhat.com
Thanks to Lukas
Hi, Do you know when new version Freeipa (v4) places on redhat or centos
repository?
br
img src=http://www.yasar.com.tr/banner/yhbanner.jpg; /img
brbr
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece
adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri
Let me be more specific,
I want to know that when FreeIPA 4.0.3 or above place in RHEL/CentOS
official repository. (Not COPR)
On 24-09-2014 14:31, Martin Kosek wrote:
On 09/24/2014 01:23 PM, Tevfik Ceydeliler wrote:
Hi, Do you know when new version Freeipa (v4) places on redhat or centos
Hi,
I have user that have sudo su right.
And we have to use checkpoint ssl VPN connection. Becouse of SSL VPN
connection, VPN want ot create virtual interface for tunneling and needs
root right.
My clients work on ubuntu desktop.
How can I give a permission to my user to create this tunnel
Hi,
Altough I have this configuration in client .conf:
##
client 172.30.47.241 {
secret = 877909
shortname = VodafonePinarsuAPNYeni1
nastype = other
}
client 172.30.47.242 {
secret = 877909
30 matches
Mail list logo
