from:"ladner . danila"

Re: [Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?

2016-07-13 Thread ladner . danila

Update to at least 1.12 sssd and libsss_sudo. As I recall sudo ipa provider did 
not work under 1.11

Sent from my iPhone

> On Jul 13, 2016, at 9:02 AM, Tomas Simecek  wrote:
> 
> Hi,
> versions are:
> sssd-client-1.11.6-30.el6.x86_64
> sssd-ipa-1.11.6-30.el6.x86_64
> ipa-client-3.0.0-50.el6.centos.1.x86_64
> as part of:
> CentOS release 6.6 (Final)
> 
> T.
> 
> 2016-07-13 14:52 GMT+02:00 :
>> Again what is client version on 6.5?
>> 
>> 
>> Sent from my iPhone
>> 
>>> On Jul 13, 2016, at 8:25 AM, Tomas Simecek  wrote:
>>> 
>>> Thanks for your information Lukas,
>>> I have changed sudo_provider to ipa, restarted sssd and no difference.
>>> Logfile still says "Access granted by HBAC rule..." and sudo says 
>>> simecek.to...@sd-stc.cz is not allowed to run sudo on zp-cml-test.
>>> 
>>> Btw. man sssd-sudo says: 
>>> The following example shows how to configure SSSD to download
>>> sudo rules from an LDAP server.
>>> 
>>>[sssd]
>>>config_file_version = 2
>>>services = nss, pam, sudo
>>>domains = EXAMPLE
>>> 
>>>[domain/EXAMPLE]
>>>id_provider = ldap
>>> 
>>> so I am not that sure what should be set on my version of sssd.
>>> 
>>> Any idea?
>>> 
>>> Thanks
>>> 
>>> T.
>>> 
>>> 2016-07-13 13:44 GMT+02:00 Lukas Slebodnik :
 On (13/07/16 13:36), Tomas Simecek wrote:
 >Lukas,
 >yes, I went through that guide and I configured sssd.conf as per the doc
 >(you can see it in the beginning of the thread).
 >
 >Actually the installation is:
 >[root@zp-cml-test sssd]# cat /etc/redhat-release
 >CentOS release 6.6 (Final)
 >
 >and versions are:
 >[root@zp-cml-test sssd]# rpm -qa |grep sssd
 >sssd-proxy-1.11.6-30.el6.x86_64
 >sssd-common-pac-1.11.6-30.el6.x86_64
 >sssd-ipa-1.11.6-30.el6.x86_64
 >sssd-1.11.6-30.el6.x86_64
 >sssd-common-1.11.6-30.el6.x86_64
 >sssd-ad-1.11.6-30.el6.x86_64
 >sssd-ldap-1.11.6-30.el6.x86_64
 >python-sssdconfig-1.11.6-30.el6.noarch
 >sssd-krb5-common-1.11.6-30.el6.x86_64
 >sssd-krb5-1.11.6-30.el6.x86_64
 >sssd-client-1.11.6-30.el6.x86_64
 >
 1.11 has sudo_provider=ipa
 
 @see instructions in man sssd-sudo how to configure it.
 It should avoid issues with two different providers (ipa and ldap)
 
 >
 >There are some reasons why not to upgrade to later versions, believe me, I
 >would do it if I could :-)
 >
 You can at least try to upgrade sssd from 6.8 if you do not want
 to upgrade whole OS.
 
 LS
>>> 
>>> -- 
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
> 
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?

2016-07-13 Thread ladner . danila

Again what is client version on 6.5?


Sent from my iPhone

> On Jul 13, 2016, at 8:25 AM, Tomas Simecek  wrote:
> 
> Thanks for your information Lukas,
> I have changed sudo_provider to ipa, restarted sssd and no difference.
> Logfile still says "Access granted by HBAC rule..." and sudo says 
> simecek.to...@sd-stc.cz is not allowed to run sudo on zp-cml-test.
> 
> Btw. man sssd-sudo says: 
> The following example shows how to configure SSSD to download
> sudo rules from an LDAP server.
> 
>[sssd]
>config_file_version = 2
>services = nss, pam, sudo
>domains = EXAMPLE
> 
>[domain/EXAMPLE]
>id_provider = ldap
> 
> so I am not that sure what should be set on my version of sssd.
> 
> Any idea?
> 
> Thanks
> 
> T.
> 
> 2016-07-13 13:44 GMT+02:00 Lukas Slebodnik :
>> On (13/07/16 13:36), Tomas Simecek wrote:
>> >Lukas,
>> >yes, I went through that guide and I configured sssd.conf as per the doc
>> >(you can see it in the beginning of the thread).
>> >
>> >Actually the installation is:
>> >[root@zp-cml-test sssd]# cat /etc/redhat-release
>> >CentOS release 6.6 (Final)
>> >
>> >and versions are:
>> >[root@zp-cml-test sssd]# rpm -qa |grep sssd
>> >sssd-proxy-1.11.6-30.el6.x86_64
>> >sssd-common-pac-1.11.6-30.el6.x86_64
>> >sssd-ipa-1.11.6-30.el6.x86_64
>> >sssd-1.11.6-30.el6.x86_64
>> >sssd-common-1.11.6-30.el6.x86_64
>> >sssd-ad-1.11.6-30.el6.x86_64
>> >sssd-ldap-1.11.6-30.el6.x86_64
>> >python-sssdconfig-1.11.6-30.el6.noarch
>> >sssd-krb5-common-1.11.6-30.el6.x86_64
>> >sssd-krb5-1.11.6-30.el6.x86_64
>> >sssd-client-1.11.6-30.el6.x86_64
>> >
>> 1.11 has sudo_provider=ipa
>> 
>> @see instructions in man sssd-sudo how to configure it.
>> It should avoid issues with two different providers (ipa and ldap)
>> 
>> >
>> >There are some reasons why not to upgrade to later versions, believe me, I
>> >would do it if I could :-)
>> >
>> You can at least try to upgrade sssd from 6.8 if you do not want
>> to upgrade whole OS.
>> 
>> LS
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?

Re: [Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?

2 matches

Site Navigation

Mail list logo

Footer information