On Tue, Jul 10, 2012 at 02:15:41PM -0500, KodaK wrote:
[snip]
> My sudo-ldap.conf file:
>
> binddn uid=sudo,cn=sysaccounts,cn=etc,dc=validserver,dc=com
> bindpw validpassword
>
> ssl start_tls
> tls_cacertfile /etc/ipa/ca.crt
> tls_checkpeer yes
>
> bind_timelimit 5
> timelimit 15
>
> uri ldap:
On Jul 10, 2012, at 12:28 PM, KodaK wrote:
> Further information:
>
> I do have:
>
> ldap_netgroup_search_base = cn=ng,cn=compat,dc=validdomain,dc=com
Go ahead and remove this line. Previous legacy versions of sssd required it.
I believe it just gets in the way now.
You also want to run: $
On Tue, Jul 10, 2012 at 10:16 PM, KodaK wrote:
> On Tue, Jul 10, 2012 at 2:56 PM, Dmitri Pal wrote:>
>
> Do you see host netgroup coming over to the system when you enumerate
> > netgroups?
>
> I don't know how to do this at the command line. I'm googling for it.
> The only thing I'm even va
On Tue, Jul 10, 2012 at 2:56 PM, Dmitri Pal wrote:
> On 07/10/2012 03:15 PM, KodaK wrote:
>> I'm running IPA 2.2.0 on RHEL6
>>
>> Server:
>>
>> [root@validserver ~]# rpm -qa | grep ipa
>> ipa-client-2.2.0-16.el6.x86_64
>> ipa-pki-common-theme-9.0.3-7.el6.noarch
>> libipa_hbac-python-1.8.0-32.el6.x
On 07/10/2012 03:15 PM, KodaK wrote:
> I'm running IPA 2.2.0 on RHEL6
>
> Server:
>
> [root@validserver ~]# rpm -qa | grep ipa
> ipa-client-2.2.0-16.el6.x86_64
> ipa-pki-common-theme-9.0.3-7.el6.noarch
> libipa_hbac-python-1.8.0-32.el6.x86_64
> ipa-python-2.2.0-16.el6.x86_64
> ipa-server-2.2.0-16.e
Further information:
I do have:
ldap_netgroup_search_base = cn=ng,cn=compat,dc=validdomain,dc=com
In /etc/sssd/sssd.conf
Is cn=ng,cn=compat correct?
--Jason
On Tue, Jul 10, 2012 at 2:15 PM, KodaK wrote:
> I'm running IPA 2.2.0 on RHEL6
>
> Server:
>
> [root@validserver ~]# rpm -qa | grep ipa
I'm running IPA 2.2.0 on RHEL6
Server:
[root@validserver ~]# rpm -qa | grep ipa
ipa-client-2.2.0-16.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
libipa_hbac-python-1.8.0-32.el6.x86_64
ipa-python-2.2.0-16.el6.x86_64
ipa-server-2.2.0-16.el6.x86_64
ipa-server-selinux-2.2.0-16.el6.x86_64
ipa-pk