Re: [Freeipa-users] sudo hostgroup sanity check, please?

2012-07-10 Thread Nalin Dahyabhai
On Tue, Jul 10, 2012 at 02:15:41PM -0500, KodaK wrote: [snip] > My sudo-ldap.conf file: > > binddn uid=sudo,cn=sysaccounts,cn=etc,dc=validserver,dc=com > bindpw validpassword > > ssl start_tls > tls_cacertfile /etc/ipa/ca.crt > tls_checkpeer yes > > bind_timelimit 5 > timelimit 15 > > uri ldap:

Re: [Freeipa-users] sudo hostgroup sanity check, please?

2012-07-10 Thread JR Aquino
On Jul 10, 2012, at 12:28 PM, KodaK wrote: > Further information: > > I do have: > > ldap_netgroup_search_base = cn=ng,cn=compat,dc=validdomain,dc=com Go ahead and remove this line. Previous legacy versions of sssd required it. I believe it just gets in the way now. You also want to run: $

Re: [Freeipa-users] sudo hostgroup sanity check, please?

2012-07-10 Thread Natxo Asenjo
On Tue, Jul 10, 2012 at 10:16 PM, KodaK wrote: > On Tue, Jul 10, 2012 at 2:56 PM, Dmitri Pal wrote:> > > Do you see host netgroup coming over to the system when you enumerate > > netgroups? > > I don't know how to do this at the command line. I'm googling for it. > The only thing I'm even va

Re: [Freeipa-users] sudo hostgroup sanity check, please?

2012-07-10 Thread KodaK
On Tue, Jul 10, 2012 at 2:56 PM, Dmitri Pal wrote: > On 07/10/2012 03:15 PM, KodaK wrote: >> I'm running IPA 2.2.0 on RHEL6 >> >> Server: >> >> [root@validserver ~]# rpm -qa | grep ipa >> ipa-client-2.2.0-16.el6.x86_64 >> ipa-pki-common-theme-9.0.3-7.el6.noarch >> libipa_hbac-python-1.8.0-32.el6.x

Re: [Freeipa-users] sudo hostgroup sanity check, please?

2012-07-10 Thread Dmitri Pal
On 07/10/2012 03:15 PM, KodaK wrote: > I'm running IPA 2.2.0 on RHEL6 > > Server: > > [root@validserver ~]# rpm -qa | grep ipa > ipa-client-2.2.0-16.el6.x86_64 > ipa-pki-common-theme-9.0.3-7.el6.noarch > libipa_hbac-python-1.8.0-32.el6.x86_64 > ipa-python-2.2.0-16.el6.x86_64 > ipa-server-2.2.0-16.e

Re: [Freeipa-users] sudo hostgroup sanity check, please?

2012-07-10 Thread KodaK
Further information: I do have: ldap_netgroup_search_base = cn=ng,cn=compat,dc=validdomain,dc=com In /etc/sssd/sssd.conf Is cn=ng,cn=compat correct? --Jason On Tue, Jul 10, 2012 at 2:15 PM, KodaK wrote: > I'm running IPA 2.2.0 on RHEL6 > > Server: > > [root@validserver ~]# rpm -qa | grep ipa

[Freeipa-users] sudo hostgroup sanity check, please?

2012-07-10 Thread KodaK
I'm running IPA 2.2.0 on RHEL6 Server: [root@validserver ~]# rpm -qa | grep ipa ipa-client-2.2.0-16.el6.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch libipa_hbac-python-1.8.0-32.el6.x86_64 ipa-python-2.2.0-16.el6.x86_64 ipa-server-2.2.0-16.el6.x86_64 ipa-server-selinux-2.2.0-16.el6.x86_64 ipa-pk