[Freeipa-users] freeipa sudoers help

2017-11-02 Thread Andrew Meyer via FreeIPA-users
In preparation for a migration I am trying to setup sudoers within freeipa.  I have about a dozen people that will need to sudo to another user and run commands.  However I want to add all the commands for that user into my rule. would this be best practice to add ALL the commands into 1 rule? 

[Freeipa-users] Re: freeipa sudoers help

2017-11-02 Thread Rob Crittenden via FreeIPA-users
Andrew Meyer wrote: > What would the equivalent of Cmnd_Alias DEVS? Is that somewhere in the > documentation? I was also trying to find something to convert my > sudoers to what it would be in IPA commands. For Cmnd_Alias I'm not sure if it is supported or documented. IPA just uses the

[Freeipa-users] Re: libsss-sudo

2017-11-02 Thread Andrew Meyer via FreeIPA-users
Please disregard. On Thursday, November 2, 2017 2:26 PM, Andrew Meyer via FreeIPA-users wrote: When installing FreeIPA (latest) on CentOS 7.  If I want to take advantage of IPA sudoers, I need that package correct?  Should it not be installed when

[Freeipa-users] Re: freeipa sudoers help

2017-11-02 Thread Rob Crittenden via FreeIPA-users
Andrew Meyer via FreeIPA-users wrote: > In preparation for a migration I am trying to setup sudoers within > freeipa. I have about a dozen people that will need to sudo to another > user and run commands. However I want to add all the commands for that > user into my rule. > > would this be

[Freeipa-users] Re: freeipa sudoers help

2017-11-02 Thread Andrew Meyer via FreeIPA-users
What would the equivalent of Cmnd_Alias DEVS?  Is that somewhere in the documentation?  I was also trying to find something to convert my sudoers to what it would be in IPA commands.  On Thursday, November 2, 2017 4:02 PM, Rob Crittenden via FreeIPA-users

[Freeipa-users] libsss-sudo

2017-11-02 Thread Andrew Meyer via FreeIPA-users
When installing FreeIPA (latest) on CentOS 7.  If I want to take advantage of IPA sudoers, I need that package correct?  Should it not be installed when I install freeipa server/client? Just wondering.___ FreeIPA-users mailing list --

[Freeipa-users] Searching for user by extended attribute

2017-11-02 Thread Aaron Hicks via FreeIPA-users
Hi all, We've added two objectclasses to the default user in our FreeIPA instance. We're able to set and modify them fine, however we need two additional functions. We need two additional attributes auedupersonsharedtoken and edupersonprinciplename to be included in the user attributes

[Freeipa-users] Can't login with AD credentials on a trust controller

2017-11-02 Thread Ranbir via FreeIPA-users
Hello Everyone, I have four CentOS 7.3 boxes running ipa that are in a one way trust with an AD domain. Two servers are configured as trust agents and the other two are trust controllers. The trust agents and one trust controller are functioning properly. That is, I can ssh to them and login

[Freeipa-users] Re: Can't login with AD credentials on a trust controller

2017-11-02 Thread Alexander Bokovoy via FreeIPA-users
On to, 02 marras 2017, Ranbir via FreeIPA-users wrote: Hello Everyone, I have four CentOS 7.3 boxes running ipa that are in a one way trust with an AD domain. Two servers are configured as trust agents and the other two are trust controllers. The trust agents and one trust controller are