Re: [Freeipa-users] sudo / sssd integration problems
no problem, thanks for trying! I just figured it out. yum -y install libsss_sudo fixed it. Should this package be a dependency that gets pulled in when IPA client is installed? shall I file a bug? Thanks, Brian --- Brian Cook Solutions Architect, Red Hat, Inc. 407-212-7079 On Mar 21, 2013, at 8:50 PM, Brian Cook bc...@redhat.com wrote: Those packages are installed. The second part is against what I am trying to accomplish. My sudo rule is already created in IPA. I just need SSSD to fetch it. Thanks, Brian On Mar 21, 2013, at 8:37 PM, John Moyer john.mo...@digitalreasoning.com wrote: I had sudo issues similar to this, I can't remember the exact fix. I have the following two things in my notes. The second command would obviously need you to add the people you want to be able to sudo to the admins group after you add this. yum install ipa-client fprintd-pam -y echo %admins ALL=(ALL) NOPASSWD: ALL /etc/sudoers Thanks, _ John Moyer On Mar 21, 2013, at 11:27 PM, Brian Cook bc...@redhat.com wrote: Running F18 and following the instructions here: http://jhrozek.fedorapeople.org/sssd/1.9.1/man/sssd-sudo.5.html When I try to run sudo -l as any user I get the following error: bash-4.2$ sudo -l sudo: Unable to dlopen /usr/lib64/libsss_sudo.so: (null) sudo: Unable to initialize SSS source. Is SSSD installed on your machine? Nothing particularly interesting in the log with debug at 5. Can someone point me in the right direction? Thanks, Brian sssd.conf: [domain/example.com] debug_level = 5 cache_credentials = True krb5_store_password_if_offline = True ipa_domain = example.com id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = ipadevel.example.com chpass_provider = ipa ipa_server = ipadevel.example.com ldap_tls_cacert = /etc/ipa/ca.crt sudo_provider = ldap ldap_uri = ldap://ipadevel.example.com ldap_sudo_search_base = ou=sudoers,dc=example,dc=com ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/ipadevel.example.com ldap_sasl_realm = EXAMPLE.COM krb5_server = ipadevel.example.com [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = example.com [nss] [pam] [sudo] debug_level=5 [autofs] [ssh] [pac] ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] sudo / sssd integration problems
We already have a bug filed: https://bugzilla.redhat.com/show_bug.cgi?id=924395 This should be fixed along with ticket adding sudo configuration support to ipa-client-install: https://fedorahosted.org/freeipa/ticket/3358 Martin On 03/22/2013 07:13 AM, Brian Cook wrote: no problem, thanks for trying! I just figured it out. yum -y install libsss_sudo fixed it. Should this package be a dependency that gets pulled in when IPA client is installed? shall I file a bug? Thanks, Brian --- Brian Cook Solutions Architect, Red Hat, Inc. 407-212-7079 On Mar 21, 2013, at 8:50 PM, Brian Cook bc...@redhat.com mailto:bc...@redhat.com wrote: Those packages are installed. The second part is against what I am trying to accomplish. My sudo rule is already created in IPA. I just need SSSD to fetch it. Thanks, Brian On Mar 21, 2013, at 8:37 PM, John Moyer john.mo...@digitalreasoning.com mailto:john.mo...@digitalreasoning.com wrote: I had sudo issues similar to this, I can't remember the exact fix. I have the following two things in my notes. The second command would obviously need you to add the people you want to be able to sudo to the admins group after you add this. yum install ipa-client fprintd-pam -y echo %admins ALL=(ALL) NOPASSWD: ALL /etc/sudoers Thanks, _ John Moyer On Mar 21, 2013, at 11:27 PM, Brian Cook bc...@redhat.com mailto:bc...@redhat.com wrote: Running F18 and following the instructions here: http://jhrozek.fedorapeople.org/sssd/1.9.1/man/sssd-sudo.5.html When I try to run sudo -l as any user I get the following error: bash-4.2$ sudo -l sudo: Unable to dlopen /usr/lib64/libsss_sudo.so: (null) sudo: Unable to initialize SSS source. Is SSSD installed on your machine? Nothing particularly interesting in the log with debug at 5. Can someone point me in the right direction? Thanks, Brian sssd.conf: [domain/example.com http://example.com/] debug_level = 5 cache_credentials = True krb5_store_password_if_offline = True ipa_domain = example.com http://example.com/ id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = ipadevel.example.com http://ipadevel.example.com/ chpass_provider = ipa ipa_server = ipadevel.example.com http://ipadevel.example.com/ ldap_tls_cacert = /etc/ipa/ca.crt sudo_provider = ldap ldap_uri = ldap://ipadevel.example.com ldap_sudo_search_base = ou=sudoers,dc=example,dc=com ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/ipadevel.example.com http://ipadevel.example.com/ ldap_sasl_realm = EXAMPLE.COM http://example.com/ krb5_server = ipadevel.example.com http://ipadevel.example.com/ [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = example.com http://example.com/ [nss] [pam] [sudo] debug_level=5 [autofs] [ssh] [pac] ___ Freeipa-users mailing list Freeipa-users@redhat.com mailto:Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com mailto:Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] sudo / sssd integration problems
I had sudo issues similar to this, I can't remember the exact fix. I have the following two things in my notes. The second command would obviously need you to add the people you want to be able to sudo to the admins group after you add this. yum install ipa-client fprintd-pam -y echo %admins ALL=(ALL) NOPASSWD: ALL /etc/sudoers Thanks, _ John Moyer On Mar 21, 2013, at 11:27 PM, Brian Cook bc...@redhat.com wrote: Running F18 and following the instructions here: http://jhrozek.fedorapeople.org/sssd/1.9.1/man/sssd-sudo.5.html When I try to run sudo -l as any user I get the following error: bash-4.2$ sudo -l sudo: Unable to dlopen /usr/lib64/libsss_sudo.so: (null) sudo: Unable to initialize SSS source. Is SSSD installed on your machine? Nothing particularly interesting in the log with debug at 5. Can someone point me in the right direction? Thanks, Brian sssd.conf: [domain/example.com] debug_level = 5 cache_credentials = True krb5_store_password_if_offline = True ipa_domain = example.com id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = ipadevel.example.com chpass_provider = ipa ipa_server = ipadevel.example.com ldap_tls_cacert = /etc/ipa/ca.crt sudo_provider = ldap ldap_uri = ldap://ipadevel.example.com ldap_sudo_search_base = ou=sudoers,dc=example,dc=com ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/ipadevel.example.com ldap_sasl_realm = EXAMPLE.COM krb5_server = ipadevel.example.com [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = example.com [nss] [pam] [sudo] debug_level=5 [autofs] [ssh] [pac] ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] sudo / sssd integration problems
Those packages are installed. The second part is against what I am trying to accomplish. My sudo rule is already created in IPA. I just need SSSD to fetch it. Thanks, Brian On Mar 21, 2013, at 8:37 PM, John Moyer john.mo...@digitalreasoning.com wrote: I had sudo issues similar to this, I can't remember the exact fix. I have the following two things in my notes. The second command would obviously need you to add the people you want to be able to sudo to the admins group after you add this. yum install ipa-client fprintd-pam -y echo %admins ALL=(ALL) NOPASSWD: ALL /etc/sudoers Thanks, _ John Moyer On Mar 21, 2013, at 11:27 PM, Brian Cook bc...@redhat.com wrote: Running F18 and following the instructions here: http://jhrozek.fedorapeople.org/sssd/1.9.1/man/sssd-sudo.5.html When I try to run sudo -l as any user I get the following error: bash-4.2$ sudo -l sudo: Unable to dlopen /usr/lib64/libsss_sudo.so: (null) sudo: Unable to initialize SSS source. Is SSSD installed on your machine? Nothing particularly interesting in the log with debug at 5. Can someone point me in the right direction? Thanks, Brian sssd.conf: [domain/example.com] debug_level = 5 cache_credentials = True krb5_store_password_if_offline = True ipa_domain = example.com id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = ipadevel.example.com chpass_provider = ipa ipa_server = ipadevel.example.com ldap_tls_cacert = /etc/ipa/ca.crt sudo_provider = ldap ldap_uri = ldap://ipadevel.example.com ldap_sudo_search_base = ou=sudoers,dc=example,dc=com ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/ipadevel.example.com ldap_sasl_realm = EXAMPLE.COM krb5_server = ipadevel.example.com [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = example.com [nss] [pam] [sudo] debug_level=5 [autofs] [ssh] [pac] ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] sudo / sssd integration problems
Sorry that's all I have in my notes. I'm sure others will have ideas. Sorry I couldn't be more help. Thanks, _ John Moyer On Mar 21, 2013, at 11:50 PM, Brian Cook bc...@redhat.com wrote: Those packages are installed. The second part is against what I am trying to accomplish. My sudo rule is already created in IPA. I just need SSSD to fetch it. Thanks, Brian On Mar 21, 2013, at 8:37 PM, John Moyer john.mo...@digitalreasoning.com wrote: I had sudo issues similar to this, I can't remember the exact fix. I have the following two things in my notes. The second command would obviously need you to add the people you want to be able to sudo to the admins group after you add this. yum install ipa-client fprintd-pam -y echo %admins ALL=(ALL) NOPASSWD: ALL /etc/sudoers Thanks, _ John Moyer On Mar 21, 2013, at 11:27 PM, Brian Cook bc...@redhat.com wrote: Running F18 and following the instructions here: http://jhrozek.fedorapeople.org/sssd/1.9.1/man/sssd-sudo.5.html When I try to run sudo -l as any user I get the following error: bash-4.2$ sudo -l sudo: Unable to dlopen /usr/lib64/libsss_sudo.so: (null) sudo: Unable to initialize SSS source. Is SSSD installed on your machine? Nothing particularly interesting in the log with debug at 5. Can someone point me in the right direction? Thanks, Brian sssd.conf: [domain/example.com] debug_level = 5 cache_credentials = True krb5_store_password_if_offline = True ipa_domain = example.com id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = ipadevel.example.com chpass_provider = ipa ipa_server = ipadevel.example.com ldap_tls_cacert = /etc/ipa/ca.crt sudo_provider = ldap ldap_uri = ldap://ipadevel.example.com ldap_sudo_search_base = ou=sudoers,dc=example,dc=com ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/ipadevel.example.com ldap_sasl_realm = EXAMPLE.COM krb5_server = ipadevel.example.com [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = example.com [nss] [pam] [sudo] debug_level=5 [autofs] [ssh] [pac] ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users