On Thu, Feb 21, 2013 at 03:07:10PM +0100, Han Boetes wrote: > This is what you have to do to enable sudo support while using freeipa: I > got it all from > sssd-sudo(5). > > # yum install libsss_sudo > > Add this line to /etc/nsswitch.conf > > sudoers: files sss > > Edit /etc/sssd/sssd.conf and make the following changes: > > Add sudo to the "services =" line. > > And add lines like these to the [domain/example.com] section > > sudo_provider = ldap > ldap_uri = ldap://ipa.example.com > ldap_sudo_search_base = ou=sudoers,dc=example,dc=com > ldap_sasl_mech = GSSAPI > ldap_sasl_authid = host/hostname.example.com > ldap_sasl_realm = EXAMPLE.COM > krb5_server = ipa.example.com > > And after that sudo should work. For debugging stop the sssd service and > run sssd with the following options: > > /usr/sbin/sssd -D -f -d4 > > And then tail /var/log/sssd/sssd_example.com.log > > My request to the freeipa developers is to add an option to > ipa-install-client script to support these changes. Perhaps even make it > the default since it's so nice and useful to have. > > > > # Han
There is already https://fedorahosted.org/freeipa/ticket/3358 open which is tracking the exact use case. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users