9 January 2017, 15:18
Subject: Re: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
version 1.13.4-1ubuntu1.1
Hi All,I have attached three files from running sudo -i on the same machine
enrolled into Free IPA. They have the output from various versions of sudo.
tail -f sudo_de
On (09/01/17 12:44), James Harrison wrote:
>All,debian 1.8.19-1 doesnt work, but Ubuntu 1.8.12-1ubuntu3 does.
>
Could you provide sudo logs with 1.8.19-1
https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
sssd log files will be helpfull as well.
LS
--
Manage your subscription for the F
All,debian 1.8.19-1 doesnt work, but Ubuntu 1.8.12-1ubuntu3 does.
James
From: Lukas Slebodnik
To: James Harrison
Cc: "freeipa-users@redhat.com"
Sent: Saturday, 7 January 2017, 15:34
Subject: Re: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
version 1.13.4-
All,1.8.19-1 from Debian does not appear to work too.
James
From: Lukas Slebodnik
To: James Harrison
Cc: "freeipa-users@redhat.com"
Sent: Saturday, 7 January 2017, 15:34
Subject: Re: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
version 1.13.4-1ubuntu1.1
On (06/01/17 17:15), James Harrison wrote:
>Any ideas?
> From: James Harrison
> To: "freeipa-users@redhat.com"
> Sent: Thursday, 5 January 2017, 13:36
> Subject: FreeIPA sudo not working on ububtu xenial sssd version
> 1.13.4-1ubuntu1.1
>
>Hi all,I having problems with a FreeIPA client
Any ideas?
From: James Harrison
To: "freeipa-users@redhat.com"
Sent: Thursday, 5 January 2017, 13:36
Subject: FreeIPA sudo not working on ububtu xenial sssd version
1.13.4-1ubuntu1.1
Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
I can authenticate OK, I get
On (05/01/17 15:38), Jakub Hrozek wrote:
>On Thu, Jan 05, 2017 at 01:36:56PM +, James Harrison wrote:
>> Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
>> I can authenticate OK, I get a kerberos ticket, but cannot run sudo.
>> I get 1 rule returned, which I expect.
>> Man
On Thu, Jan 05, 2017 at 01:36:56PM +, James Harrison wrote:
> Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
> I can authenticate OK, I get a kerberos ticket, but cannot run sudo.
> I get 1 rule returned, which I expect.
> Many thanks,James Harrison
I would check if (wit
On Tue, 05 Apr 2016, Ash Alam wrote:
I wanted to follow up on this. Since sudo needs to be added to sssd.conf
and nsswitch.conf. Is it possible to add the options via
ipa-client-install? I can do the same with chef but this seems like
something that should be done with ipa?
$ ipa-client-install
rs-boun...@redhat.com] *On Behalf Of *Ash Alam
> *Sent:* jeudi 24 mars 2016 19:50
> *To:* Jakub Hrozek
> *Cc:* freeipa-users@redhat.com
> *Subject:* Re: [Freeipa-users] Freeipa Sudo / sudoers.d / nopasswd
>
>
>
> Based on (How to troubleshoot Sudo)
>
>
>
> - Maybe i
even have to delete /var/lib/sss/db/ contents and restart sssd.
Best,
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ash Alam
Sent: jeudi 24 mars 2016 19:50
To: Jakub Hrozek
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Freeipa Sudo
I should clarify. I was just following the fedora/ipa docs. My Ipa servers
are Centos 7.2 and Ipa 4.2. Clients are Centos 6.6 and 3.0.0
$ rpm -q sssd ipa-client
sssd-1.11.6-30.el6_6.3.x86_64
ipa-client-3.0.0-42.el6.centos.x86_64
On Thu, Mar 24, 2016 at 3:04 PM, Rob Crittenden wrote:
> Ash Alam
Ash Alam wrote:
Based on (How to troubleshoot Sudo)
- Maybe i miss spoke when i said it fails completely. Rather it keeps
asking for the users password which it does not accept.
- I do not have sudo in sssd.conf
- I do not have sudoers: sss defined in nsswitch.conf
- Per Fedora/Freeipa doc (Defi
Based on (How to troubleshoot Sudo)
- Maybe i miss spoke when i said it fails completely. Rather it keeps
asking for the users password which it does not accept.
- I do not have sudo in sssd.conf
- I do not have sudoers: sss defined in nsswitch.conf
- Per Fedora/Freeipa doc (Defining Sudo), its no
What's your config look like in the GUI? Long as you assign the users
to the group and everything it should work. Your sssd.conf file shows
sudo in there as well?
On Thu, Mar 24, 2016 at 9:21 AM, Ash Alam wrote:
> Hello
>
> I am looking for some guidance on how to properly do sudo with Freeipa. I
> On 24 Mar 2016, at 17:21, Ash Alam wrote:
>
> Hello
>
> I am looking for some guidance on how to properly do sudo with Freeipa. I
> have read up on what i need to do but i cant seem to get to work correctly.
> Now with sudoers.d i can accomplish this fairly quickly.
>
> Example:
>
> %dev
On Thu, Oct 01, 2015 at 12:14:34PM +, markus@mc.ingenico.com wrote:
> Dear @all,
>
>
>
> I´ve an issue with two, Oracle Linux based, clients and my freeipa server. I
> can authenticate on any on the enrolled machines but the two oracle server
> aren´t able to access sudo and I don´t k
On (01/09/15 18:18), Yogesh Sharma wrote:
>Hi,
>
>This is fixed. On digging more found that my resolv.conf was updated and it
>was not able to find the domain. Fixing the resolv.conf with right
>nameserver, fixed the issue.
>
I know it was solved but you would not miss important debug
message with
Hi,
This is fixed. On digging more found that my resolv.conf was updated and it
was not able to find the domain. Fixing the resolv.conf with right
nameserver, fixed the issue.
*Best Regards,*
*__*
*Yogesh Sharma*
*Email: yks0...@gmail.com | Web: www.in
Even the users details are not coming:
[root@btservice-mysql-prd-ng2-01 sssd]# id vg4381
id: vg4381: No such user
[root@btservice-mysql-prd-ng2-01 sssd]# getent passwd vg4381
[root@btservice-mysql-prd-ng2-01 sssd]#
*Best Regards,*
*__*
*Yogesh Sharma*
*E
Thanx for the feedback ,let me read a bit and will share how I managed to
resolve it
-Original Message-
From: Lukas Slebodnik [mailto:lsleb...@redhat.com]
Sent: Tuesday, April 07, 2015 2:16 PM
To: Jakub Hrozek
Cc: Chamambo Martin; freeipa-users@redhat.com
Subject: Re: [Freeipa-users
On (07/04/15 12:57), Jakub Hrozek wrote:
>On Tue, Apr 07, 2015 at 12:48:37PM +0200, Chamambo Martin wrote:
>> Sorry for the confusion about that one ,that client I used to aunthenticate
>> to a pure 389 directory server and I have since changed it to free ipa and
>> below is the correct configurati
On Tue, Apr 07, 2015 at 01:55:43PM +0200, Chamambo Martin wrote:
> Thanx Jakub for pointing me to the right direction .This is what I have now
> and I have increased the debug level during troubleshooting
>
> [domain/ai.co.zw]
>
> debug_level=3
> cache_credentials = True
> krb5_store_password_if
[be_pam_handler_callback]
(0x0100): Sending result [0][ai.co.zw]
(Tue Apr 7 13:54:01 2015) [sssd[be[ai.co.zw]]] [be_pam_handler_callback]
(0x0100): Sent result [0][ai.co.zw]
^C
-Original Message-
From: Jakub Hrozek [mailto:jhro...@redhat.com]
Sent: Tuesday, April 07, 2015 12:58 PM
To: Ch
On Tue, Apr 07, 2015 at 12:48:37PM +0200, Chamambo Martin wrote:
> Sorry for the confusion about that one ,that client I used to aunthenticate
> to a pure 389 directory server and I have since changed it to free ipa and
> below is the correct configuration.
>
> I managed to add the line sudo_provi
Sorry for the confusion about that one ,that client I used to aunthenticate
to a pure 389 directory server and I have since changed it to free ipa and
below is the correct configuration.
I managed to add the line sudo_provider = ipa and im getting the below error
on my client
[admin@ironhide post
On Tue, Apr 07, 2015 at 11:58:35AM +0200, Chamambo Martin wrote:
> I have deployed FreeIPA on RedHat 7 and everything is working perfectly fine
> except when I try to configure SUDO. All my clients are all centos 6 and
> RedHat 6 clients and have the below config . I have followed every how-to
> an
> What command did you use to get sudo options working please?
>
> I noticed from below mail that you have
> Sudo Option: !authenticate
>
> I am having trouble getting that working
The first issue is what version of FreeIPA you are using. Before version 4 sudo
rules don't work without some
On 12/11/2014 04:38 PM, Dmitri Pal wrote:
On 12/11/2014 08:08 AM, Martin Kosek wrote:
On 12/11/2014 01:57 PM, Chris Card wrote:
On 12/11/2014 09:42 AM, Chris Card wrote:
On 12/10/2014 04:54 PM, Chris Card wrote:
On 12/10/2014 12:57 PM, Chris Card wrote:
thanks Martin,
I've installed freei
On 12/11/2014 08:08 AM, Martin Kosek wrote:
On 12/11/2014 01:57 PM, Chris Card wrote:
On 12/11/2014 09:42 AM, Chris Card wrote:
On 12/10/2014 04:54 PM, Chris Card wrote:
On 12/10/2014 12:57 PM, Chris Card wrote:
thanks Martin,
I've installed freeipa 4.1.1 on Fedora 21, and successfully set
On 12/11/2014 01:57 PM, Chris Card wrote:
>> On 12/11/2014 09:42 AM, Chris Card wrote:
>>>
On 12/10/2014 04:54 PM, Chris Card wrote:
>
>
>>
>>> On 12/10/2014 12:57 PM, Chris Card wrote:
>> thanks Martin,
I've installed freeipa 4.1.1 on Fedora 21, and successfully s
> On 12/11/2014 09:42 AM, Chris Card wrote:
>>
>>> On 12/10/2014 04:54 PM, Chris Card wrote:
>
>> On 12/10/2014 12:57 PM, Chris Card wrote:
> thanks Martin,
>>> I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a
>>> freeipa server and a freeipa clien
On 12/11/2014 09:42 AM, Chris Card wrote:
>
>> On 12/10/2014 04:54 PM, Chris Card wrote:
>>>
>>>
> On 12/10/2014 12:57 PM, Chris Card wrote:
thanks Martin,
>> I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a
>> freeipa server and a freeipa client machine.
> On 12/10/2014 04:54 PM, Chris Card wrote:
>>
>>
>>>
On 12/10/2014 12:57 PM, Chris Card wrote:
>>> thanks Martin,
> I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a
> freeipa server and a freeipa client machine.
> I've set up a user with ssh keys, and can suc
On 12/10/2014 04:54 PM, Chris Card wrote:
>
>
>>
>>> On 12/10/2014 12:57 PM, Chris Card wrote:
>> thanks Martin,
I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a
freeipa server and a freeipa client machine.
I've set up a user with ssh keys, and can successfully
On Wed, 10 Dec 2014 11:57:26 +
Chris Card wrote:
> Hi,
> I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a
> freeipa server and a freeipa client machine. I've set up a user with
> ssh keys, and can successfully ssh onto the client machine. I'm
> trying to setup sudo rules s
>
>> On 12/10/2014 12:57 PM, Chris Card wrote:
> thanks Martin,
>>> I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a
>>> freeipa server and a freeipa client machine.
>>> I've set up a user with ssh keys, and can successfully ssh onto the client
>>> machine.
>>> I'm trying to
> On 12/10/2014 12:57 PM, Chris Card wrote:
thanks Martin,
>> I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a freeipa
>> server and a freeipa client machine.
>> I've set up a user with ssh keys, and can successfully ssh onto the client
>> machine.
>> I'm trying to setup sudo
On 12/10/2014 12:57 PM, Chris Card wrote:
> Hi,
> I've installed freeipa 4.1.1 on Fedora 21, and successfully set up a freeipa
> server and a freeipa client machine.
> I've set up a user with ssh keys, and can successfully ssh onto the client
> machine.
> I'm trying to setup sudo rules so that if
39 matches
Mail list logo