Lukas Slebodnik wrote:
> On (08/11/17 16:01), Andrea Passuello wrote:
>> Hi all,
>> I use SSSD with OpenLDAP and I am able to authenticate users.
>> I am trying to configure SSSD for managing and caching sudo but I can't use
>> sudo and the system reply me with this:
>>
>> Sorry, user xxx is not allowed to execute '/usr/bin/apt-get update' as root
>> on MACHINE.
>>
> A) ensure that you have right version of sudo installed on debian/ubuntu
>    It need to be compiled with sssd support
>    sudo --version | grep sssd
For whatever reason Debian has to different sudo packages:
sudo - Provide limited super user privileges to specific users
sudo-ldap - Provide limited super user privileges to specific users

For "sudoers: sss" in nsswitch.conf you need package "sudo" and *not*
"sudo-ldap" even if you have your sudoers entries in LDAP directory.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

Reply via email to