On 02/01/2012 03:43 AM, Westerlund Johnny wrote: > You pointed me in the correct direction. I only needed to setup ldap.conf in > a correct way and it worked perfectly. > the documentation for setting up sudo on rhel6 describes how to setup the > nslcd.conf, i just did ldap.conf a symlink of that file and it worked. > > Thanks alot for your input. > > Regards > johnny > > ________________________________________ > Från: [email protected] [[email protected]] > för Stephen Gallagher [[email protected]] > Skickat: den 1 februari 2012 13:35 > Till: [email protected] > Ämne: Re: [Freeipa-users] IPA Sudo - RHEL5 > > On Wed, 2012-02-01 at 08:51 +0100, Westerlund Johnny wrote: >> Hey all, >> >> I've been running IPA on a RHEL6.2 and so far it's looking great. HBAC >> is awsome. The other machines in the domain is another RHEL 6.2 and one >> RHEL 5.7. >> >> I've also configured SUDO and it was working great on all machines. But >> thats changed now. The RHEL 6.2 and the ipaserver itself (also rhel6.2) >> works great. But the RHEL 5.7 stopped working the other day, and >> nothing i do can make it work again. >> >> I've followed the documentation at: >> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/sudo.html >> But i just cant seem to find the problem, so i'm starting to wonder if >> it broke when i patched the system the other day. >> >> Both login and HBAC rules seem to work fine on the 5.7 box, but not >> SUDO. I've tried running the sssd daemon interactivly and in debug >> mode (sssd -i -d6) but it's hard to know what to look for. Anyone able >> to give some troubleshooting tips? > > SUDO support doesn't go through SSSD[1]. It uses its own internal LDAP > driver to talk to FreeIPA. So if you're suddenly having trouble there, > I'd look into the sudo package. > > > > [1] This is a feature we're working on for Fedora and will be coming in > future versions of RHEL 6, but probably not for RHEL 5 > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users
Just wanted to add here, that the Red Hat docs for 5.8 beta include and identity management doc that specifies how to set this up under RHEL 5. http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5-Beta/html/Configuring_Identity_Management/configuring-rhel5.html#Setting_up_sudo_Rules-Client_Configuration_for_sudo_Rules -Erinn
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
