Bret Wortman wrote:
I'm trying to bring some CentOS 6.4 systems into our IPA network, and
everything seems to be working find except sudo (which works against all
our Fedora-based systems).
I've set it up as documented on freeipa.org, and that same config as I
said works for Fedora (I have adjusted to use /etc/nslcd.conf on CentOS
instead of /etc/ldap.conf). If I remove "files" from /etc/nsswitch.conf,
I get the following:
$ sudo -iu root
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
I have sudoers_debug set to "1", but this is producing no output that
I've been able to find. Not surprising, since it looks like the sudo
command itself isn't ever querying ldap at all....
What should I try next?
The configuration file you want is /etc/sudo-ldap.conf. See sudoers.ldap(5).
Not sure how great an example this is, but this is the one on my 6.4 dev
box:
binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
bindpw SecretPassword
ssl start_tls
tls_cacertfile /etc/ipa/ca.crt
tls_checkpeer yes
bind_timelimit 5
timelimit 15
uri ldap://ipa.example.com
sudoers_base ou=SUDOers,dc=example,dc=com
sudoers_debug 2
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
