On Mon, Sep 01, 2014 at 12:20:21PM +0300, Alexander Bokovoy wrote: > On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote: > > > >libsss-sudo already installed. > >Here is my sssd.conf: > >[domain/ipa.grp] > >krb5_realm = IPA.GRP > >cache_credentials = True > >krb5_store_password_if_offline = True > >ipa_domain = ipa.grp > >id_provider = ipa > >auth_provider = ipa > >access_provider = ipa > >ipa_hostname = clnt.ipa.grp > >chpass_provider = ipa > >ipa_dyndns_update = True > >ipa_server = _srv_, srv.ipa.grp > >ldap_tls_cacert = /etc/ipa/ca.crt > >[sssd] > >services = nss, pam, ssh, sudo > >config_file_version = 2 > >domains = ipa.grp > > The options below have to be in [domain/...] section: > >ldap_sudo_search_base = ou=sudoers,ou=ipa,dc=grp > >ldap_sasl_mech = GSSAPI > >ldap=sasl_authid = host/cnlt2.ipa.grp
Moreover this seems to be a typo. (ldap=sasl_authid insteat of ldap_sasl_authid) > >ldap_sasl_realm = IPA.GRP > >ldap_netgroup_search_base = ou=SUDOers,dc=ipa,dc=grp > >sudo_provider = ldap > >ldap_uri = ldap://srv.ipa.grp > >krb5_server = srv.ipa.grp > > -- > / Alexander Bokovoy > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
