OK, found it... I needed to comment out my other ldap lines, but I wonder why this is needed on CentOS and Ubuntu works without them.
2014-10-12 21:14 GMT+02:00 Matt . <[email protected]>: > Hi All. > > I'm using sudo rules on Ubuntu machines perfectly, but on CentOS I get: > > User username is not allowed to run sudo on centos > > This is in my sssd.conf which should be OK? > > [domain/domain.local] > > cache_credentials = True > krb5_store_password_if_offline = True > ipa_domain = domain.local > id_provider = ipa > auth_provider = ipa > access_provider = ipa > ipa_hostname = centos.domain.local > chpass_provider = ipa > ipa_server = _srv_,ipa.domain.local > ldap_tls_cacert = /etc/ipa/ca.crt > > > [sssd] > services = nss, pam, ssh, sudo > config_file_version = 2 > > domains = domain.local > > The strange thing is that I cannot find any log issues except: > > (Sun Oct 12 18:03:37 2014) [sssd[sudo]] [sss_dp_init] (0x0010): Failed > to connect to monitor services. > (Sun Oct 12 18:03:37 2014) [sssd[sudo]] [sss_process_init] (0x0010): > fatal error setting up backend connector > > Where I think this only happens with restarting sssd, but not always. > > Thanks, > > Matt -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
