Thanks, I will try. But I am afraid to update to more recent version then those in official repos.
Thanks anyway. T. 2016-07-13 15:39 GMT+02:00 <[email protected]>: > Update to at least 1.12 sssd and libsss_sudo. As I recall sudo ipa > provider did not work under 1.11 > > Sent from my iPhone > > On Jul 13, 2016, at 9:02 AM, Tomas Simecek <[email protected]> > wrote: > > Hi, > versions are: > sssd-client-1.11.6-30.el6.x86_64 > sssd-ipa-1.11.6-30.el6.x86_64 > ipa-client-3.0.0-50.el6.centos.1.x86_64 > as part of: > CentOS release 6.6 (Final) > > T. > > 2016-07-13 14:52 GMT+02:00 <[email protected]>: > >> Again what is client version on 6.5? >> >> >> Sent from my iPhone >> >> On Jul 13, 2016, at 8:25 AM, Tomas Simecek <[email protected]> >> wrote: >> >> Thanks for your information Lukas, >> I have changed sudo_provider to ipa, restarted sssd and no difference. >> Logfile still says "Access granted by HBAC rule..." and sudo says >> [email protected] is not allowed to run sudo on zp-cml-test. >> >> Btw. man sssd-sudo says: >> The following example shows how to configure SSSD to download >> sudo rules from an LDAP server. >> >> [sssd] >> config_file_version = 2 >> services = nss, pam, sudo >> domains = EXAMPLE >> >> [domain/EXAMPLE] >> id_provider = ldap >> >> so I am not that sure what should be set on my version of sssd. >> >> Any idea? >> >> Thanks >> >> T. >> >> 2016-07-13 13:44 GMT+02:00 Lukas Slebodnik <[email protected]>: >> >>> On (13/07/16 13:36), Tomas Simecek wrote: >>> >Lukas, >>> >yes, I went through that guide and I configured sssd.conf as per the doc >>> >(you can see it in the beginning of the thread). >>> > >>> >Actually the installation is: >>> >[root@zp-cml-test sssd]# cat /etc/redhat-release >>> >CentOS release 6.6 (Final) >>> > >>> >and versions are: >>> >[root@zp-cml-test sssd]# rpm -qa |grep sssd >>> >sssd-proxy-1.11.6-30.el6.x86_64 >>> >sssd-common-pac-1.11.6-30.el6.x86_64 >>> >sssd-ipa-1.11.6-30.el6.x86_64 >>> >sssd-1.11.6-30.el6.x86_64 >>> >sssd-common-1.11.6-30.el6.x86_64 >>> >sssd-ad-1.11.6-30.el6.x86_64 >>> >sssd-ldap-1.11.6-30.el6.x86_64 >>> >python-sssdconfig-1.11.6-30.el6.noarch >>> >sssd-krb5-common-1.11.6-30.el6.x86_64 >>> >sssd-krb5-1.11.6-30.el6.x86_64 >>> >sssd-client-1.11.6-30.el6.x86_64 >>> > >>> 1.11 has sudo_provider=ipa >>> >>> @see instructions in man sssd-sudo how to configure it. >>> It should avoid issues with two different providers (ipa and ldap) >>> >>> > >>> >There are some reasons why not to upgrade to later versions, believe >>> me, I >>> >would do it if I could :-) >>> > >>> You can at least try to upgrade sssd from 6.8 if you do not want >>> to upgrade whole OS. >>> >>> LS >>> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> >> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
