Update to this one: It has been running smoothly on 6.5 [[email protected] ~]# cat /etc/redhat-release CentOS release 6.5 (Final)
[[email protected] ~]# rpm -qa | grep sssd sssd-client-1.12.4-47.el6.x86_64 sssd-ldap-1.12.4-47.el6.x86_64 sssd-ad-1.12.4-47.el6.x86_64 python-sssdconfig-1.12.4-47.el6.noarch sssd-common-1.12.4-47.el6.x86_64 sssd-proxy-1.12.4-47.el6.x86_64 sssd-common-pac-1.12.4-47.el6.x86_64 sssd-krb5-1.12.4-47.el6.x86_64 sssd-ipa-1.12.4-47.el6.x86_64 sssd-krb5-common-1.12.4-47.el6.x86_64 sssd-1.12.4-47.el6.x86_64 On Wed, Jul 13, 2016 at 9:56 AM, Tomas Simecek <[email protected]> wrote: > Thanks, > I will try. But I am afraid to update to more recent version then those in > official repos. > > Thanks anyway. > > T. > > 2016-07-13 15:39 GMT+02:00 <[email protected]>: > >> Update to at least 1.12 sssd and libsss_sudo. As I recall sudo ipa >> provider did not work under 1.11 >> >> Sent from my iPhone >> >> On Jul 13, 2016, at 9:02 AM, Tomas Simecek <[email protected]> >> wrote: >> >> Hi, >> versions are: >> sssd-client-1.11.6-30.el6.x86_64 >> sssd-ipa-1.11.6-30.el6.x86_64 >> ipa-client-3.0.0-50.el6.centos.1.x86_64 >> as part of: >> CentOS release 6.6 (Final) >> >> T. >> >> 2016-07-13 14:52 GMT+02:00 <[email protected]>: >> >>> Again what is client version on 6.5? >>> >>> >>> Sent from my iPhone >>> >>> On Jul 13, 2016, at 8:25 AM, Tomas Simecek <[email protected]> >>> wrote: >>> >>> Thanks for your information Lukas, >>> I have changed sudo_provider to ipa, restarted sssd and no difference. >>> Logfile still says "Access granted by HBAC rule..." and sudo says >>> [email protected] is not allowed to run sudo on zp-cml-test. >>> >>> Btw. man sssd-sudo says: >>> The following example shows how to configure SSSD to download >>> sudo rules from an LDAP server. >>> >>> [sssd] >>> config_file_version = 2 >>> services = nss, pam, sudo >>> domains = EXAMPLE >>> >>> [domain/EXAMPLE] >>> id_provider = ldap >>> >>> so I am not that sure what should be set on my version of sssd. >>> >>> Any idea? >>> >>> Thanks >>> >>> T. >>> >>> 2016-07-13 13:44 GMT+02:00 Lukas Slebodnik <[email protected]>: >>> >>>> On (13/07/16 13:36), Tomas Simecek wrote: >>>> >Lukas, >>>> >yes, I went through that guide and I configured sssd.conf as per the >>>> doc >>>> >(you can see it in the beginning of the thread). >>>> > >>>> >Actually the installation is: >>>> >[root@zp-cml-test sssd]# cat /etc/redhat-release >>>> >CentOS release 6.6 (Final) >>>> > >>>> >and versions are: >>>> >[root@zp-cml-test sssd]# rpm -qa |grep sssd >>>> >sssd-proxy-1.11.6-30.el6.x86_64 >>>> >sssd-common-pac-1.11.6-30.el6.x86_64 >>>> >sssd-ipa-1.11.6-30.el6.x86_64 >>>> >sssd-1.11.6-30.el6.x86_64 >>>> >sssd-common-1.11.6-30.el6.x86_64 >>>> >sssd-ad-1.11.6-30.el6.x86_64 >>>> >sssd-ldap-1.11.6-30.el6.x86_64 >>>> >python-sssdconfig-1.11.6-30.el6.noarch >>>> >sssd-krb5-common-1.11.6-30.el6.x86_64 >>>> >sssd-krb5-1.11.6-30.el6.x86_64 >>>> >sssd-client-1.11.6-30.el6.x86_64 >>>> > >>>> 1.11 has sudo_provider=ipa >>>> >>>> @see instructions in man sssd-sudo how to configure it. >>>> It should avoid issues with two different providers (ipa and ldap) >>>> >>>> > >>>> >There are some reasons why not to upgrade to later versions, believe >>>> me, I >>>> >would do it if I could :-) >>>> > >>>> You can at least try to upgrade sssd from 6.8 if you do not want >>>> to upgrade whole OS. >>>> >>>> LS >>>> >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project >>> >>> >> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
