On (26/08/14 16:50), alireza baghery wrote: >sorry for delay >file sssd.conf: >============== > >domain/example.com] >debug_level = 6 >cache_credentials = True >krb5_store_password_if_offline = True >ipa_domain = l.example.com >id_provider = ipa >auth_provider = ipa >access_provider = ipa >ipa_hostname = client1.l.example.com >chpass_provider = ipa >ipa_server = ipaserver.l.example.com >ldap_tls_cacert = /etc/ipa/ca.crt > >[sssd] >config_file_version = 2 >services = nss, pam,ssh,sudo > You wrote that AD user cannot use sudo. The problem is that even ipa users cannot use sudo with this configuration.
SSSD on CentoOS 6.5 does not have sudo_provider = ipa and thus configuration is little bit complicated. The configuration is described in manual page sssd-sudo man sssd-sudo -> CONFIGURING SUDO TO COOPERATE WITH SSSD -> CONFIGURING SSSD TO FETCH SUDO RULES LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project