sure. Let me come back on that matter a bit later on next week.
----- Mail original ----- De: "Dmitri Pal" <d...@redhat.com> À: freeipa-users@redhat.com Envoyé: Mardi 17 Février 2015 19:39:40 Objet: Re: [Freeipa-users] issues with sudo on RHEL5.8 On 02/17/2015 05:18 AM, Nicolas Zin wrote: > Thanks, > > that helps! > I mistyped binddn and bindpw > > ----- Mail original ----- > De: "Lukasz Jaworski" <lukasz.jawor...@allegrogroup.com> > À: "Nicolas Zin" <nicolas....@savoirfairelinux.com> > Cc: freeipa-users@redhat.com > Envoyé: Mardi 17 Février 2015 13:31:20 > Objet: Re: [Freeipa-users] issues with sudo on RHEL5.8 > >> With a RHEL7 IDM installation, I try to make sudo working. >> On RHEL6 no problem (via sssd) >> On RHEL5.8 I don't manage to make it working (credential are good, I manage >> to request the schema, see below) >> Where can I found more logs? >> What did I forget? >> [root@srv-rhel58-01 ~]# cat /etc/nss_ldap.conf >> bindn uid=sudo,cn=sysaccounts,cn=etc,dc=company,dc=com >> binpw redhat5Sudo >> ssl start_tls >> tls_cacertfile /etc/openldap/cacerts/ipa.crt >> #tls_cacert /etc/openldap/cacerts/ipa.crt >> tls_checkpeer yes >> #uri ldap://srv-idm7-01.company.com, ldap://srv-idm7-02.company.com >> uri ldap://srv-idm7-01.company.com >> sudoers_base ou=SUDOers,dc=company,dc=com >> sudoers_debug: 2 > change last line (remove ":") to: > sudoers_debug 2 > > And then try sudo. > > Check: > /etc/nsswitch.conf > should be: > sudoers: files ldap > > Best regards, > Ender > We quite frequently get questions about how to configure SUDO with IPA from RHEL5.x clients. Would you mind sharing this configuration as a howto solution? http://www.freeipa.org/page/HowTos -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
