Hey Guys
Not sure if I am missing any bit.... but this was the thing in the end:
http://generations.menteyarte.org/archives/195-freeipa-server-and-SSSD-on-Ubuntu.html
I managed to have it working and I have documented all those nasty bits
which might save people's time. The whole weekend gone but for the less
has been productive.
I am including the SUDO bit which is usually a pain in my experience..
Thanks
On 2015-03-26 08:31, Jakub Hrozek wrote:
If you have SSSD 1.9.6 or newer all the sudo configuration boils down
to including 'sss' for 'sudoers' in nsswitch.conf and
sudo_provider=ipa in sssd.conf.
You also need a reasonably recent sudo itself. Posting versions of
SSSD and sudo would help.
----- Original Message -----
From: "Gonzalo Fernandez Ordas" <g.fer.or...@unicyber.co.uk>
To: "Rob Crittenden" <rcrit...@redhat.com>, d...@redhat.com
Cc: freeipa-users@redhat.com
Sent: Thursday, 26 March, 2015 6:21:19 AM
Subject: Re: [Freeipa-users] Ubuntu sssd client -- FreeIPA Server fed
from AD
I have to test a few options to see how I can overcome that issue.
A pity as I nearly got everything setup in full.
Any findings I will get back to the list as this might be relevant for
other users.
On 25/03/2015 19:56, Rob Crittenden wrote:
Gonzalo Fernandez Ordas wrote:
Exactly the document i was having a look at.
In simple words,is possible to work this around and how,?
Otherwise i have to drop freeipa and get back to 389_ds as still
seems
fully ldap sssd compatible.
Have you got any doc clearly stating how to get this done?
I really invested many days on reaching this far being sudo the last
tiny bit to get sorted which is hugely frustrated.
How to configure sudo largely depends on the version of SSSD you have
in
Ubuntu. I'm not sure how configuring SSSD is going to affect your
choice
of server though. If you still use SSSD the same problem will exist
regardless, right?
rob
Thanks for all the support
Sent from Type Mail <http://r.typeapp.com>
On Mar 25, 2015, at 5:35 PM, Dmitri Pal <d...@redhat.com
<mailto:d...@redhat.com>> wrote:
On 03/25/2015 08:32 PM, g.fer.or...@unicyber.co.uk wrote:
Hi
I am setting up a plain and simple sssd service against my
FreeIPA
Server.
The FreeIPA Server is a Centos 7.1 box with IPA version 4.1
and the
client box is ubuntu: Ubuntu 12.04.5 LTS
The Users and Credentials are being Synched out of an AD
Server
(the
passwords happened to be transferred using the PassSync
Service)
Now.. I wanted to setup a very simple sssd service (not the
FreeIPA
client service)
And so far I succeeded on synching the users along with the
passwords
using SSSD.
Now, Trying to get the sudo access sorted I cannot see that
working,
and I came across some documentation mentioning SSSD is NOT
currently
supporting IPA schema for the SUDOers
if that is the case
Can anybody point me to the right document or procedure in
terms of
getting also the sudoers installed?
Would be possible , somehow, to have this sorted WITHOUT
using the
ipa-client?
many thanks!
http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project