Hello all,
I have the following setup:
389-ds server and various machines are configured to retrieve user
information via SSSD.
There is an user in the ldap server, called userx. This user is used by
HP UCMDB to log in machines and perform discovery of installed packages,
settings etc.
Due
On Fri, 2015-10-30 at 14:29 +0200, Todor Petkov wrote:
> Hello all,
>
> I have the following setup:
>
> 389-ds server and various machines are configured to retrieve user
> information via SSSD.
>
> There is an user in the ldap server, called userx. This user is used
> by
> HP UCMDB to log in
On 02/11/2015 03:33 AM, William Brown wrote:
There is no reason you can't add NOPASSWD to a user in sudoers
regardless of if they are resolved from ldap, sssd, or local.
Alternatelly, you can add NOPASSWD to a group, and make the ldap user a
member of the group.
Hello,
my bad, I meant that
On 02/11/2015 10:20 AM, Todor Petkov wrote:
Hello,
my bad, I meant that I have added the line in sudoers, but it was not
working.
However, I have added the user as "uniquemember" of the group, not
just "gidNumber" and it's OK now.
Thanks.
Hi,
small update:
when the group is with NOPAS
To get NOPASSWD behavior when using ldap to distribute your sudo records,
you need to add a sudo options attribute to the sudo rule in ldap to negate
the default authentication requirement.
>From http://www.sudo.ws/man/1.8.13/sudoers.man.html
authenticate:
If set, users must authenticate themsel
On 11/02/2015 07:02 AM, Todor Petkov wrote:
when the group is with NOPASSWD:ALL, it's not working.
If the user has specific record, it's OK.
I can change the sudoers record with pssh, but if someone can give a
hint how to make the group record working, I will appreciate it.
First, check your
