Re: [Freeipa-users] Wildcards in sudo external hostnames

2016-02-22 Thread Alexander Bokovoy
On Mon, 22 Feb 2016, Prashant Bapat wrote: Sorry not an option. I have couple of 1000s of instances. Aside from switching OS is there any other option? I mean "*" char is allowed in standard sudo implementation. To me it seems like there should not be a host name check on sudo hosts.

Re: [Freeipa-users] Wildcards in sudo external hostnames

2016-02-22 Thread Prashant Bapat
Sorry not an option. I have couple of 1000s of instances. Aside from switching OS is there any other option? I mean "*" char is allowed in standard sudo implementation. To me it seems like there should not be a host name check on sudo hosts. On 22 February 2016 at 12:22, Alexander Bokovoy

Re: [Freeipa-users] Wildcards in sudo external hostnames

2016-02-21 Thread Alexander Bokovoy
On Mon, 22 Feb 2016, Prashant Bapat wrote: SSSD on Amazon linux is a dead end! I have tried since a year without any definitive answer. Any other suggestions ? Switch to CentOS AMIs. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] Wildcards in sudo external hostnames

2016-02-21 Thread Prashant Bapat
SSSD on Amazon linux is a dead end! I have tried since a year without any definitive answer. Any other suggestions ? Thanks. --Prashant On 19 February 2016 at 21:32, Jakub Hrozek wrote: > On Fri, Feb 19, 2016 at 09:10:19PM +0530, Prashant Bapat wrote: > > Not using SSSD

Re: [Freeipa-users] Wildcards in sudo external hostnames

2016-02-19 Thread Jakub Hrozek
On Fri, Feb 19, 2016 at 09:10:19PM +0530, Prashant Bapat wrote: > Not using SSSD because Amazon Linux does not support samba libraries > required to compile it. Time to file a request against Amazon I guess :-) -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] Wildcards in sudo external hostnames

2016-02-19 Thread Prashant Bapat
Not using SSSD because Amazon Linux does not support samba libraries required to compile it. On 19 February 2016 at 14:28, Jakub Hrozek wrote: > On Fri, Feb 19, 2016 at 11:27:16AM +0530, Prashant Bapat wrote: > > Hi, > > > > I'm using FreeIPA 4.1.4 with nss-pam-ldapd and the

[Freeipa-users] Wildcards in sudo external hostnames

2016-02-18 Thread Prashant Bapat
Hi, I'm using FreeIPA 4.1.4 with nss-pam-ldapd and the compat schema. I'm thinking of moving sudo rules to IPA and with *ou=sudoers* and sudo-ldap this works. In our setup we have lot of rules with wildcard matching for sudo hostnames. For ex webserver*, dbserver* etc. In the IPA UI, when I