View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0014002 | CentOS-7 | ipa | public | 2017-10-11 09:57 | 2020-04-22 18:01 |
Reporter | romale | Assigned To | |||
Priority | normal | Severity | major | Reproducibility | always |
Status | new | Resolution | open | ||
Platform | x86_ | ||||
Product Version | 7.4.1708 | ||||
Summary | 0014002: sudo rules on IPA client not works without sudo_provider = ipa | ||||
Description | I've installed ipa-client and join this host to ipa server. On ipa server ri've configured sudo rules etc, but it's not worked without writing sudo_provider = ipa option to /etc/sssd/sssd.conf Not worked config: cat /etc/sssd/sssd.conf [domain/mydomain.ru] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = mydomain.ru id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = mail.mydomain.ru chpass_provider = ipa ipa_server = _srv_, ipa01.mydomain.ru ldap_tls_cacert = /etc/ipa/ca.crt [sssd] services = nss, sudo, pam, ssh domains = belozersky.msu.ru [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] Worked config: cat /etc/sssd/sssd.conf [domain/mydomain.ru] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = mydomain.ru id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = mail.mydomain.ru chpass_provider = ipa ipa_server = _srv_, ipa01.mydomain.ru ldap_tls_cacert = /etc/ipa/ca.crt sudo_provider = ipa [sssd] services = nss, sudo, pam, ssh domains = belozersky.msu.ru [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] | ||||
Tags | No tags attached. | ||||
abrt_hash | |||||
URL | |||||
This bug needs to be pushed upstream as the problem is 3 years old and still exists. This would be a very simple modification to the install scripts in the package(s) to modify the config file to add the line that specifies FreeIPA as the provider when performing a freeipa-client installation on a target system. In the meantime, I am adding this fix for anyone who comes across this page, because fixing bugs and resulting issues is critical to ensuring the stability and reliability of any piece of software. Sed command that can be used in a shell script/Ansible playbook: sed '14 a sudo_provider = ipa' /etc/sssd/sssd.conf Explanation - sed '14 a sudo_provider = ipa' /etc/sssd/sssd.conf = after line 14 of the file '/etc/sssd/sssd.conf', add "sudo_provider = ipa" The regular expression passed through sed should be modified if the line number is different in your sssd.conf. |
|