2017-10-23 20:23 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0014002CentOS-7ipapublic2017-10-11 10:02
Reporterromale 
PrioritynormalSeveritymajorReproducibilityalways
StatusnewResolutionopen 
Platformx86_OSOS Version
Product Version7.4.1708 
Target VersionFixed in Version 
Summary0014002: sudo rules on IPA client not works without sudo_provider = ipa
DescriptionI've installed ipa-client and join this host to ipa server.
On ipa server ri've configured sudo rules etc, but it's not worked without writing sudo_provider = ipa option to /etc/sssd/sssd.conf

Not worked config:
cat /etc/sssd/sssd.conf
[domain/mydomain.ru]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = mydomain.ru
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = mail.mydomain.ru
chpass_provider = ipa
ipa_server = _srv_, ipa01.mydomain.ru
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, sudo, pam, ssh

domains = belozersky.msu.ru
[nss]
homedir_substring = /home

[pam]

[sudo]

[autofs]

[ssh]

[pac]

[ifp]

Worked config:
cat /etc/sssd/sssd.conf
[domain/mydomain.ru]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = mydomain.ru
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = mail.mydomain.ru
chpass_provider = ipa
ipa_server = _srv_, ipa01.mydomain.ru
ldap_tls_cacert = /etc/ipa/ca.crt
sudo_provider = ipa
[sssd]
services = nss, sudo, pam, ssh

domains = belozersky.msu.ru
[nss]
homedir_substring = /home

[pam]

[sudo]

[autofs]

[ssh]

[pac]

[ifp]
TagsNo tags attached.
abrt_hash
URL
Attached Files

-Relationships
+Relationships

-Notes
There are no notes attached to this issue.
+Notes

-Issue History
Date Modified Username Field Change
2017-10-11 09:57 romale New Issue
+Issue History