[Freeipa-users] Fwd: problem users AD can not sudo in centos 6.6
Dmitri Pal
dpal at redhat.com
Sat Jan 3 19:10:09 UTC 2015
On 01/03/2015 05:14 AM, alireza baghery wrote:
>
>
> hi
> i integrated AD windows 208 R2 with IPA server (centos 6.5)
> i write policy for user test execute any command on any host
> user test can execute sudo on cetnos 6.5 but on centos 6.6 can not
> (sudo get error)
> confige sssd.conf
> =========================
> [domain/l.example.com <http://l.example.com>]
> debug_level = 6
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain =l.example.com <http://l.example.com>
> id_provider = ipa
> ipa_server = _srv_,ipaserver.l.example.com <http://ipaserver.l.example.com>
> dap_tls_cacert = /etc/ipa/ca.crt
> sudo_provider = ldap
> ldap_uri =ldap://ipasrv.l.example.com
> ldap_sudo_search_base = ou=sudoers,dc=l, dc=example,dc=com
> ldap_sasl_mech = GSSAPI
> ldap_sasl_authid = host/ipadevel.l.example.com <http://ipadevel.l.example.com>
> ldap_sasl_realm =L.EXAMPLE.COM <http://L.EXAMPLE.COM>
> krb5_server =ipadevel.l.example.com <http://ipadevel.l.example.com>
>
>
> [sssd]
> config_file_version = 2
> services = nss, pam,ssh,sudo
> ============================
> how to solve this problem
>
>
>
Enable sudo debugging and see what happens. Is the command denied or
there is some other error?
Generally there are two flavors of errors: something is wrong with a
connection and no policy gets through or the policies get though but
something is wrong with this specific policy or configuration.
To start debugging first rule out connectivity issues.
SUDO and sssd debug logs are your friends.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150103/7e52ff76/attachment.htm>
More information about the Freeipa-users
mailing list