On (25/01/16 14:19), Juan Asensio Sánchez wrote:
Hi
I an trying to get sudo with sssd work with Samba4 provider, but I can't. I
have joined the domain using realmd:
realm --client-software=sssd join mmdd.indra.es
After that, I have modified some sssd settings, to add sudo service, enable
enumerate (during debigging), etc.:
I would recommend to disable enumeration for AD provider.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[sssd]
domains = xxxx.yyyy.es
config_file_version = 2
services = nss, pam, sudo, ssh
[sudo]
[ssh]
[domain/xxxx.yyyy.es]
enumerate = True
ad_domain = xxxx.yyyy.es
krb5_realm = XXXX.YYYY.ES
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = False
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
case_sensitive = false
ldap_user_ssh_public_key = sshPublicKey
sudo_provider = ldap
which version of sssd do you use?
because sssd >= 1.12.0 has native AD sudo provider.
Is sudo compiled with sssd support
sh$ sudo --version | grep sss
https://jhrozek.wordpress.com/2014/07/21/add-sudo-rules-to-active-directo...
And here is a link to sudo trouble shooting wiki.
https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
LS