Thanks a lot.
It works like a charm
On Sun, Oct 1, 2017 at 5:47 PM, Aaron Cole via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Hello!
For sssd to pull sudo rules for external (local) users you will have to
add a proxy domain into the /etc/sssd/sssd.conf, so sssd will know to go
out to the ipa servers for the external sudo rules. While this works it is
still recommended to use local sudoers for local users.
1) Add proxy domain to /etc/sssd/sssd.conf.
[domain/proxy] <----------------------- Define this section(proxy domain)
id_provider = proxy
proxy_lib_name = files
proxy_pam_target = system-auth-ac
sudo_provider = ldap <----------------- This could be 'ipa' as well
ldap_uri =
ldaps://rhel7-ipa-2.example.com
ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
ldap_tls_cacert = /etc/ipa/ca.crt
2) Add domain to "domains" line in the [sssd] section
domains =
example.com, proxy <------- Add a 'proxy' domain here
3) restart sssd.
I used this article to setup mine.
https://access.redhat.com/
solutions/2347541
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org