Lukas Slebodnik wrote:
On (08/11/17 16:01), Andrea Passuello wrote:
> Hi all,
> I use SSSD with OpenLDAP and I am able to authenticate users.
> I am trying to configure SSSD for managing and caching sudo but I can't use
> sudo and the system reply me with this:
> Sorry, user xxx is not allowed to execute '/usr/bin/apt-get update' as root
> on MACHINE.
A) ensure that you have right version of sudo installed on debian/ubuntu
It need to be compiled with sssd support
sudo --version | grep sssd
For whatever reason Debian has to different sudo
sudo - Provide limited super user privileges to specific users
sudo-ldap - Provide limited super user privileges to specific users
For "sudoers: sss" in nsswitch.conf you need package "sudo" and *not*
"sudo-ldap" even if you have your sudoers entries in LDAP directory.