Configuring Sudo in SSSD
Trying to Login to Linux systems using windows AD account. Configured successfully using SSSD.
Used LDAP as Identity & Access Providers and Kerberos as the Authentication provider.
I have done all this without joining the linux systems to the domain.
Now I'm trying to configure LDAP as sudo provider. But its not successfull. I'm not able to elevate the sudo permissions to the ad users. I've even tried using sudoers file, there i'm able to elevate permissions to the specific user, but not to the ad group.
Here's the SSSD config w.r.t sudo configuration
**sudo_provider = ldap
ldap_sudo_search_base = ou=groups,dc=ad,dc=example,dc=com
ldap_sudorule_object_class = sudoRole
ldap_sudorule_object_class = top
ldap_sudorule_command = ALL
ldap_sudorule_host = ALL
ldap_sudorule_user = %domain_group
ldap_sudorule_runasuser = ALL
ldap_sudorule_runas = ALL
ldap_sudorule_runasgroup = ALL
ldap_sudorule_option = !authenticate**
I've tried enabling logging at debug level 7, its showing that unable to load local rules.
Regards, Uday.
Last edited by udaydhoka; 12-25-2018 at 12:04 AM.
|