Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
sudo from ldap using sssd
View unanswered posts
View posts from last 24 hours

Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message

Joined: 10 Sep 2014
Posts: 2

PostPosted: Tue Feb 10, 2015 2:40 pm    Post subject: sudo from ldap using sssd Reply with quote


I am trying to make sudo work with sssd and rules from LDAP. I have successfully configured such a setup on CentOS 6.6, but I fail to do the same on gentoo. As far as I know, sudo just ignores rules from sssd.

tr linux # sudo -ll -U test
User test is not allowed to run sudo on tr.

sssd's debug log says that it successfully downloads and caches the rules.

Can anybody help with this?

The Archlinux wiki says that you need to enable sssd support in sudo. Yet:

tr linux # eix sudo
[I] app-admin/sudo
     Available versions:  1.8.11_p1 ~1.8.11_p2 ~1.8.12 {ldap nls offensive pam selinux +sendmail skey}
     Installed versions:  1.8.11_p1(03:28:38 PM 02/10/2015)(ldap nls offensive pam sendmail -selinux -skey)
     Description:         Allows users or groups to run commands as other users

You can't enable sssd support in sudo on gentoo.

EDIT: Digging deeper into the sssd issue, gentoo as seen above, doesn't have a sssd use flag, yet current sssd packages have -with-sssd configure option. So apparently that is a bug? How does one report it to the proper gentoo package maintainer?

Yes, I have "sudo" use flag on sssd.

my sssd.conf:


config_file_version = 2
services = nss, pam, sudo
domains = default
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd

ldap_tls_reqcert = never
auth_provider = ldap
ldap_schema = rfc2307bis
krb5_realm = EXAMPLE.COM
ldap_search_base = dc=jmdi,dc=pl
ldap_sudo_search_base = ou=SUDOers,o=Initrode org,dc=example,dc=com
id_provider = ldap
sudo_provider = ldap
ldap_id_use_start_tls = False
chpass_provider = ldap
ldap_uri = ldaps://
ldap_chpass_uri = ldaps://
krb5_kdcip =
cache_credentials = true
entry_cache_timeout = 600
ldap_network_timeout = 3
ldap_access_filter = (&(objectclass=shadowaccount)(objectclass=posixaccount))
access_provider = ldap
ldap_access_order = host
ldap_user_authorized_host = allowedHosts
debug_level = 9

my nsswitch.conf:


passwd:      compat sss
shadow:      compat sss
group:       compat sss

# passwd:    db files nis
# shadow:    db files nis
# group:     db files nis

hosts:       files dns
networks:    files dns

services:    db files sss
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files sss
bootparams:  files

automount:   files sss
aliases:     files

sudoers:     files sss
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum