From Fedora Project Wiki

Revision as of 14:44, 12 September 2012 by Jcholast (talk | contribs) (Created page with "{{QA/Test_Case |description= Offline access to sudo rules. |setup= * Make sure you have sudo 1.8.6 rc3 or later installed ([http://koji.fedoraproject.org/koji/buildinfo?bu...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Description

Offline access to sudo rules.

Setup

  • Make sure you have sudo 1.8.6 rc3 or later installed (Koji build).
  • Make sure you have SSSD 1.9.0beta7 or later installed (Koji build).
  • Install FreeIPA server with DNS on one machine, server.ipa.example.com, and FreeIPA client on another machine, client.ipa.example.com (see Basic installation tests).

How to test

Configure SSSD

On client.ipa.example.com, you have to make some changes to /etc/sssd/sssd.conf.

Make sure the sudo service is enabled in the [sssd] section: 

[sssd]
...
services = nss, pam, ssh, sudo
...

In the FreeIPA domain section, you have to make the following changes (see man sssd-sudo for more information): 

[domain/IPA.EXAMPLE.COM]
...
sudo_provider = ldap
ldap_uri = ldap://server.ipa.example.com
ldap_sudo_search_base = ou=sudoers,dc=ipa,dc=example,dc=com
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = host/client.ipa.example.com
ldap_sasl_realm = IPA.EXAMPLE.COM
krb5_server = server.ipa.example.com
...

Sudo testing

TODO.

Expected Results

All the test steps should end with the specified results.



Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_freeipav3_sudo_sssd&oldid=301367"