Lukas Slebodnik wrote:
On (08/11/17 16:01), Andrea Passuello wrote:
Hi all, I use SSSD with OpenLDAP and I am able to authenticate users. I am trying to configure SSSD for managing and caching sudo but I can't use sudo and the system reply me with this:
Sorry, user xxx is not allowed to execute '/usr/bin/apt-get update' as root on MACHINE.
A) ensure that you have right version of sudo installed on debian/ubuntu It need to be compiled with sssd support sudo --version | grep sssd
For whatever reason Debian has to different sudo packages: sudo - Provide limited super user privileges to specific users sudo-ldap - Provide limited super user privileges to specific users
For "sudoers: sss" in nsswitch.conf you need package "sudo" and *not* "sudo-ldap" even if you have your sudoers entries in LDAP directory.
Ciao, Michael.