Hello Ubuntu
On our network we have our sudoers stored in LDAP. This works fine on the CentOS 5.4 clients by placing into /etc/ldap.conf
sudoers_base ou=sudoers,ou=Services,dc=example,dc=net
and in /etc/nsswitch.conf we have the entry:
sudoers: ldap
(setting this setting to just 'ldap' instead of 'files ldap' does not render the machine unbootable as happens if you set passwd and group this way).
However I am attempting to set this up on an Ubuntu 9.10 client and getting no joy so far. I have the same settings in /etc/ldap.conf and /etc/nsswitch.conf and cannot get sudoers to work.
On the Ubuntu box, I can get LDAP entries by typing in getent passwd | grep ldapAccount, however when you attempt to sudo it fails:
bluethundr@ubuntu3:~$ sudo bash
/etc/sudoers: syntax error near line 0 <<<
sudo: parse error in /etc/sudoers near line 0 sudo: no valid sudoers sources found, quitting
We leave our sudoers file blank intentionally in order to manage this via LDAP. Again, this problem is ONLY happening under Ubuntu and not under Centos 5.4.
The only real difference that I see between the two clients is the sudo version. Could it be that under ubuntu LDAP sudo support isn't compiled in? if so how to recompile it so that it does?
CentOS 5.4 sudo version:
[root@ldap2 ~]# sudo -V Sudo version 1.7.2p1
Ubuntu 9.10 sudo version:
root@ubuntu3:~# sudo -V Sudo version 1.7.0
[root@ldap2 ~]# sudo -V Sudo version 1.7.2p1
And here are the linkages:
CentOS 5.4:
[root@ldap2 ~]# ldd $(which sudo) libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aaaaacc8000) libcap.so.1 => /lib64/libcap.so.1 (0x00002aaaaaee0000) libpam.so.0 => /lib64/libpam.so.0 (0x00002aaaab0e4000) libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaab2f0000) libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0 (0x00002aaaab4f4000) libc.so.6 => /lib64/libc.so.6 (0x00002aaaab72e000) libaudit.so.0 => /lib64/libaudit.so.0 (0x00002aaaaba86000) liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0 (0x00002aaaabc9e000) libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aaaabeac000) /lib64/ld-linux-x86-64.so.2 (0x00002aaaaaaab000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aaaac0f3000) libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00002aaaac308000) libssl.so.6 => /lib64/libssl.so.6 (0x00002aaaac521000) libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002aaaac76e000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002aaaacabf000) libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002aaaaccf7000) libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aaaacf26000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aaaad1bb000) libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aaaad3bd000) libz.so.1 => /usr/lib64/libz.so.1 (0x00002aaaad5e3000) libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002aaaad7f7000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aaaad9ff000)
Ubuntu 9.10
bluethundr@ubuntu3:~$ ldd $(which sudo) linux-gate.so.1 => (0x00914000) libpam.so.0 => /lib/libpam.so.0 (0x00753000) libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0x00223000) libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0x00fa1000) libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x004f1000) liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0x00f35000) /lib/ld-linux.so.2 (0x00d75000) libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0x00345000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x008d0000) libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00b77000) libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0x002e3000) libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x001df000) libz.so.1 => /lib/libz.so.1 (0x007d6000) libgcrypt.so.11 => /lib/libgcrypt.so.11 (0x003f3000) libgpg-error.so.0 => /lib/libgpg-error.so.0 (0x00110000)
Thanks for any input you may have!
--On Friday, November 19, 2010 2:23 PM -0500 bluethundr bluethundr@gmail.com wrote:
Hello Ubuntu
On our network we have our sudoers stored in LDAP. This works fine on the CentOS 5.4 clients by placing into /etc/ldap.conf
sudoers_base ou=sudoers,ou=Services,dc=example,dc=net
and in /etc/nsswitch.conf we have the entry:
sudoers: ldap
(setting this setting to just 'ldap' instead of 'files ldap' does not render the machine unbootable as happens if you set passwd and group this way).
However I am attempting to set this up on an Ubuntu 9.10 client and getting no joy so far. I have the same settings in /etc/ldap.conf and /etc/nsswitch.conf and cannot get sudoers to work.
On the Ubuntu box, I can get LDAP entries by typing in getent passwd | grep ldapAccount, however when you attempt to sudo it fails:
My guess would be that it is a different version of sudo. Have you read the manual page for it?
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
On 11/19/2010 02:32 PM, Quanah Gibson-Mount wrote:
--On Friday, November 19, 2010 2:23 PM -0500 bluethundr bluethundr@gmail.com wrote:
Hello Ubuntu
On our network we have our sudoers stored in LDAP. This works fine on the CentOS 5.4 clients by placing into /etc/ldap.conf
sudoers_base ou=sudoers,ou=Services,dc=example,dc=net
and in /etc/nsswitch.conf we have the entry:
sudoers: ldap
(setting this setting to just 'ldap' instead of 'files ldap' does not render the machine unbootable as happens if you set passwd and group this way).
However I am attempting to set this up on an Ubuntu 9.10 client and getting no joy so far. I have the same settings in /etc/ldap.conf and /etc/nsswitch.conf and cannot get sudoers to work.
On the Ubuntu box, I can get LDAP entries by typing in getent passwd | grep ldapAccount, however when you attempt to sudo it fails:
My guess would be that it is a different version of sudo. Have you read the manual page for it?
Ubuntu has a sudo-ldap package that replaces the normal ldap with a, well, ldap-enhanced one.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
On 11/19/2010 02:23 PM, bluethundr wrote:
Hello Ubuntu
On our network we have our sudoers stored in LDAP. This works fine on the CentOS 5.4 clients by placing into /etc/ldap.conf
sudoers_base ou=sudoers,ou=Services,dc=example,dc=net
Try putting it in /etc/ldap/ldap.conf
and in /etc/nsswitch.conf we have the entry:
sudoers: ldap
(setting this setting to just 'ldap' instead of 'files ldap' does not render the machine unbootable as happens if you set passwd and group this way).
However I am attempting to set this up on an Ubuntu 9.10 client and getting no joy so far. I have the same settings in /etc/ldap.conf and /etc/nsswitch.conf and cannot get sudoers to work.
On the Ubuntu box, I can get LDAP entries by typing in getent passwd | grep ldapAccount, however when you attempt to sudo it fails:
bluethundr@ubuntu3:~$ sudo bash
/etc/sudoers: syntax error near line 0<<<
sudo: parse error in /etc/sudoers near line 0 sudo: no valid sudoers sources found, quitting
We leave our sudoers file blank intentionally in order to manage this via LDAP. Again, this problem is ONLY happening under Ubuntu and not under Centos 5.4.
The only real difference that I see between the two clients is the sudo version. Could it be that under ubuntu LDAP sudo support isn't compiled in? if so how to recompile it so that it does?
CentOS 5.4 sudo version:
[root@ldap2 ~]# sudo -V Sudo version 1.7.2p1
Ubuntu 9.10 sudo version:
root@ubuntu3:~# sudo -V Sudo version 1.7.0
[root@ldap2 ~]# sudo -V Sudo version 1.7.2p1
And here are the linkages:
CentOS 5.4:
[root@ldap2 ~]# ldd $(which sudo) libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aaaaacc8000) libcap.so.1 => /lib64/libcap.so.1 (0x00002aaaaaee0000) libpam.so.0 => /lib64/libpam.so.0 (0x00002aaaab0e4000) libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaab2f0000) libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0 (0x00002aaaab4f4000) libc.so.6 => /lib64/libc.so.6 (0x00002aaaab72e000) libaudit.so.0 => /lib64/libaudit.so.0 (0x00002aaaaba86000) liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0 (0x00002aaaabc9e000) libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aaaabeac000) /lib64/ld-linux-x86-64.so.2 (0x00002aaaaaaab000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aaaac0f3000) libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00002aaaac308000) libssl.so.6 => /lib64/libssl.so.6 (0x00002aaaac521000) libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002aaaac76e000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002aaaacabf000) libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002aaaaccf7000) libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aaaacf26000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aaaad1bb000) libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aaaad3bd000) libz.so.1 => /usr/lib64/libz.so.1 (0x00002aaaad5e3000) libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002aaaad7f7000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aaaad9ff000)
Ubuntu 9.10
bluethundr@ubuntu3:~$ ldd $(which sudo) linux-gate.so.1 => (0x00914000) libpam.so.0 => /lib/libpam.so.0 (0x00753000) libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0x00223000) libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0x00fa1000) libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x004f1000) liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0x00f35000) /lib/ld-linux.so.2 (0x00d75000) libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0x00345000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x008d0000) libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00b77000) libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0x002e3000) libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x001df000) libz.so.1 => /lib/libz.so.1 (0x007d6000) libgcrypt.so.11 => /lib/libgcrypt.so.11 (0x003f3000) libgpg-error.so.0 => /lib/libgpg-error.so.0 (0x00110000)
Thanks for any input you may have!
The default version of sudo that comes with Ubuntu is compiled without LDAP support. If you want the ldap-enabled version, install the 'sudo-ldap' package.
On Fri, Nov 19, 2010 at 2:23 PM, bluethundr bluethundr@gmail.com wrote:
Hello Ubuntu
On our network we have our sudoers stored in LDAP. This works fine on the CentOS 5.4 clients by placing into /etc/ldap.conf
sudoers_base ou=sudoers,ou=Services,dc=example,dc=net
and in /etc/nsswitch.conf we have the entry:
sudoers: ldap
(setting this setting to just 'ldap' instead of 'files ldap' does not render the machine unbootable as happens if you set passwd and group this way).
However I am attempting to set this up on an Ubuntu 9.10 client and getting no joy so far. I have the same settings in /etc/ldap.conf and /etc/nsswitch.conf and cannot get sudoers to work.
On the Ubuntu box, I can get LDAP entries by typing in getent passwd | grep ldapAccount, however when you attempt to sudo it fails:
bluethundr@ubuntu3:~$ sudo bash
/etc/sudoers: syntax error near line 0 <<<
sudo: parse error in /etc/sudoers near line 0 sudo: no valid sudoers sources found, quitting
We leave our sudoers file blank intentionally in order to manage this via LDAP. Again, this problem is ONLY happening under Ubuntu and not under Centos 5.4.
The only real difference that I see between the two clients is the sudo version. Could it be that under ubuntu LDAP sudo support isn't compiled in? if so how to recompile it so that it does?
CentOS 5.4 sudo version:
[root@ldap2 ~]# sudo -V Sudo version 1.7.2p1
Ubuntu 9.10 sudo version:
root@ubuntu3:~# sudo -V Sudo version 1.7.0
[root@ldap2 ~]# sudo -V Sudo version 1.7.2p1
And here are the linkages:
CentOS 5.4:
[root@ldap2 ~]# ldd $(which sudo) libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aaaaacc8000) libcap.so.1 => /lib64/libcap.so.1 (0x00002aaaaaee0000) libpam.so.0 => /lib64/libpam.so.0 (0x00002aaaab0e4000) libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaab2f0000) libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0 (0x00002aaaab4f4000) libc.so.6 => /lib64/libc.so.6 (0x00002aaaab72e000) libaudit.so.0 => /lib64/libaudit.so.0 (0x00002aaaaba86000) liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0 (0x00002aaaabc9e000) libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aaaabeac000) /lib64/ld-linux-x86-64.so.2 (0x00002aaaaaaab000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aaaac0f3000) libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00002aaaac308000) libssl.so.6 => /lib64/libssl.so.6 (0x00002aaaac521000) libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002aaaac76e000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002aaaacabf000) libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002aaaaccf7000) libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aaaacf26000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aaaad1bb000) libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aaaad3bd000) libz.so.1 => /usr/lib64/libz.so.1 (0x00002aaaad5e3000) libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002aaaad7f7000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aaaad9ff000)
Ubuntu 9.10
bluethundr@ubuntu3:~$ ldd $(which sudo) linux-gate.so.1 => (0x00914000) libpam.so.0 => /lib/libpam.so.0 (0x00753000) libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0x00223000) libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0x00fa1000) libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x004f1000) liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0x00f35000) /lib/ld-linux.so.2 (0x00d75000) libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0x00345000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x008d0000) libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00b77000) libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0x002e3000) libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x001df000) libz.so.1 => /lib/libz.so.1 (0x007d6000) libgcrypt.so.11 => /lib/libgcrypt.so.11 (0x003f3000) libgpg-error.so.0 => /lib/libgpg-error.so.0 (0x00110000)
Thanks for any input you may have!
-- Here's my RSA Public key: gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9
Share and enjoy!!
On Friday 19 November 2010, bluethundr wrote:
Hello Ubuntu
On our network we have our sudoers stored in LDAP. This works fine on the CentOS 5.4 clients by placing into /etc/ldap.conf
sudoers_base ou=sudoers,ou=Services,dc=example,dc=net
and in /etc/nsswitch.conf we have the entry:
sudoers: ldap
(setting this setting to just 'ldap' instead of 'files ldap' does not render the machine unbootable as happens if you set passwd and group this way).
However I am attempting to set this up on an Ubuntu 9.10 client and getting no joy so far. I have the same settings in /etc/ldap.conf and /etc/nsswitch.conf and cannot get sudoers to work.
I have 10.10 on my laptop and there is a separate ldap version of sudo: sudo- ldap.
http://packages.ubuntu.com/karmic/sudo-ldap
Stef
My guess would be that it is a different version of sudo. Have you read the manual page for it?
--Quanah
Yes I have, although thank you for the suggestion.
I have 10.10 on my laptop and there is a separate ldap version of sudo: sudo- ldap.
As the user acccount I attempt to sudo bash:
bluethundr@ubuntu3:~$ sudo bash
And I get this response:
sudo: no valid sudoers sources found, quitting
I change to root:
bluethundr@ubuntu3:~$ su - root Password:
have a lookat /etc/sudoers:
root@ubuntu3:~# cat /etc/sudoers ##This file is intentionally left empty
And check the setting in nsswitch:
root@ubuntu3:~# cat /etc/nsswitch.conf | grep sudoers: sudoers: ldap
I check /etc/ldap/ldap.conf:
root@ubuntu3:~# cat /etc/ldap/ldap.conf # # LDAP Defaults #
# See ldap.conf(5) for details # This file should be world readable but not world writable. uri ldap://ldap.example.net base dc=example,dc=net sudoers_base ou=sudoers,ou=Services,dc=example,dc=net TLS_CACERT /certs/ldapscert.pem
#SIZELIMIT 12 #TIMELIMIT 15 #DEREF never
I check that /etc/ldap.conf has an entry for sudoers:
root@ubuntu3:~# cat /etc/ldap.conf | grep sudo sudoers_base ou=sudoers,ou=Services,dc=acadaca,dc=net
I make sure that sudo-ldap is installed:
root@ubuntu3:~# aptitude search sudo-ldap i sudo-ldap - Provide limited super user privileges to s
And correctly linked:
root@ubuntu3:~# ldd $(which sudo) linux-gate.so.1 => (0x0011a000) libpam.so.0 => /lib/libpam.so.0 (0x00940000) libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0x00c8e000) libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0x008a2000) libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x009ed000) liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0x0069d000) /lib/ld-linux.so.2 (0x0018b000) libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0x0090c000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00991000) libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x001a8000) libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0x008ed000) libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x0084c000) libz.so.1 => /lib/libz.so.1 (0x00fd6000) libgcrypt.so.11 => /lib/libgcrypt.so.11 (0x00250000) libgpg-error.so.0 => /lib/libgpg-error.so.0 (0x00110000)
In the right place for Ubuntu 9.10:
root@ubuntu3:~# which sudo /usr/bin/sudo root@ubuntu3:~# sudo -v sudo: no valid sudoers sources found, quitting
And have a look at my sudo version and environment:
root@ubuntu3:~# sudo -V Sudo version 1.7.0
Sudoers path: /etc/sudoers nsswitch path: /etc/nsswitch.conf ldap.conf path: /etc/sudo-ldap.conf ldap.secret path: /etc/ldap.secret Authentication methods: 'pam' Syslog facility if syslog is being used for logging: authpriv Syslog priority to use when user authenticates successfully: notice Syslog priority to use when user authenticates unsuccessfully: alert Send mail if the user is not in sudoers Use a separate timestamp for each user/tty combo Lecture user the first time they run sudo Require users to authenticate by default Root may run sudo Allow some information gathering to give useful error messages Require fully-qualified hostnames in the sudoers file Visudo will honor the EDITOR environment variable Set the LOGNAME and USER environment variables Length at which to wrap log file lines (0 for no wrap): 80 Authentication timestamp timeout: 15 minutes Password prompt timeout: 0 minutes Number of tries to enter a password: 3 Umask to use or 0777 to use user's: 022 Path to mail program: /usr/sbin/sendmail Flags for mail program: -t Address to send mail to: root Subject line for mail messages: *** SECURITY information for %h *** Incorrect password message: Sorry, try again. Path to authentication timestamp dir: /var/run/sudo Default password prompt: [sudo] password for %p: Default user to run commands as: root Value to override user's $PATH with: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin Path to the editor for use by visudo: /usr/bin/editor When to require a password for 'list' pseudocommand: any When to require a password for 'verify' pseudocommand: all File containing dummy exec functions: /usr/lib/sudo/sudo_noexec.so File descriptors >= 3 will be closed before executing a command Reset the environment to a default set of variables Environment variables to check for sanity: TERM LINGUAS LC_* LANGUAGE LANG COLORTERM Environment variables to remove: RUBYOPT RUBYLIB PYTHONINSPECT PYTHONPATH PYTHONHOME TMPPREFIX ZDOTDIR READNULLCMD NULLCMD FPATH PERL5DB PERL5OPT PERL5LIB PERLLIB PERLIO_DEBUG JAVA_TOOL_OPTIONS SHELLOPTS GLOBIGNORE PS4 BASH_ENV ENV TERMCAP TERMPATH TERMINFO_DIRS TERMINFO _RLD* LD_* PATH_LOCALE NLSPATH HOSTALIASES RES_OPTIONS LOCALDOMAIN PS4 SHELLOPTS CDPATH IFS Environment variables to preserve: http_proxy XAUTHORIZATION XAUTHORITY TZ PS2 PS1 PATH MAIL LS_COLORS KRB5CCNAME HOSTNAME HOME DISPLAY COLORS Locale to use while parsing sudoers: C Local IP address and netmask pairs: 10.0.2.15 / 255.255.255.0 192.168.50.101 / 255.255.255.0 fe80::a00:27ff:feae:c8ab / ffff:ffff:ffff:ffff:: fe80::a00:27ff:fe2a:7d3c / ffff:ffff:ffff:ffff::
I also make sure that the box is talking to LDAP for passwd:
root@ubuntu3:~# getent passwd | grep bluethundr bluethundr:secret:20000:20000:Timothy P. thatguy:/home/bluethundr:/bin/bash
for group:
root@ubuntu3:~# getent group | grep bluethundr adm:x:4:bluethundr dialout:x:20:bluethundr cdrom:x:24:bluethundr plugdev:x:46:bluethundr lpadmin:x:104:bluethundr admin:x:115:bluethundr bluethundr:x:1000: sambashare:x:120:bluethundr ldapusers:*:10000:bluethundr,jeff,tony,nick bluethundr:*:20000:bluethundr
And make sure that the user account is not a local account:
root@ubuntu3:~# grep bluethundr /etc/passwd root@ubuntu3:~#
So given all that why on earth is this not working? I had sudoers setup under CentOS in about 5 minutes. But Ubuntu 9.10 still has me head-desking!! Thank you for you help here!!
On Fri, Nov 19, 2010 at 2:49 PM, Stef Coene stef.coene@docum.org wrote:
On Friday 19 November 2010, bluethundr wrote:
Hello Ubuntu
On our network we have our sudoers stored in LDAP. This works fine on the CentOS 5.4 clients by placing into /etc/ldap.conf
sudoers_base ou=sudoers,ou=Services,dc=example,dc=net
and in /etc/nsswitch.conf we have the entry:
sudoers: ldap
(setting this setting to just 'ldap' instead of 'files ldap' does not render the machine unbootable as happens if you set passwd and group this way).
However I am attempting to set this up on an Ubuntu 9.10 client and getting no joy so far. I have the same settings in /etc/ldap.conf and /etc/nsswitch.conf and cannot get sudoers to work.
I have 10.10 on my laptop and there is a separate ldap version of sudo: sudo- ldap.
http://packages.ubuntu.com/karmic/sudo-ldap
Stef
--On Friday, November 19, 2010 6:35 PM -0500 bluethundr bluethundr@gmail.com wrote:
I check /etc/ldap/ldap.conf:
root@ubuntu3:~# cat /etc/ldap/ldap.conf
ldap.conf path: /etc/sudo-ldap.conf
Hm, these two files don't match. Looks to me like you are editing the wrong file.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
bluethundr -
Mark J. Reed -
Mauricio Tavares -
Quanah Gibson-Mount -
Stef Coene