[sudo-users] Sudo, nss_ldap, SASL problem
marlboro at warningg.com
Fri Apr 20 12:16:33 EDT 2007
I am testing out a Kerberos/LDAP installation against a Microsoft AD server.
My test platform is CentOS 4.x running nss_ldap-226 and sudo-1.6.7p5 (both
from CentOS RPMs).
Currently, we are not using a binddn in /etc/ldap.conf to access the
Microsoft LDAP service - we are instead using SASL (with a cached machine
ticket) to authorize access to the LDAP service:
I am able to log in via Kerberos, and then getent passwd and get the full
user list - however, attempting to run sudo as a kerberos user results in
-bash-3.00$ getent passwd bob
-bash-3.00$ sudo su -
sudo: uid 10000 does not exist in the passwd file!
And in /var/log/messages:
Apr 20 10:51:49 localhost sudo: GSSAPI Error: Miscellaneous failure (No
credentials cache found)
Is there a solution to this, other than putting a binddn in the ldap.conf
(something we would prefer NOT to do)?
More information about the sudo-users