[Freeipa-users] Netgroups and users
Dmitri Pal
dpal at redhat.com
Tue Dec 13 22:01:09 UTC 2011
On 12/13/2011 04:50 PM, Sigbjorn Lie wrote:
> Hi,
>
> When adding users or user groups to a netgroup, the format of the
> netgrouptriple ends up as following:
>
> nisNetgroupTriple: (-,username,ix.test.com)
>
> The extra "-" prevents me from using IPA's netgroups for tcp wrappers
> using /etc/hosts.allow and /etc/hosts.deny for user access control.
>
> Making the same test with a NIS server, creating the same entry
> without the "-", works for user access control.
>
> Looking at 389-ds' wiki, the "-" should not be there:
> http://directory.fedoraproject.org/wiki/Howto:Netgroups
>
> Is this a configurable setting? Or should I open a ticket?
>
>
> Regards,
> Siggi
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
Are you using DS or IPA?
IPA uses internal schema for netgroups to take advantage of some of the
associations and exposes 2307bis schema for netgroups via compat plugin.
Are you pointing clients at compat tree? Are you trying to add the
entries manually and not using the provided interfaces?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list