[Freeipa-users] Bug or feature regarding External Host in IPA net groups?

Mon May 14 22:28:05 UTC 2012

Hi all,

  Not sure whether it is bug or a feature, but when I evaluate the IPA net groups, the 'external host' feature brings me some unexpected results. I'll listed them below -- I am running IPA 2.1.3-9 on Redhat 6.2.

 1, when I added a host into IPA netgroup in command line mode, 'ipa netgroup-add-member <netgroup>  --hosts=<client>'. When the host is not yet installed/configured into an IPA client, it shows in 'external host' category, in the output of 'ipa netgroup-find <netgroup>' command.

  The 'external host' doesn't show up in the Web interface for IPA net group. But it does show up when run 'ipa net group-find', or even 'getent <netgroup>' by sssd.

2, After the 'external host' is configured into an IPA client -- 'ipa user-find <client> proves it' -- it is still reported as 'external host' by command 'ipa netgroup-find', and still not show up in web interface neither. Could this is a bug?

3, because of #2 above, when this machine is reconfigured, and removed with 'ipa user-del <client>', it is show up in the containing netgroups and nested netgroups, and has to be removed manually. :(

4, This could be a real bug: You can add an 'external host' with either a host's bare name, or FQDN name. Then after the machine is installed, and you would like to remove it from 'external host' category with command 'ipa user-del <client>', it will remove the FQDN name entry only! and leave the bare name there forever, until you delete the whole containing netgroup!

[root at ipaclient02 ~]# ipa netgroup-find external-ng
-------------------
1 netgroups matched
-------------------
  Netgroup name: external-ng
  Description: netgroup for external hosts
  NIS domain name: example.com
  Member of netgroups: nest-external-ng
  External host: dnsmaster.example.com, ipaclient02, ipaclient02.mac.example.com

----------------------------
Number of entries returned 1
----------------------------

[root at ipaclient02 ~]# getent netgroup external-ng
external-ng           (dnsmaster.example.com, -, example.com) (ipaclient02.mac.example.com, -, example.com)

[root at ipaclient02 ~]# ipa netgroup-remove-member external-ng --hosts=ipaclient02
  Netgroup name: external-ng
  Description: netgroup for external hosts
  NIS domain name: example.com
  Member of netgroups: nest-external-ng
  External host: dnsmaster.example.com, ipaclient02
---------------------------
Number of members removed 1
---------------------------

[root at ipaclient02 ~]# ipa netgroup-remove-member external-ng --hosts=ipaclient02
  Netgroup name: external-ng
  Description: netgroup for external hosts
  NIS domain name: example.com
  Member of netgroups: nest-external-ng
  External host: dnsmaster.example.com, ipaclient02
  Failed hosts/hostgroups: 
    member host: ipaclient02.example.com: This entry is not a member
---------------------------
Number of members removed 0
---------------------------
[root at ipaclient02 ~]# 

--Gelen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120514/4dd2542c/attachment.htm>