[Freeipa-users] Using subdomains (or dots) in hostnames
Lukáš Bezdička
lukas.bezdicka at gooddata.com
Thu Aug 29 17:08:59 UTC 2013
In our deployment we use subdomains but set NIS domain to main domain:
example.com has subdomains
na.example.com
wa.example.com
...
all machines work fine with that but in /etc/sysconfig/network we have
NISDOMAIN='example.com'
This way sudo rules get evaluated see getent netgroup <hostgroup>
On Thu, Aug 29, 2013 at 5:55 PM, Dmitri Pal <dpal at redhat.com> wrote:
> On 08/19/2013 09:05 AM, Thomas Raehalme wrote:
> > Hi!
> >
> > We are in the process of deploying FreeIPA in our virtual environment.
> > So far things are working smoothly and I am really impressed by the
> > solution!
> >
> > One question has risen as we have added our first clients to the
> > system. Because the total number of clients is 50 and going up, we
> > have divided our servers to subdomains depending on the purpose of the
> > server, ie. test servers in one subdomain, internal services on
> > another and so on. There is, however, no need for each subdomain to
> > have its own IPA server.
> >
> > Let's say we're using domain example.com. Adding clients a.example.com
> > and b.example.com was smooth. Adding client a.sub1.example.com also
> > had no problems until I tried to get sudoers from the IPA server
> > (using SSSD and LDAP as suggested). The client fails to find any users
> > matching the server name. Because the only difference compared to a
> > fully functional server is the dot in the host name, that's probably
> > the reason why no sudoers are found for the server in the subdomain?
> >
> > For IPA master I am using CentOS 6.4 and
> > ipa-server-3.0.0-26.el6_4.4.x86_64. The clients are also CentOS 6.4
> > with ipa-client-3.0.0-26.el6_4.4.x86_64.
> >
> > Any help is appreciated! Please let me know if providing any piece of
> > information helps.
> >
> > Best regards,
> > Thomas
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
>
> Was there any help provided for this request?
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130829/cd608b05/attachment.htm>
More information about the Freeipa-users
mailing list