[Freeipa-users] SUDO with HostGroup and UserGroup not working

Yogesh Sharma yks0000 at gmail.com
Mon Mar 23 10:48:56 UTC 2015 

Seeing a strange behavior.

I deleted all Host Members from NetGroup and it was reflected in Client:

[root at cipa ~]# getent netgroup stg.initd.com
stg.initd.com

then I added one hostgroup *"cipa" * and it was successfully quried in
getent on IPA Server

[root at mipa ~]# getent netgroup stg.initd.com
stg.initd.com      (cipa.stg.initd.com,-,stg.initd.com)

However, when adding another hostgroup in Netgroup , I am not able to see
that in getent though ipa command list it.



[root at mipa ~]# ipa netgroup-show stg.initd.com
  Netgroup name: stg.initd.com
  Description: sssss
  NIS domain name: stg.initd.com
  Member Group: admins, ipausers, masteruser, trust admins, webuser
  Member Hostgroup: cipa-servers, sipa-servers
[root at mipa ~]#


My Client is also unaware of changes.

[root at cipa ~]# getent netgroup stg.initd.com
stg.initd.com
[root at cipa ~]#


Is it network issue or sssd caching problem. Restart of SSSD also does not
fix the problem.

Should I share my SSSD logs of IPA server or Client or Both. Please suggest.








*Best Regards,__________________________________________*

*Yogesh Sharma*
*Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
<http://www.initd.in>*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000>


On Mon, Mar 23, 2015 at 2:59 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:

> On Mon, Mar 23, 2015 at 02:23:52PM +0530, Yogesh Sharma wrote:
> > Sure Jakub. ++FreeIPA-Users
> >
> > "getent netgroup" not working on IPA Server
> >
> > [root at mipa ~]# getent netgroup stg.initd.com
> > [root at mipa ~]#
> >
> >
> >
> > [root at mipa ~]# ipa hostgroup-show cipa-servers
> >   Host-group: cipa-servers
> >   Description: cipa
> >   Member hosts: cipa.stg.initd.com
> >   Member of netgroups: stg.initd.com
> >
> > [root at mipa ~]# ipa netgroup-show stg.initd.com
> >   Netgroup name: stg.initd.com
> >   Description: ss
> >   NIS domain name: stg.initd.com
> >   Member Group: admins, ipausers, masteruser, trust admins, webuser
> >   Member Hostgroup: sipa-servers, cipa-servers
> >
> > However, I re-register the IPA Client and I am able to query netgroup,
> > Though it does not shows cipa.stg.initd.com whereas IPA Server query
> "ipa
> > netgroup-show stg.initd.com" has it in list.
> >
> > [root at cipa ~]# getent passwd admin
> > admin:*:1170400000:1170400000:Administrator:/home/admin:/bin/bash
> > [root at cipa ~]# getent netgroup stg.initd.com
> > stg.initd.com      (sipa.stg.initd.com,-,stg.initd.com)
> > [root at cipa ~]#
>
> OK, then we need to see the SSSD logs, but if the client suddently
> started working, then I suspect some networking issues.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150323/934031a7/attachment.htm>

More information about the Freeipa-users mailing list