[Freeipa-users] SUDO with HostGroup and UserGroup not working
Yogesh Sharma
yks0000 at gmail.com
Mon Mar 23 10:48:56 UTC 2015
Seeing a strange behavior.
I deleted all Host Members from NetGroup and it was reflected in Client:
[root at cipa ~]# getent netgroup stg.initd.com
stg.initd.com
then I added one hostgroup *"cipa" * and it was successfully quried in
getent on IPA Server
[root at mipa ~]# getent netgroup stg.initd.com
stg.initd.com (cipa.stg.initd.com,-,stg.initd.com)
However, when adding another hostgroup in Netgroup , I am not able to see
that in getent though ipa command list it.
[root at mipa ~]# ipa netgroup-show stg.initd.com
Netgroup name: stg.initd.com
Description: sssss
NIS domain name: stg.initd.com
Member Group: admins, ipausers, masteruser, trust admins, webuser
Member Hostgroup: cipa-servers, sipa-servers
[root at mipa ~]#
My Client is also unaware of changes.
[root at cipa ~]# getent netgroup stg.initd.com
stg.initd.com
[root at cipa ~]#
Is it network issue or sssd caching problem. Restart of SSSD also does not
fix the problem.
Should I share my SSSD logs of IPA server or Client or Both. Please suggest.
*Best Regards,__________________________________________*
*Yogesh Sharma*
*Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
<http://www.initd.in>*
RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000>
On Mon, Mar 23, 2015 at 2:59 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> On Mon, Mar 23, 2015 at 02:23:52PM +0530, Yogesh Sharma wrote:
> > Sure Jakub. ++FreeIPA-Users
> >
> > "getent netgroup" not working on IPA Server
> >
> > [root at mipa ~]# getent netgroup stg.initd.com
> > [root at mipa ~]#
> >
> >
> >
> > [root at mipa ~]# ipa hostgroup-show cipa-servers
> > Host-group: cipa-servers
> > Description: cipa
> > Member hosts: cipa.stg.initd.com
> > Member of netgroups: stg.initd.com
> >
> > [root at mipa ~]# ipa netgroup-show stg.initd.com
> > Netgroup name: stg.initd.com
> > Description: ss
> > NIS domain name: stg.initd.com
> > Member Group: admins, ipausers, masteruser, trust admins, webuser
> > Member Hostgroup: sipa-servers, cipa-servers
> >
> > However, I re-register the IPA Client and I am able to query netgroup,
> > Though it does not shows cipa.stg.initd.com whereas IPA Server query
> "ipa
> > netgroup-show stg.initd.com" has it in list.
> >
> > [root at cipa ~]# getent passwd admin
> > admin:*:1170400000:1170400000:Administrator:/home/admin:/bin/bash
> > [root at cipa ~]# getent netgroup stg.initd.com
> > stg.initd.com (sipa.stg.initd.com,-,stg.initd.com)
> > [root at cipa ~]#
>
> OK, then we need to see the SSSD logs, but if the client suddently
> started working, then I suspect some networking issues.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150323/934031a7/attachment.htm>
More information about the Freeipa-users
mailing list