[Freeipa-users] SUDO with HostGroup and UserGroup not working
Yogesh Sharma
yks0000 at gmail.com
Mon Mar 23 10:57:14 UTC 2015
I just deleted the netgroup, even though getent is resolving.
[root at mipa ~]# getent netgroup stg.initd.com
stg.initd.com (cipa.stg.initd.com,-,stg.initd.com)
[root at mipa ~]# ipa netgroup-show stg.initd.com
ipa: ERROR: stg.initd.com: netgroup not found
Sent IPA Server Logs to you individually.
*Best Regards,__________________________________________*
*Yogesh Sharma*
*Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
<http://www.initd.in>*
RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000>
On Mon, Mar 23, 2015 at 4:18 PM, Yogesh Sharma <yks0000 at gmail.com> wrote:
> Seeing a strange behavior.
>
> I deleted all Host Members from NetGroup and it was reflected in Client:
>
> [root at cipa ~]# getent netgroup stg.initd.com
> stg.initd.com
>
> then I added one hostgroup *"cipa" * and it was successfully quried in
> getent on IPA Server
>
> [root at mipa ~]# getent netgroup stg.initd.com
> stg.initd.com (cipa.stg.initd.com,-,stg.initd.com)
>
> However, when adding another hostgroup in Netgroup , I am not able to see
> that in getent though ipa command list it.
>
>
>
> [root at mipa ~]# ipa netgroup-show stg.initd.com
> Netgroup name: stg.initd.com
> Description: sssss
> NIS domain name: stg.initd.com
> Member Group: admins, ipausers, masteruser, trust admins, webuser
> Member Hostgroup: cipa-servers, sipa-servers
> [root at mipa ~]#
>
>
> My Client is also unaware of changes.
>
> [root at cipa ~]# getent netgroup stg.initd.com
> stg.initd.com
> [root at cipa ~]#
>
>
> Is it network issue or sssd caching problem. Restart of SSSD also does not
> fix the problem.
>
> Should I share my SSSD logs of IPA server or Client or Both. Please
> suggest.
>
>
>
>
>
>
>
>
> *Best Regards,__________________________________________*
>
> *Yogesh Sharma*
> *Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
> <http://www.initd.in>*
>
> RHCE, VCE-CIA, RackSpace Cloud U
> [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000>
>
>
> On Mon, Mar 23, 2015 at 2:59 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
>
>> On Mon, Mar 23, 2015 at 02:23:52PM +0530, Yogesh Sharma wrote:
>> > Sure Jakub. ++FreeIPA-Users
>> >
>> > "getent netgroup" not working on IPA Server
>> >
>> > [root at mipa ~]# getent netgroup stg.initd.com
>> > [root at mipa ~]#
>> >
>> >
>> >
>> > [root at mipa ~]# ipa hostgroup-show cipa-servers
>> > Host-group: cipa-servers
>> > Description: cipa
>> > Member hosts: cipa.stg.initd.com
>> > Member of netgroups: stg.initd.com
>> >
>> > [root at mipa ~]# ipa netgroup-show stg.initd.com
>> > Netgroup name: stg.initd.com
>> > Description: ss
>> > NIS domain name: stg.initd.com
>> > Member Group: admins, ipausers, masteruser, trust admins, webuser
>> > Member Hostgroup: sipa-servers, cipa-servers
>> >
>> > However, I re-register the IPA Client and I am able to query netgroup,
>> > Though it does not shows cipa.stg.initd.com whereas IPA Server query
>> "ipa
>> > netgroup-show stg.initd.com" has it in list.
>> >
>> > [root at cipa ~]# getent passwd admin
>> > admin:*:1170400000:1170400000:Administrator:/home/admin:/bin/bash
>> > [root at cipa ~]# getent netgroup stg.initd.com
>> > stg.initd.com (sipa.stg.initd.com,-,stg.initd.com)
>> > [root at cipa ~]#
>>
>> OK, then we need to see the SSSD logs, but if the client suddently
>> started working, then I suspect some networking issues.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150323/b1046121/attachment.htm>
More information about the Freeipa-users
mailing list