[Freeipa-users] SUDO with HostGroup and UserGroup not working
Jakub Hrozek
jhrozek at redhat.com
Mon Mar 23 10:59:34 UTC 2015
On Mon, Mar 23, 2015 at 04:18:56PM +0530, Yogesh Sharma wrote:
> Seeing a strange behavior.
>
> I deleted all Host Members from NetGroup and it was reflected in Client:
>
> [root at cipa ~]# getent netgroup stg.initd.com
> stg.initd.com
>
> then I added one hostgroup *"cipa" * and it was successfully quried in
> getent on IPA Server
>
> [root at mipa ~]# getent netgroup stg.initd.com
> stg.initd.com (cipa.stg.initd.com,-,stg.initd.com)
>
> However, when adding another hostgroup in Netgroup , I am not able to see
> that in getent though ipa command list it.
>
>
>
> [root at mipa ~]# ipa netgroup-show stg.initd.com
> Netgroup name: stg.initd.com
> Description: sssss
> NIS domain name: stg.initd.com
> Member Group: admins, ipausers, masteruser, trust admins, webuser
> Member Hostgroup: cipa-servers, sipa-servers
> [root at mipa ~]#
>
>
> My Client is also unaware of changes.
>
> [root at cipa ~]# getent netgroup stg.initd.com
> stg.initd.com
> [root at cipa ~]#
>
>
> Is it network issue or sssd caching problem. Restart of SSSD also does not
> fix the problem.
That's normal, SSSD caches the information. See man sssd.conf for the
timeout settings. Please note that as the timeouts are stored in the
cache, you'd need to remove the cache as well if you machine the
timeouts.
>
> Should I share my SSSD logs of IPA server or Client or Both. Please suggest.
>From the machine that is having problems resolving the netgroup.
More information about the Freeipa-users
mailing list