[Freeipa-users] Help understanding issue with CentOS freeipa sudo host groups
Rob Crittenden
rcritten at redhat.com
Wed Nov 18 19:28:01 UTC 2015
Sparks, Alan wrote:
>
>>> [root at als-centos0002 sys-ops]# nisdomainname
>>> dakar.useast.hpcloud.net
>>>
>>> [root at als-centos0002 sys-ops]# getent netgroup opsauto
>>> opsauto
>>> (als-ubuntu0001.oa.ftc.hpelabs.net,-,eucalyptus.internal)
>>> (als-centos0002.dakar.useast.hpcloud.net,-,eucalyptus.internal)
>>
>
>> Your NIS domain name doesn't match. dakar.useast.hpcloud.net != eucalyptus.internal
>> rob
>
> Thanks for that. I must be misunderstanding the purpose of the --domain option.
> -Alan
>
--domain in the server is the default DNS zone for the IPA installation.
--domain in the client tells it where to look for the IPA server in DNS.
There is no actual NIS domain but since netgroups are a NIS construct it
requires something to be set. The NIS domain needs to match the IPA
server domain.
rob
More information about the Freeipa-users
mailing list