[Freeipa-users] shadow netgroups with wrong domains - sudo problem
Bob Hinton
bob at rha-ltd.co.uk
Fri Mar 17 06:50:34 UTC 2017
Morning,
We have a collection of hosts within prod1.local.lan. However, the
domain section of the shadow netgroups for the hosts is
mgmt.prod.local.lan. This seems to prevent sudo rules working on these
hosts unless they specify all hosts -
-sh-4.2$ getent netgroup oepp_hosts
oepp_hosts
(oeppsdas001.z2.prod1.local.lan,-,mgmt.prod.local.lan)
(oeppsdas002.z2.prod1.local.lan,-,mgmt.prod.local.lan)
(oeppservice001.z2.prod1.local.lan,-,mgmt.prod.local.lan)
(oeppredis002.z4.prod1.local.lan,-,mgmt.prod.local.lan)
(oeppredis001.z4.prod1.local.lan,-,mgmt.prod.local.lan)
-sh-4.2$ hostname
oeppredis001.z4.prod1.local.lan
-sh-4.2$ nisdomainname
local.lan
-sh-4.2$ domainname
local.lan
The VMs associated with these hosts have recently been migrated and
re-enrolled against a new IPA server. The originals all had netgroup
domains of local.lan so something must have gone wrong in the migration
process. Is there a way to correct the netgroup domains of these hosts,
or is the only option to run ipa-client-install --uninstall followed by
ipa-client-install to reattach them ?
Many thanks
Bob
More information about the Freeipa-users
mailing list