[Freeipa-users] default nisdomain appears to be derived from hostname of first master rather than set to domain or realm. Bug ?
Bob Hinton
bob at rha-ltd.co.uk
Sat Mar 18 15:11:43 UTC 2017
Hi,
The first IPA master we built was ipa001.local.lan. We have since
created a number of subdomains of local.lan and have created a number of
replicas. The current configuration has two clusters of IPA replicas -
ipa001.mgmt.prod.local.lan to ipa003.mgmt.prod.local.lan and
ipa001.mgmt.paas.local.lan to ipa003.mgmt.paas.local.lan
We've recently commenced migrating some of the existing systems to a new
environment and for various reasons have started with a fresh master -
ipa001.mgmt.prod.local.lan.
Quite a lot of sudo rules don't work in the new environment. As far as I
can tell this is because the shadow netgroups have a nisdomain of
mgmt.prod.local.lan instead of local.lan.
I would have thought that the nisdomain should be set to either the
domain or realm i.e. local.lan rather than seemingly taken from the
network portion of the first master mgmt.prod.local.lan. Is this correct ?
Is there a way to change the default nisdomain ? Rebuilding all the new
IPA masters and migrating all the data again would be a lot of work.
Many thanks
Bob Hinton
More information about the Freeipa-users
mailing list