On Tue, Apr 20, 2021 at 8:54 PM Brian Sanders via FreeIPA-users < [email protected]> wrote:
> I believe I have mine working know, just a few more tests. It is in fact > related to the nisdomainname. However from what I had read, it says the > nisdomainname must match the hosts domain. Which is what mine was set to. > However I am finding that my hostgroups work in Sudo if I instead set the > nisdomainname for the host to match the IPA servers domain. So for an > example, I am running multiple test domains as follows. > > test.dev - main IPA domain and Kerberos realm > host1.project1.test.dev > host2.project1.test.dev > host1.project2.test.dev > host2.project2.test.dev > > In this setup, the ipa client seems to setup the nisdomain to be " > project1.test.dev" etc. So when I checked it for the recommended > settings, I would say that matched the recommendations. However to get my > sudo host groups to work, I need to set all these hosts to use the > nisdomainname of "test.dev". I don't know if this is well understood to > be correct, but since the ipa client install seems to have done the setup, > it feels like this isn't expected. This will however work for now for me, > unless I find some other side affect of setting nisdomainname to the realm > var. > Please see https://listman.redhat.com/archives/freeipa-users/2017-March/msg00241.html. This is intentional as a default NIS domain is common for the whole IPA deployment rather than individual to subdomains. -- -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
