On Tue, Dec 18, 2012 at 3:51 AM, Jakub Hrozek <jhro...@redhat.com> wrote: > On Tue, Dec 18, 2012 at 10:39:56AM +0100, Jakub Hrozek wrote: >> On Mon, Dec 17, 2012 at 04:03:03PM -0500, Dmitri Pal wrote: >> > On 12/17/2012 03:11 PM, KodaK wrote: >> > > I'm attempting to install Satellite in my IPA domain. There is a >> > > ridiculous requirement that the group "dba" must not already exist >> > > prior to installing. Red Hat support wanted me to *remove* the DBA >> > > group and then install. >> > > >> > > Anyway, I'm trying to play around with filter_groups in sssd, and I >> > > can't seem to get it to "take." The man page isn't exactly clear, but >> > > here's what I've tried: >> > > >> > > filter_groups = dba >> > > filter_groups= dba@fqdn >> > > >> > > In the [domain], [sssd] and [nss] sections of the config file. >> > > >> > > What's the right syntax? Do I need it in every section? >> > > >> > Is it a local group or a central group? >> >> Where Dmitri's question is headed is that if dba is a local group (aka >> stored in /etc/passwd), then the SSSD should be queried at all. > ^^^ > /etc/group obviously
I figured. :) The group "dba" is stored in IPA. Here's a funny thing, though (short rundown): Installed RHEL 6.3 on Satelite server, joined it to the domain. Try to install Satellite: get the "Could not install database." I try to filter out the group in IPA, try to install Satellite, get: "The group 'dba' should exist." This makes me think that the filter is doing every "dba" not just dba on the IPA server. I removed the Satellite server from IPA (ipa-client-install --uninstall) and I get the same message (dba should exist.) Fun stuff. Now I'm re-installing RHEL so I can start from scratch, and I'll attempt to install Satellite without joining it to the domain. I'm not fond of this option -- I don't want to have stand-alone machines that I have to manage separately, that's why I installed IPA in the first place. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users