Hi! We are in the process of deploying FreeIPA in our virtual environment. So far things are working smoothly and I am really impressed by the solution!
One question has risen as we have added our first clients to the system. Because the total number of clients is 50 and going up, we have divided our servers to subdomains depending on the purpose of the server, ie. test servers in one subdomain, internal services on another and so on. There is, however, no need for each subdomain to have its own IPA server. Let's say we're using domain example.com. Adding clients a.example.com and b.example.com was smooth. Adding client a.sub1.example.com also had no problems until I tried to get sudoers from the IPA server (using SSSD and LDAP as suggested). The client fails to find any users matching the server name. Because the only difference compared to a fully functional server is the dot in the host name, that's probably the reason why no sudoers are found for the server in the subdomain? For IPA master I am using CentOS 6.4 and ipa-server-3.0.0-26.el6_4.4.x86_64. The clients are also CentOS 6.4 with ipa-client-3.0.0-26.el6_4.4.x86_64. Any help is appreciated! Please let me know if providing any piece of information helps. Best regards, Thomas _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users