Hi, The first IPA master we built was ipa001.local.lan. We have since created a number of subdomains of local.lan and have created a number of replicas. The current configuration has two clusters of IPA replicas - ipa001.mgmt.prod.local.lan to ipa003.mgmt.prod.local.lan and ipa001.mgmt.paas.local.lan to ipa003.mgmt.paas.local.lan
We've recently commenced migrating some of the existing systems to a new environment and for various reasons have started with a fresh master - ipa001.mgmt.prod.local.lan. Quite a lot of sudo rules don't work in the new environment. As far as I can tell this is because the shadow netgroups have a nisdomain of mgmt.prod.local.lan instead of local.lan. I would have thought that the nisdomain should be set to either the domain or realm i.e. local.lan rather than seemingly taken from the network portion of the first master mgmt.prod.local.lan. Is this correct ? Is there a way to change the default nisdomain ? Rebuilding all the new IPA masters and migrating all the data again would be a lot of work. Many thanks Bob Hinton -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project