Pavel, does this sound like the bug you were looking at wrt sudo lately? On Wed, Nov 08, 2017 at 09:46:25PM +0000, Charles Hedrick wrote: > Netapp wants the domain field to be blank. That leaves us a problem that’s > hard to solve. > > On Nov 8, 2017, at 4:41 PM, Charles Hedrick > <hedr...@rutgers.edu<mailto:hedr...@rutgers.edu>> wrote: > > OK, I see what’s going on, but it looks like a bug. > > We mostly use net groups for hosts. In NIS our entries like like (hostname,,) > You can put that into IPA by specifying NISdomain=, i.e. blank domain name. > However if you do that, getent shows no entries. That is, entries with blank > hostname are ignored. I claim this is a bug, since for a host entry there’s > no reason to specify a domain. > > I also found that specifying > > ipa_netgroup_domain=cs.rutgers.edu<http://cs.rutgers.edu/> > > causes no net groups to display, even ones whose domain is > cs.rutgers.edu<http://cs.rutgers.edu/>. This also looks like a bug. > > On Nov 8, 2017, at 3:53 PM, Charles Hedrick > <hedr...@rutgers.edu<mailto:hedr...@rutgers.edu>> wrote: > > We want to move our net groups from NIS to IPA. I’ve loaded the groups. > They’re visible on a system that uses nslcd pointed at the IPA server. But > the systems that use SSSD for authentication don’t show anything. The net > groups all show as undefined. > > I’ve turned on debugging and looked at the LDAP logs. It does the right > quotes and the log says it extracts the members. But they don’t show up. > > Any idea where to look? > > >
> _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
