Note I assume that by "domains" you mean just DNS domains not separate
FreeIPA installs, if they are separate installs then it would be a lot
more complicated.
Another way that you can handle auth sys is to configure the domain on
the server (as any of the domain strings you want) and then use the
same domain on all clients), that should make them work.
On Mon, 2019-10-07 at 12:37 -0400, Simo Sorce via FreeIPA-users wrote:
If you use krb5 authentication you should have no issues, are you
using
auth=sys instead ?
On Fri, 2019-10-04 at 17:10 -0500, Kevin Vasko via FreeIPA-users wrote:
> Hello,
>
> I’ve got FreeIPA setup where I have multiple domains for client machines depending
on their geography.
>
> For example,
ca.example.com, and
ny.example.com.
>
> I have a NFS server in
nfs-server.ny.example.com and users mapping the NFS server on
their clients from
ny.example.com and
ca.example.com. Users in
ny.example.com show files
owner:group just fine but users in
ca.example.com everything on the nfs server shows
nobody:nogroup or nobody: 4294967294
>
> On the clients I’m seeing this issue on I see these error messages in the log.
>
> Oct 4 16:53:14 aiml1 nfsidmap[7867]: nss_getpwnam: name ‘user(a)ny.example.com'
does not map into domain 'ca.example.com’
>
> I did some googling and people are saying to add the domain to /etc/idmapd.conf but
since I already have multiple domains (3 actually) I don’t see how this will work for all
instances unless I can add multiple domains. I don’t see an obvious way to add multiple
domains.
>
> Is there a clean way to handle this?
>
> -Kevin
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc