[Freeipa-users] Re: FreeIPA SUDO rules fail with hostgroups

I believe I have mine working know, just a few more tests. It is in fact related to the nisdomainname. However from what I had read, it says the nisdomainname must match the hosts domain. Which is what mine was set to. However I am finding that my hostgroups work in Sudo if I instead set the nisdomainname for the host to match the IPA servers domain. So for an example, I am running multiple test domains as follows. test.dev - main IPA domain and Kerberos realm host1.project1.test.dev host2.project1.test.dev host1.project2.test.dev host2.project2.test.dev In this setup, the ipa client seems to setup the nisdomain to be " project1.test.dev" etc. So when I checked it for the recommended settings, I would say that matched the recommendations. However to get my sudo host groups to work, I need to set all these hosts to use the nisdomainname of "test.dev". I don't know if this is well understood to be correct, but since the ipa client install seems to have done the setup, it feels like this isn't expected. This will however work for now for me, unless I find some other side affect of setting nisdomainname to the realm var.