Brian Sanders via FreeIPA-users wrote:
There is no concept of hostgroups in SUDO but it does understand
netgroups so hostgroups are represented as netgroups. In order for this
to work your NIS domain name needs to be set properly.
You can try something like:
$ getent netgroup hg1
hg1 (ipa.example.test,-,example.test)
nisdomainname will set the NIS domain name.
rob
Brian Sanders via FreeIPA-users wrote:
There is no concept of hostgroups in SUDO but it does understand
netgroups so hostgroups are represented as netgroups. In order for this
to work your NIS domain name needs to be set properly.
You can try something like:
$ getent netgroup hg1
hg1 (ipa.example.test,-,example.test)
nisdomainname will set the NIS domain name.
rob
Thank you for the quick reply.
I have tested the client side, and it would appear that my nisdomainname is set to the
correct domain. The returned domain matches the domain used in /etc/hosts and what I
would expect the domain to be.
When I run getent netgroup project_a I receive back a list of hosts in that host group,
including the local client.
nisdomainname
dev.zz
getent netgroup project_a
project_a (srv1.dev.zz,-,dev.zz) (vpn1.dev.zz,-,dev.zz)
It would appear from the client side that it is finding the groups, since it is listing
them all out to me. However my sudo rules still don't function. I didn't
actually change anything, just looking into the nisgroups an this is what I have found.