Stephen Berg (Code 7309) via FreeIPA-users wrote:
I can't get a "getent netgroup ipaservers" to return
the list of
servers. Looking on the web UI my replica servers all show up in the
ipaservers group. Using ipa hostgroup-show command line works.
I set duplicate the group as "ipa" and getent can see that hostgroup
like expected. Other hostgroups are working normally. Near as I can
tell nsswitch.conf is good.
Is there something about the ipaservers group that make it different
from other groups?
It lacks the managed entry configuration so it doesn't show in cn=ng
which is where netgroups are represented.
You can add it as a member of a different hostgroup as a workaround. See
related
https://pagure.io/freeipa/issue/7284
rob