Group merging works like expected as described by Alexander several years ago in https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
My question is if it is possible to specify the ipa user in /etc/groups without the domain suffix? (adding default_domain_suffix in the sssd section of sssd.conf did not help)
someuser@someserver:~ $ getent initgroups splunk splunk 1246640006 someuser@someserver:~ $ getent initgroups splunk@linux.mydomain.at splunk@linux.mydomain.at 1246640006 190
Why would I want that? The respective line in /etc/groups could be the same across all our domains.
Cheers, Ronald
On 30.07.24 11:15, Ronald Wimmer via FreeIPA-users wrote:
Group merging works like expected as described by Alexander several years ago in https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
My question is if it is possible to specify the ipa user in /etc/groups without the domain suffix? (adding default_domain_suffix in the sssd section of sssd.conf did not help)
someuser@someserver:~ $ getent initgroups splunk splunk 1246640006 someuser@someserver:~ $ getent initgroups splunk@linux.mydomain.at splunk@linux.mydomain.at 1246640006 190
Why would I want that? The respective line in /etc/groups could be the same across all our domains.
We found out that putting systemd-journal:x:190:splunk@linux.mydomain.at,splunk in /etc/groups seems to work. But I do not like specifiying the same user twice. That looks wrong to me.
Cheers, Ronald
freeipa-users@lists.fedorahosted.org