Does ipa_hostname in sssd.conf point to cname (or, the hostname
registered with IPA) ?
It points to the DNS A record, the one that is registered with IPA.
________________________________
From: Jakub Hrozek via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
Sent: Wednesday, August 30, 2017 12:26:40 PM
To: freeipa-users(a)lists.fedorahosted.org
Cc: Jakub Hrozek
Subject: [Freeipa-users] Re: sudo policy doesn't work since host is installed with
CNAME
On Wed, Aug 30, 2017 at 07:21:11PM +0000, Z D via FreeIPA-users wrote:
Hi there,
we're using ipa-server-4.4.0 (without its own DNS) and are facing the situation with
A/CNAME host.
Basically a host is installed with CNAME as the OS, and IPA is aware of only A record
since host is joined to IPA domain with its A record. The A record is member of proper
host group and there is relevant sudo policy, but that doesn't work since CNAME is not
added to IPA domain.
Is there any better resolution for this, except adding CNAME to IPA domain and to
relevant hostgroup.
This command as expected reports error.
# ipa host-show <CNAME>
ipa: ERROR: <CNAME>: host not found
and command
# ipa host-show <A_record>
gives expected output ...
Host name: <FQDN>
Principal name: host/<FQDN>@<DOMAIN>
etc
Does ipa_hostname in sssd.conf point to cname (or, the hostname
registered with IPA) ?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org