Pavel, does this sound like the bug you were looking at wrt sudo lately?
On Wed, Nov 08, 2017 at 09:46:25PM +0000, Charles Hedrick wrote:
Netapp wants the domain field to be blank. That leaves us a problem
that’s hard to solve.
On Nov 8, 2017, at 4:41 PM, Charles Hedrick
<hedrick@rutgers.edu<mailto:hedrick@rutgers.edu>> wrote:
OK, I see what’s going on, but it looks like a bug.
We mostly use net groups for hosts. In NIS our entries like like (hostname,,) You can
put that into IPA by specifying NISdomain=, i.e. blank domain name. However if you do
that, getent shows no entries. That is, entries with blank hostname are ignored. I claim
this is a bug, since for a host entry there’s no reason to specify a domain.
I also found that specifying
ipa_netgroup_domain=cs.rutgers.edu<http://cs.rutgers.edu/>
causes no net groups to display, even ones whose domain is
cs.rutgers.edu<http://cs.rutgers.edu/>. This also looks like a bug.
On Nov 8, 2017, at 3:53 PM, Charles Hedrick
<hedrick@rutgers.edu<mailto:hedrick@rutgers.edu>> wrote:
We want to move our net groups from NIS to IPA. I’ve loaded the groups. They’re visible
on a system that uses nslcd pointed at the IPA server. But the systems that use SSSD for
authentication don’t show anything. The net groups all show as undefined.
I’ve turned on debugging and looked at the LDAP logs. It does the right quotes and the
log says it extracts the members. But they don’t show up.
Any idea where to look?
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org