> Does ipa_hostname in sssd.conf point to cname (or, the hostname registered > with IPA) ?
It points to the DNS A record, the one that is registered with IPA. ________________________________ From: Jakub Hrozek via FreeIPA-users <freeipa-users@lists.fedorahosted.org> Sent: Wednesday, August 30, 2017 12:26:40 PM To: freeipa-users@lists.fedorahosted.org Cc: Jakub Hrozek Subject: [Freeipa-users] Re: sudo policy doesn't work since host is installed with CNAME On Wed, Aug 30, 2017 at 07:21:11PM +0000, Z D via FreeIPA-users wrote: > Hi there, > > we're using ipa-server-4.4.0 (without its own DNS) and are facing the > situation with A/CNAME host. > > Basically a host is installed with CNAME as the OS, and IPA is aware of only > A record since host is joined to IPA domain with its A record. The A record > is member of proper host group and there is relevant sudo policy, but that > doesn't work since CNAME is not added to IPA domain. > > Is there any better resolution for this, except adding CNAME to IPA domain > and to relevant hostgroup. > > > This command as expected reports error. > # ipa host-show <CNAME> > ipa: ERROR: <CNAME>: host not found > > > and command > > # ipa host-show <A_record> > > gives expected output ... > > Host name: <FQDN> > Principal name: host/<FQDN>@<DOMAIN> > etc Does ipa_hostname in sssd.conf point to cname (or, the hostname registered with IPA) ? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org