On 12/13/2011 11:01 PM, Dmitri Pal wrote:
On 12/13/2011 04:50 PM, Sigbjorn Lie wrote:
Hi,

When adding users or user groups to a netgroup, the format of the
netgrouptriple ends up as following:

nisNetgroupTriple: (-,username,ix.test.com)

The extra "-" prevents me from using IPA's netgroups for tcp wrappers
using /etc/hosts.allow and /etc/hosts.deny for user access control.

Making the same test with a NIS server, creating the same entry
without the "-", works for user access control.

Looking at 389-ds' wiki, the "-" should not be there:
http://directory.fedoraproject.org/wiki/Howto:Netgroups

Is this a configurable setting? Or should I open a ticket?


Regards,
Siggi

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Are you using DS or IPA?
IPA :)

IPA uses internal schema for netgroups to take advantage of some of the
associations and exposes 2307bis schema for netgroups via compat plugin.
Are you pointing clients at compat tree?
Yes. The netgroups are exposed, they just had an added "-" in the host field.

  Are you trying to add the
entries manually and not using the provided interfaces?

No, the entries we're added using the provided interface.



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to