Hi all,

  Not sure whether it is bug or a feature, but when I evaluate the IPA net 
groups, the 'external host' feature brings me some unexpected results. I'll 
listed them below -- I am running IPA 2.1.3-9 on Redhat 6.2.

 1, when I added a host into IPA netgroup in command line mode, 'ipa 
netgroup-add-member <netgroup>  --hosts=<client>'. When the host is not yet 
installed/configured into an IPA client, it shows in 'external host' category, 
in the output of 'ipa netgroup-find <netgroup>' command.
 
  The 'external host' doesn't show up in the Web interface for IPA net group. 
But it does show up when run 'ipa net group-find', or even 'getent <netgroup>' 
by sssd.

2, After the 'external host' is configured into an IPA client -- 'ipa user-find 
<client> proves it' -- it is still reported as 'external host' by command 'ipa 
netgroup-find', and still not show up in web interface neither. Could this is a 
bug?

3, because of #2 above, when this machine is reconfigured, and removed with 
'ipa user-del <client>', it is show up in the containing netgroups and nested 
netgroups, and has to be removed manually. :(

4, This could be a real bug: You can add an 'external host' with either a 
host's bare name, or FQDN name. Then after the machine is installed, and you 
would like to remove it from 'external host' category with command 'ipa 
user-del <client>', it will remove the FQDN name entry only! and leave the bare 
name there forever, until you delete the whole containing netgroup!

[root@ipaclient02 ~]# ipa netgroup-find external-ng
-------------------
1 netgroups matched
-------------------
  Netgroup name: external-ng
  Description: netgroup for external hosts
  NIS domain name: example.com
  Member of netgroups: nest-external-ng
  External host: dnsmaster.example.com, ipaclient02, ipaclient02.mac.example.com

----------------------------
Number of entries returned 1
----------------------------

[root@ipaclient02 ~]# getent netgroup external-ng
external-ng           (dnsmaster.example.com, -, example.com) 
(ipaclient02.mac.example.com, -, example.com)

[root@ipaclient02 ~]# ipa netgroup-remove-member external-ng --hosts=ipaclient02
  Netgroup name: external-ng
  Description: netgroup for external hosts
  NIS domain name: example.com
  Member of netgroups: nest-external-ng
  External host: dnsmaster.example.com, ipaclient02
---------------------------
Number of members removed 1
---------------------------

[root@ipaclient02 ~]# ipa netgroup-remove-member external-ng --hosts=ipaclient02
  Netgroup name: external-ng
  Description: netgroup for external hosts
  NIS domain name: example.com
  Member of netgroups: nest-external-ng
  External host: dnsmaster.example.com, ipaclient02
  Failed hosts/hostgroups: 
    member host: ipaclient02.example.com: This entry is not a member
---------------------------
Number of members removed 0
---------------------------
[root@ipaclient02 ~]# 

--Gelen
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to