That is correct:

host1-> hostname
host1.my_domain.com

    I was beginning to suspect that it is in sudo.  I checked the documentation 
for that version of sudo and it does include support for netgroups.  Perhaps I 
need something extra in the sudoers file, or an additional option.
    Thanks,
    -Mark

________________________________________________________________
Mark Tovey - UNIX Engineer | Service Strategy & Design
UTi | 400 SW Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA
mto...@go2uti.com | O / C +1 503 953-1389


-----Original Message-----
From: Pavel Březina [mailto:pbrez...@redhat.com] 
Sent: Friday, July 19, 2013 11:01 AM
To: Tovey, Mark
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] sudo rules user and host group bugs?

Hi,
hostname command outputs "host1.my_domain.com", right? This version of sudo is 
very old, I'll check the code and eventually consult with sudo maintainer.

On 07/19/2013 06:49 PM, Tovey, Mark wrote:
>
>      Does anyone have any other suggestions for this or need any additional 
> information?
>      Thanks,
>      -Mark
>
>
> ________________________________________________________________
> Mark Tovey - UNIX Engineer | Service Strategy & Design UTi | 400 SW 
> Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA 
> mto...@go2uti.com | O / C +1 503 953-1389
>
> -----Original Message-----
> From: freeipa-users-boun...@redhat.com 
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Tovey, Mark
> Sent: Thursday, July 18, 2013 11:06 AM
> To: Pavel Březina; freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] sudo rules user and host group bugs?
>
>
>
> host1-> nisdomainname
> my_domain.com
>
> host1-> rpm -q sudo
> sudo-1.7.2p1-6.el5_5
>
>      Thanks,
>      -Mark
>
>
> ________________________________________________________________
> Mark Tovey - UNIX Engineer | Service Strategy & Design UTi | 400 SW 
> Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA 
> mto...@go2uti.com | O / C +1 503 953-1389
>
> -----Original Message-----
> From: freeipa-users-boun...@redhat.com 
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Pavel Brezina
> Sent: Thursday, July 18, 2013 2:03 AM
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] sudo rules user and host group bugs?
>
> On 07/17/2013 06:39 PM, Tovey, Mark wrote:
>>
>>       Okay, I get it (pardon my obtuseness).
>>
>>       host1-> getent netgroup hgroup1
>>       hgroup1                   (host1.my_domain.com, -, my_domain.com)
>>
>>       So netgroups are working.  The host group is defined in IPA and getent 
>> is able to access that information.
>>       Thanks,
>>       -Mark
>
> Hi,
> can you also paste the output of following commands please?
>
> $ nisdomainname
> $ rpm -q sudo
>
> Thanks,
> Pavel.
>
>>
>>
>> ________________________________________________________________
>> Mark Tovey - UNIX Engineer | Service Strategy & Design UTi | 400 SW 
>> Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA 
>> mto...@go2uti.com | O / C +1 503 953-1389
>>
>>
>> -----Original Message-----
>> From: Jakub Hrozek [mailto:jhro...@redhat.com]
>> Sent: Wednesday, July 17, 2013 8:58 AM
>> To: Tovey, Mark
>> Cc: d...@redhat.com; freeipa-users@redhat.com
>> Subject: Re: [Freeipa-users] sudo rules user and host group bugs?
>>
>> On Wed, Jul 17, 2013 at 03:01:58PM +0000, Tovey, Mark wrote:
>>>
>>>       We have sssd-1.5.1-58.el5 and ipa-client-2.1.3-5.el5_9.2 installed.
>>
>> OK, these are recent enough to support netgroups and the compat tree should 
>> be configured automatically.
>>
>>> Those came out of the 'latest' repository.  We do not have any netgroups 
>>> defined (there is no /etc/netgroup file), so getent does not return 
>>> anything.
>>
>> Every hostgroup is automatically translated into a netgroup on the server 
>> side. You said you have some host groups present, so does "getent netgroup 
>> <name-of-hostgroup> return any netgroup data?
>>
>>>       Thanks,
>>>       -Mark
>>>
>>
>>>
>>> ________________________________________________________________
>>> Mark Tovey - UNIX Engineer | Service Strategy & Design UTi | 400 SW 
>>> Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA 
>>> mto...@go2uti.com | O / C +1 503 953-1389
>>>
>>>
>>> -----Original Message-----
>>> From: Jakub Hrozek [mailto:jhro...@redhat.com]
>>> Sent: Wednesday, July 17, 2013 1:32 AM
>>> To: Tovey, Mark
>>> Cc: d...@redhat.com; freeipa-users@redhat.com
>>> Subject: Re: [Freeipa-users] sudo rules user and host group bugs?
>>>
>>> On Tue, Jul 16, 2013 at 09:13:00PM +0000, Tovey, Mark wrote:
>>>>
>>>>
>>>>       We are using sssd. The sssd.conf file is mostly unchanged from how 
>>>> it was installed by the ipa-client-install script:
>>>
>>> Hi Mark,
>>>
>>> you said your client is OEL *5.5* ? The SSSD first appeared in RHEL (and by 
>>> extension OEL) in 5.6. Are you running the version from EPEL? I'm not sure 
>>> if netgroups were even supported in that old version..
>>>
>>> What is the output of "rpm -q sssd" and "rpm -q ipa-client" ?
>>>
>>> Does getent netgroup <netgroup-name> work?
>>>
>>>>
>>>> [sssd]
>>>> config_file_version = 2
>>>> services = nss, pam
>>>>
>>>> domains = my_domain.com
>>>> [nss]
>>>>
>>>> [pam]
>>>>
>>>>    [domain/my_domain.com]
>>>> cache_credentials = True
>>>> krb5_store_password_if_offline = True ipa_domain = my_domain.com 
>>>> id_provider = ipa auth_provider = ipa access_provider = ipa 
>>>> chpass_provider = ipa ipa_server = _srv_, ipa_server.my_domain.com 
>>>> ldap_tls_cacert = /etc/ipa/ca.crt debug_level = 6
>>>>
>>>>
>>>>       And the nsswitch.conf file:
>>>>
>>>> passwd:     files sss
>>>> shadow:     files sss
>>>> group:      files sss
>>>>
>>>> hosts:      files dns
>>>>
>>>> bootparams: nisplus [NOTFOUND=return] files
>>>>
>>>> ethers:     files
>>>> netmasks:   files
>>>> networks:   files
>>>> protocols:  files
>>>> rpc:        files
>>>> services:   files
>>>>
>>>> netgroup:   files sss
>>>>
>>>> publickey:  nisplus
>>>>
>>>> automount:  files ldap
>>>> aliases:    files
>>>>
>>>> sudoers:    files ldap
>>>>
>>>>       Thanks,
>>>>       -Mark
>>>>
>>>>
>>>>
>>>> ________________________________________________________________
>>>> Mark Tovey - UNIX Engineer | Service Strategy & Design UTi | 400 SW 
>>>> Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA 
>>>> mto...@go2uti.com | O / C +1 503 953-1389 | Skype: mark.tovey2
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: freeipa-users-boun...@redhat.com 
>>>> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dmitri Pal
>>>> Sent: Tuesday, July 16, 2013 12:51 PM
>>>> To: freeipa-users@redhat.com
>>>> Subject: Re: [Freeipa-users] sudo rules user and host group bugs?
>>>>
>>>> On 07/16/2013 02:11 PM, Tovey, Mark wrote:
>>>>>       My environment consists of OEL 5.5 clients with ipa-client-2.1.3 
>>>>> and the server is OEL 6.4 with ipa-server-3.0.0.  We chose these because 
>>>>> we were able to find RPM packages for them.  We would prefer to go with 
>>>>> the latest versions, but we did not want to spend the time building 
>>>>> installation packages just yet.  Again, we are just evaluating at this 
>>>>> point.  So far, so good, except for this one point.
>>>>>       The doman name, host name, and nsswitch.conf files are all properly 
>>>>> configured.  But I do not have any netgroups defined (the getent command 
>>>>> doesn't return anything and there is no /etc/netgroup file).  After you 
>>>>> asked about that, I started looking into the documentation on netgroups.  
>>>>> The IPA documentation for sudo states that "Identity Management creates 
>>>>> two groups, a visible host group and a shadow netgroup. sudo itself only 
>>>>> supports NIS-style netgroups for group formats."  But when I look in the 
>>>>> Netgroups area, I do not see any netgroups defined.  I used Apache 
>>>>> Directory Studio to look around the Directory Server, and I can see 
>>>>> "cn=hgroup1,cn=ng,cn=alt,dc=my_domain,dc=com", along with 
>>>>> "cn=hgroup1,cn=hostgroups,cn=accounts,dc=my_domain,dc=com".  This seems 
>>>>> to reflect what was stated in the documentation.
>>>>>       But I am still stumped.  I cannot get sudo to work with host 
>>>>> groups; I have to directly add each server to the sudo rule.
>>>>>       Thanks,
>>>>>       -Mark
>>>>
>>>> So can it seems that the first thing you need to to do is to make sure 
>>>> your netgroups work.
>>>> If domain and host are properly set then it might be the wrong base in 
>>>> your LDAP search for the netgroups.
>>>> Are you using SSSD for netgroups or something else?
>>>> Can you please share your sssd.conf and area where it configures netgroups?
>>>> Also is sss in the nsswitch.conf for netgroups map?
>>>>
>>>>>
>>>>>
>>>>> ________________________________________________________________
>>>>> Mark Tovey - UNIX Engineer | Service Strategy & Design UTi | 400 
>>>>> SW Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA 
>>>>> mto...@go2uti.com | O / C +1 503 953-1389 | Skype: mark.tovey2
>>>>>
>>>>> -----Original Message-----
>>>>> From: Martin Kosek [mailto:mko...@redhat.com]
>>>>> Sent: Tuesday, July 16, 2013 12:34 AM
>>>>> To: Tovey, Mark
>>>>> Cc: Steven Jones; James Hogarth; Freeipa-users@redhat.com; Pavel 
>>>>> Brezina
>>>>> Subject: Re: [Freeipa-users] sudo rules user and host group bugs?
>>>>>
>>>>> Just checking, did you try troubleshooting hints from JR I found at the 
>>>>> top of the thread? I did not find an information about that.
>>>>>
>>>>> ~~~~
>>>>> Can you confirm that the output of the following commands:
>>>>> 1. $ domainname
>>>>> * does it match your domain?
>>>>> 2. $ hostname
>>>>> * does match match your fqdn?
>>>>> 3. $ getent netgroup esolutions-sandbox-hosts
>>>>> * does this list your host?
>>>>> 4. Does /etc/nsswitch.conf contain the line: "netgroup:   files sss"?
>>>>>
>>>>>
>>>>> Another important Sudo Troubleshooting step is to edit: 
>>>>> /etc/sudo-ldap.conf (or /etc/ldap.conf, depending on what version of 
>>>>> RHEL/Sudo you're running):
>>>>>
>>>>> At the top, add the line: sudoers_debug 2
>>>>>
>>>>> Then try another sudo command. sudo -l for example.
>>>>> ~~~~
>>>>>
>>>>> For example, it would help to know that netgroup list (step 3) works or 
>>>>> domainname is set correctly (step 1).
>>>>>
>>>>> Martin
>>>>>
>>>>>
>>>>> On 07/16/2013 06:09 AM, Tovey, Mark wrote:
>>>>>>
>>>>>>
>>>>>>       Okay, I stopped sssd on the client and deleted the cache 
>>>>>> files, removed the sudo rule, started sssd and verified that the 
>>>>>> rule was gone, stopped sssd and deleted the files again, added 
>>>>>> the rule back in, restarted sssd, and still it does not work.
>>>>>> One note, when I enter the hosts into the sudo rule in place of 
>>>>>> the host group, the effect is immediate; I do not need to restart 
>>>>>> sssd.  And the opposite is true too: if I put the host group 
>>>>>> back, the rule immediately stops working.  I don't think the 
>>>>>> issue is cache related; it seems to be something else.  The serv_account 
>>>>>> that we are accessing with the sudo rule is external.  I wouldn't expect 
>>>>>> that to matter, but perhaps it does?
>>>>>>
>>>>>>
>>>>>>
>>>>>>       I like your idea for the labels; they make sense.  Right 
>>>>>> now we are just evaluating this to see if we want to go this route.
>>>>>> So far we like it, but this could be a problem because we have a 
>>>>>> several hundred hosts that we need to manage.  Having to enter each one 
>>>>>> individually will be problematic.
>>>>>>
>>>>>>       Thanks,
>>>>>>
>>>>>>       -Mark
>>>>>>
>>>>>>
>>>>>>
>>>>>> * *
>>>>>>
>>>>>> *________________________________________________________________
>>>>>> *
>>>>>>
>>>>>> *Mark Tovey - UNIX Engineer | Service Strategy & Design*
>>>>>>
>>>>>> UTi <http://www.go2uti.com/> | 400 SW Sixth Ave, Suite 1100 | 
>>>>>> Portland
>>>>>> | Oregon
>>>>>> | 97204 | USA
>>>>>>
>>>>>> mto...@go2uti.com <mailto:mto...@go2uti.com> | O / C +1 503 953-1389 | 
>>>>>> Skype:
>>>>>> mark.tovey2
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:*Steven Jones [mailto:steven.jo...@vuw.ac.nz]
>>>>>> *Sent:* Monday, July 15, 2013 4:44 PM
>>>>>> *To:* Tovey, Mark; James Hogarth
>>>>>> *Cc:* Freeipa-users@redhat.com
>>>>>> *Subject:* RE: [Freeipa-users] sudo rules user and host group bugs?
>>>>>>
>>>>>>
>>>>>>
>>>>>> option b) delete the rule totally and redo it from scratch.
>>>>>>
>>>>>> I label rules like this,
>>>>>>
>>>>>> hb-xxxx   for a hbac rule
>>>>>>
>>>>>> su-xxxx for a sudo rule
>>>>>>
>>>>>> sc-xxxx for a sudo command group
>>>>>>
>>>>>> ug-xxxx for a user group
>>>>>>
>>>>>> hg-xxxx for a host groups
>>>>>>
>>>>>> etc
>>>>>>
>>>>>> etc
>>>>>>
>>>>>> It makes the logic easier when you go into command line which I 
>>>>>> find easier to trace with than the gui at time.
>>>>>>
>>>>>>
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Steven Jones
>>>>>>
>>>>>> Technical Specialist - Linux RHCE
>>>>>>
>>>>>> Victoria University, Wellington, NZ
>>>>>>
>>>>>> 0064 4 463 6272
>>>>>>
>>>>>> -----------------------------------------------------------------
>>>>>> --
>>>>>> --
>>>>>> -
>>>>>> ---------
>>>>>>
>>>>>> *From:*Tovey, Mark [mto...@go2uti.com]
>>>>>> *Sent:* Tuesday, 16 July 2013 11:34 a.m.
>>>>>> *To:* Steven Jones; James Hogarth
>>>>>> *Cc:* Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
>>>>>> *Subject:* RE: [Freeipa-users] sudo rules user and host group bugs?
>>>>>>
>>>>>>
>>>>>>
>>>>>>       That didn't work either.  I set up the host group in my 
>>>>>> sudo rule, stopped sssd, renamed /var/lib/sss/db and created a 
>>>>>> new db directory, then restarted sssd.  New files were created in 
>>>>>> the db directory, but it still refuses to work unless the hosts are 
>>>>>> directly specified in the sudo rule.
>>>>>>
>>>>>>       Thanks,
>>>>>>
>>>>>>       -Mark
>>>>>>
>>>>>>
>>>>>>
>>>>>> * *
>>>>>>
>>>>>> *________________________________________________________________
>>>>>> *
>>>>>>
>>>>>> *Mark Tovey - UNIX Engineer | Service Strategy & Design*
>>>>>>
>>>>>> UTi <http://www.go2uti.com/> | 400 SW Sixth Ave, Suite 1100 | 
>>>>>> Portland
>>>>>> | Oregon
>>>>>> | 97204 | USA
>>>>>>
>>>>>> mto...@go2uti.com <mailto:mto...@go2uti.com> | O / C +1 503 953-1389 | 
>>>>>> Skype:
>>>>>> mark.tovey2
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:*Steven Jones [mailto:steven.jo...@vuw.ac.nz]
>>>>>> *Sent:* Monday, July 15, 2013 4:15 PM
>>>>>> *To:* Tovey, Mark; James Hogarth
>>>>>> *Cc:* Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
>>>>>> *Subject:* RE: [Freeipa-users] sudo rules user and host group bugs?
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> This is a known issue Ive suffered a long time with.  What would 
>>>>>> be interesting is adding another host to the host group could 
>>>>>> well work fine, that will really make you bang your head against the 
>>>>>> wall..
>>>>>>
>>>>>> 2 possibilities, stop the sssd daemon on the problem host, delete 
>>>>>> its cache and start it, that might fix it.
>>>>>>
>>>>>> Otherwise best to,
>>>>>>
>>>>>> All RH support could come up with is delete the HBAC rule, sudo 
>>>>>> rule, user group and host group and re-do it, then it will probably work 
>>>>>> fine.
>>>>>>
>>>>>>
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Steven Jones
>>>>>>
>>>>>> Technical Specialist - Linux RHCE
>>>>>>
>>>>>> Victoria University, Wellington, NZ
>>>>>>
>>>>>> 0064 4 463 6272
>>>>>>
>>>>>> -----------------------------------------------------------------
>>>>>> --
>>>>>> --
>>>>>> -
>>>>>> ---------
>>>>>>
>>>>>> *From:*freeipa-users-boun...@redhat.com
>>>>>> <mailto:freeipa-users-boun...@redhat.com>
>>>>>> [freeipa-users-boun...@redhat.com] on behalf of Tovey, Mark 
>>>>>> [mto...@go2uti.com]
>>>>>> *Sent:* Tuesday, 16 July 2013 10:54 a.m.
>>>>>> *To:* James Hogarth
>>>>>> *Cc:* Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
>>>>>> *Subject:* Re: [Freeipa-users] sudo rules user and host group bugs?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>       I checked that and it is set correctly:
>>>>>>
>>>>>>
>>>>>>
>>>>>> [user1@host1 ~]$ nisdomainname
>>>>>>
>>>>>> my_domain.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>       If I try to run a command with the hosts specified 
>>>>>> indirectly through a host group, it fails:
>>>>>>
>>>>>>
>>>>>>
>>>>>> [user1@host1 ~]$ sudo -i -u serv_account
>>>>>>
>>>>>> LDAP Config Summary
>>>>>>
>>>>>> ===================
>>>>>>
>>>>>> uri              ldap://ipa_server.my_domain.com
>>>>>>
>>>>>> ldap_version     3
>>>>>>
>>>>>> sudoers_base     ou=SUDOers,dc=my_domain,dc=com
>>>>>>
>>>>>> binddn           uid=sudo,cn=sysaccounts,cn=etc,dc=my_domain,dc=com
>>>>>>
>>>>>> bindpw           **********
>>>>>>
>>>>>> bind_timelimit   5000
>>>>>>
>>>>>> timelimit        15
>>>>>>
>>>>>> ssl              start_tls
>>>>>>
>>>>>> tls_checkpeer    (yes)
>>>>>>
>>>>>> tls_cacertfile   /etc/ipa/ca.crt
>>>>>>
>>>>>> ===================
>>>>>>
>>>>>> sudo: ldap_initialize(ld, ldap://ipa_server.my_domain.com)
>>>>>>
>>>>>> sudo: ldap_set_option: debug -> 0
>>>>>>
>>>>>> sudo: ldap_set_option: ldap_version -> 3
>>>>>>
>>>>>> sudo: ldap_set_option: tls_checkpeer -> 1
>>>>>>
>>>>>> sudo: ldap_set_option: tls_cacertfile -> /etc/ipa/ca.crt
>>>>>>
>>>>>> sudo: ldap_set_option: timelimit -> 15
>>>>>>
>>>>>> sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5)
>>>>>>
>>>>>>
>>>>>>
>>>>>> sudo: ldap_start_tls_s() ok
>>>>>>
>>>>>> sudo: ldap_sasl_bind_s() ok
>>>>>>
>>>>>> sudo: no default options found!
>>>>>>
>>>>>> sudo: ldap search
>>>>>> '(|(sudoUser=user1)(sudoUser=%user1)(sudoUser=%user1s)(sudoUser=ALL))'
>>>>>>
>>>>>> sudo: found:cn=my_sudo_rule,ou=sudoers,dc=my_domain,dc=com
>>>>>>
>>>>>> sudo: ldap sudoHost '+hgroup1' ... not
>>>>>>
>>>>>> sudo: ldap search 'sudoUser=+*'
>>>>>>
>>>>>> sudo: user_matches=1
>>>>>>
>>>>>> sudo: host_matches=0
>>>>>>
>>>>>> sudo: sudo_ldap_lookup(0)=0x40
>>>>>>
>>>>>> [sudo] password for user1:
>>>>>>
>>>>>> Sorry, try again.
>>>>>>
>>>>>> [sudo] password for user1:
>>>>>>
>>>>>> sudo: 1 incorrect password attempt
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>       But if I remove the host group from the sudo rule and 
>>>>>> directly add the hosts that were in the host group, it works fine:
>>>>>>
>>>>>>
>>>>>>
>>>>>> <snip>
>>>>>>
>>>>>>
>>>>>>
>>>>>> sudo: ldap_start_tls_s() ok
>>>>>>
>>>>>> sudo: ldap_sasl_bind_s() ok
>>>>>>
>>>>>> sudo: no default options found!
>>>>>>
>>>>>> sudo: ldap search
>>>>>> '(|(sudoUser=user1)(sudoUser=%user1)(sudoUser=%user1s)(sudoUser=ALL))'
>>>>>>
>>>>>> sudo: found:cn=my_sudo_rule,ou=sudoers,dc=my_domain,dc=com
>>>>>>
>>>>>> sudo: ldap sudoHost 'host1.my_domain.com' ... MATCH!
>>>>>>
>>>>>> sudo: ldap sudoRunAsUser 'serv_account' ... MATCH!
>>>>>>
>>>>>> sudo: ldap sudoCommand 'ALL' ... MATCH!
>>>>>>
>>>>>> sudo: Command allowed
>>>>>>
>>>>>> sudo: user_matches=1
>>>>>>
>>>>>> sudo: host_matches=1
>>>>>>
>>>>>> sudo: sudo_ldap_lookup(0)=0x02
>>>>>>
>>>>>> [sudo] password for user1:
>>>>>>
>>>>>> [serv_account@host1 ~]$
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>       So something isn't lining up correctly with host groups in 
>>>>>> sudo rules somewhere.  I just haven't been able to track it down.
>>>>>>
>>>>>>       Thanks,
>>>>>>
>>>>>>       -Mark
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> * *
>>>>>>
>>>>>> *________________________________________________________________
>>>>>> *
>>>>>>
>>>>>> *Mark Tovey - UNIX Engineer | Service Strategy & Design*
>>>>>>
>>>>>> UTi <http://www.go2uti.com/> | 400 SW Sixth Ave, Suite 1100 | 
>>>>>> Portland
>>>>>> | Oregon
>>>>>> | 97204 | USA
>>>>>>
>>>>>> mto...@go2uti.com <mailto:mto...@go2uti.com> | O / C +1 503 953-1389 | 
>>>>>> Skype:
>>>>>> mark.tovey2
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:*James Hogarth [mailto:james.hoga...@gmail.com]
>>>>>> *Sent:* Monday, July 15, 2013 1:11 PM
>>>>>> *To:* Tovey, Mark
>>>>>> *Subject:* Re: [Freeipa-users] sudo rules user and host group bugs?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>       Did anyone find a solution for this?  I am having the same 
>>>>>>> experience.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Wow that was a mess...
>>>>>>
>>>>>> To use hostgroups for sudo ensure nisdomainname is set on the 
>>>>>> hosts to the IPA domain.
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Freeipa-users mailing list
>>>>>> Freeipa-users@redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-users mailing list
>>>>> Freeipa-users@redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>>>>
>>>> --
>>>> Thank you,
>>>> Dmitri Pal
>>>>
>>>> Sr. Engineering Manager for IdM portfolio Red Hat Inc.
>>>>
>>>>
>>>> -------------------------------
>>>> Looking to carve out IT costs?
>>>> www.redhat.com/carveoutcosts/
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users@redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users@redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to