Thank you so much Rob ! It works juste fine :) Alexandre
Le 13 août 2013 à 14:42, Rob Crittenden <rcrit...@redhat.com> a écrit : > Alexandre Ellert wrote: >> Hi, >> >> I'm trying to get working a sudo rule for a group of user, basically if want >> to allow all the developers (dev-users) to become root on developers servers >> (dev-servers). >> When this rule is applied to a single host or all hosts or severals named >> host, it works fine : dev-users can sudo without prompting for a password (I >> have sudo option !authenticate) >> But if I apply the rule to the dev-servers group, it doesn't work : when a >> member of dev-users try to sudo, it prompt for a password and even the >> password is correct, password is asked again. >> >> I use ipa-server-3.0.0-26.el6_4.4 and RHEL 6 and a custom Debian package for >> clients (based on freeipa 3.0.2). >> I checked /etc/sudo-ldap.conf, /etc/nsswitch.conf and /etc/rc.local on >> clients and everything seems correct. >> >> Do i missed something ? >> >> Thanks for your help. > > hostgroups are visible as netgroups on client machines, so you need a working > netgroups configuration. You should have sss as a provider for netgroup in > /etc/nsswitch.conf and you need to set the NIS domain name via nisdomainname > (to match your domain name). > > You can test fetching a hostgroup as a netgroup with: getent netgroup > dev-users. It should look something like: > > dev-users (host1.example.com,-,example.com) > (host2.example.com,-,example.com) > > rob _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users