We are in the process of deploying FreeIPA in our virtual environment.
So far things are working smoothly and I am really impressed by the

One question has risen as we have added our first clients to the
system. Because the total number of clients is 50 and going up, we
have divided our servers to subdomains depending on the purpose of the
server, ie. test servers in one subdomain, internal services on
another and so on. There is, however, no need for each subdomain to
have its own IPA server.

Let's say we're using domain example.com. Adding clients a.example.com
and b.example.com was smooth. Adding client a.sub1.example.com also
had no problems until I tried to get sudoers from the IPA server
(using SSSD and LDAP as suggested). The client fails to find any users
matching the server name. Because the only difference compared to a
fully functional server is the dot in the host name, that's probably
the reason why no sudoers are found for the server in the subdomain?

For IPA master I am using CentOS 6.4 and
ipa-server-3.0.0-26.el6_4.4.x86_64. The clients are also CentOS 6.4
with ipa-client-3.0.0-26.el6_4.4.x86_64.

Any help is appreciated! Please let me know if providing any piece of
information helps.

Best regards,

Freeipa-users mailing list

Reply via email to