In our deployment we use subdomains but set NIS domain to main domain: example.com has subdomains na.example.com wa.example.com ...
all machines work fine with that but in /etc/sysconfig/network we have NISDOMAIN='example.com' This way sudo rules get evaluated see getent netgroup <hostgroup> On Thu, Aug 29, 2013 at 5:55 PM, Dmitri Pal <d...@redhat.com> wrote: > On 08/19/2013 09:05 AM, Thomas Raehalme wrote: > > Hi! > > > > We are in the process of deploying FreeIPA in our virtual environment. > > So far things are working smoothly and I am really impressed by the > > solution! > > > > One question has risen as we have added our first clients to the > > system. Because the total number of clients is 50 and going up, we > > have divided our servers to subdomains depending on the purpose of the > > server, ie. test servers in one subdomain, internal services on > > another and so on. There is, however, no need for each subdomain to > > have its own IPA server. > > > > Let's say we're using domain example.com. Adding clients a.example.com > > and b.example.com was smooth. Adding client a.sub1.example.com also > > had no problems until I tried to get sudoers from the IPA server > > (using SSSD and LDAP as suggested). The client fails to find any users > > matching the server name. Because the only difference compared to a > > fully functional server is the dot in the host name, that's probably > > the reason why no sudoers are found for the server in the subdomain? > > > > For IPA master I am using CentOS 6.4 and > > ipa-server-3.0.0-26.el6_4.4.x86_64. The clients are also CentOS 6.4 > > with ipa-client-3.0.0-26.el6_4.4.x86_64. > > > > Any help is appreciated! Please let me know if providing any piece of > > information helps. > > > > Best regards, > > Thomas > > > > _______________________________________________ > > Freeipa-users mailing list > > Freeipa-users@redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Was there any help provided for this request? > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users