On Thu, 2014-05-01 at 16:32 -0400, Dmitri Pal wrote: > On 05/01/2014 04:07 PM, Dean Hunter wrote: > > > > > I just noticed that I had been incorrectly setting the NIS domain > > name since upgrading to Fedora 20 and FreeIPA 3.3.4, yet I appear to > > be successfully retrieving and using sudo rules from FreeIPA. Is > > sudo still using NIS-style netgroups? Is there still a requirement > > to set the NIS domain name? > > > I think NIS domain is needed for netgroups. If you are not using > netgroups in the sudo rules but just user groups you should be fine. > Is this the case with you? > If not please provide the logs and config. >
I am not aware of using netgroups, either the IPA object or any other kind. I just remember that when I was first configuring sudo to retrieve rules from IPA it would not work until I set nisdomainname in /etc/rc.d/rc.local. Here is the quote from section 14.4 of the manual: Even though sudo uses NIS-style netgroups, it is not necessary to have a NIS server installed. Netgroups require that a NIS domain be named in their configuration, so sudo requires that a NIS domain be named for netgroups. However, that NIS domain does not actually need to exist. With Fedora 20 I can no longer find the emulation of rc.local that existed in Fedora 19. I did find fedora-domainname.service and started and enabled it but neglected to configure /etc/sysconfig/network. Yet IPA sudo rules appear to work.
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users