On (01/05/14 15:53), Dean Hunter wrote:
>On Thu, 2014-05-01 at 16:32 -0400, Dmitri Pal wrote:
>> On 05/01/2014 04:07 PM, Dean Hunter wrote:
>> 
>> > 
>> > I just noticed that I had been incorrectly setting the NIS domain
>> > name since upgrading to Fedora 20 and FreeIPA 3.3.4, yet I appear to
>> > be successfully retrieving and using sudo rules from FreeIPA.  Is
>> > sudo still using NIS-style netgroups?  Is there still a requirement
>> > to set the NIS domain name? 
>> 
>> 
>> I think NIS domain is needed for netgroups. If you are not using
>> netgroups in the sudo rules but just user groups you should be fine.
>> Is this the case with you?
>> If not please provide the logs and config.
>> 
>
>I am not aware of using netgroups, either the IPA object or any other
>kind.  I just remember that when I was first configuring sudo to
>retrieve rules from IPA it would not work until I set nisdomainname
>in /etc/rc.d/rc.local.  Here is the quote from section 14.4 of the
>manual:
>
>
>        Even though sudo uses NIS-style netgroups, it is not necessary
>        to have a NIS server installed. Netgroups require that a NIS
>        domain be named in their configuration, so sudo requires that a
>        NIS domain be named for netgroups. However, that NIS domain does
>        not actually need to exist.
>        
>
>With Fedora 20 I can no longer find the emulation of rc.local that
>existed in Fedora 19.  I did find fedora-domainname.service and started
>and enabled it but neglected to configure /etc/sysconfig/network.  Yet
>IPA sudo rules appear to work.
>
Hope It helps you
http://www.redhat.com/archives/freeipa-users/2014-April/msg00248.html

LS

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to