I just deleted the netgroup, even though getent is resolving. [root@mipa ~]# getent netgroup stg.initd.com stg.initd.com (cipa.stg.initd.com,-,stg.initd.com) [root@mipa ~]# ipa netgroup-show stg.initd.com ipa: ERROR: stg.initd.com: netgroup not found
Sent IPA Server Logs to you individually. *Best Regards,__________________________________________* *Yogesh Sharma* *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in <http://www.initd.in>* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> On Mon, Mar 23, 2015 at 4:18 PM, Yogesh Sharma <yks0...@gmail.com> wrote: > Seeing a strange behavior. > > I deleted all Host Members from NetGroup and it was reflected in Client: > > [root@cipa ~]# getent netgroup stg.initd.com > stg.initd.com > > then I added one hostgroup *"cipa" * and it was successfully quried in > getent on IPA Server > > [root@mipa ~]# getent netgroup stg.initd.com > stg.initd.com (cipa.stg.initd.com,-,stg.initd.com) > > However, when adding another hostgroup in Netgroup , I am not able to see > that in getent though ipa command list it. > > > > [root@mipa ~]# ipa netgroup-show stg.initd.com > Netgroup name: stg.initd.com > Description: sssss > NIS domain name: stg.initd.com > Member Group: admins, ipausers, masteruser, trust admins, webuser > Member Hostgroup: cipa-servers, sipa-servers > [root@mipa ~]# > > > My Client is also unaware of changes. > > [root@cipa ~]# getent netgroup stg.initd.com > stg.initd.com > [root@cipa ~]# > > > Is it network issue or sssd caching problem. Restart of SSSD also does not > fix the problem. > > Should I share my SSSD logs of IPA server or Client or Both. Please > suggest. > > > > > > > > > *Best Regards,__________________________________________* > > *Yogesh Sharma* > *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in > <http://www.initd.in>* > > RHCE, VCE-CIA, RackSpace Cloud U > [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> > > > On Mon, Mar 23, 2015 at 2:59 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > >> On Mon, Mar 23, 2015 at 02:23:52PM +0530, Yogesh Sharma wrote: >> > Sure Jakub. ++FreeIPA-Users >> > >> > "getent netgroup" not working on IPA Server >> > >> > [root@mipa ~]# getent netgroup stg.initd.com >> > [root@mipa ~]# >> > >> > >> > >> > [root@mipa ~]# ipa hostgroup-show cipa-servers >> > Host-group: cipa-servers >> > Description: cipa >> > Member hosts: cipa.stg.initd.com >> > Member of netgroups: stg.initd.com >> > >> > [root@mipa ~]# ipa netgroup-show stg.initd.com >> > Netgroup name: stg.initd.com >> > Description: ss >> > NIS domain name: stg.initd.com >> > Member Group: admins, ipausers, masteruser, trust admins, webuser >> > Member Hostgroup: sipa-servers, cipa-servers >> > >> > However, I re-register the IPA Client and I am able to query netgroup, >> > Though it does not shows cipa.stg.initd.com whereas IPA Server query >> "ipa >> > netgroup-show stg.initd.com" has it in list. >> > >> > [root@cipa ~]# getent passwd admin >> > admin:*:1170400000:1170400000:Administrator:/home/admin:/bin/bash >> > [root@cipa ~]# getent netgroup stg.initd.com >> > stg.initd.com (sipa.stg.initd.com,-,stg.initd.com) >> > [root@cipa ~]# >> >> OK, then we need to see the SSSD logs, but if the client suddently >> started working, then I suspect some networking issues. >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project