I'm migrating our nis environment to freeipa 4.2.0 on Redhat 7.

I need to have the netgroups set up in freeipa before migrating systems to be freeipa clients.

At this point I'm trying to understand the relationship between hostgroups and netgroups and whether I should just be using ipa netgroup-add and ipa netgroup-add-member commands or whether I should be using equivalent ipa hostgroup* commands.

Section 14.5.1 of the Redhat 7 Domain Identity Authentication and Policy Guide is telling me that I get a shadow netgroup for every hostgroup I create and that I can manage these netgroups with the "ipa-host-net-manage" command.

I don't see the ipa-host-net-manage command. There are
ipa host* commands but these don't include ipa host-net* commands. What am I missing here?

Also the ipa netgroup* commands don't seem to be able to manage the shadow netgroups so I'm currently unable to manipulate my shadow netgroups to eg change the nisdomain associated with them. How do I do that?

Also it looks like I can't add non-ipa clients into hostgroups so presumable not into shadow netgroups either, so maybe this is a non-starter for me. Did I understand that correctly?


Roderick Johnstone

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to