Hi Pavel, can you help us with this thread?

> On 12 Aug 2016, at 21:57, Jeff Goddard <jgodd...@emerlyn.com> wrote:
> 
> 
> 
> On Fri, Aug 12, 2016 at 3:53 PM, Justin Stephenson <jstep...@redhat.com> 
> wrote:
> In the CentOS/RHEL 7 version of sssd, a NIS netgroup is created automatically 
> in the IPA compat tree under 'cn=ng,cn=compat,$suffix' because sudo has no 
> understanding of hostgroups.
> 
> You should be able to query this on a client with 
>       # getent netgroup office
> 
> This should return nisNetgroupTriple for each host in the hostgroup
>      (ipa-client-1.example.com,-,example.com) 
> (ipa-client-2.example.com,-,example.com)
> 
> I would check this in your environment between working and non-working 
> systems.
> I believe in later versions of sssd they added IPA sudo schema support to 
> eliminate the need for the compat tree so this could be related to the issue 
> if newer ubuntu clients are not working but CentOS is working.
> 
> What version of sssd are you running?
> Kind regards,
> 
> Justin Stephenson
> On 08/12/2016 02:35 PM, Jeff Goddard wrote:
>> I made the edit as suggested - removing nis and just leaving sss - restarted 
>> sssd and then re-tried. I also tried with files sss. Still getting the same 
>> result.
>> 
>> Thanks,
>> 
>> Jeff
> The query returns the expect results:
> 
>  getent netgroup office
> office                
> (docker-dev-01.internal.emerlyn.com,-,internal.emerlyn.com) 
> (docker-dev-02.internal.emerlyn.com,-,internal.emerlyn.com) 
> (docker-dev-03.internal.emerlyn.com,-,internal.emerlyn.com) [more hosts]
> 
> sssd version is 1.13.4
> 
> Jeff
> 
> 
> 


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to