We have a collection of hosts within prod1.local.lan. However, the
domain section of the shadow netgroups for the hosts is This seems to prevent sudo rules working on these
hosts unless they specify all hosts -

-sh-4.2$ getent netgroup oepp_hosts
-sh-4.2$ hostname
-sh-4.2$ nisdomainname
-sh-4.2$ domainname

The VMs associated with these hosts have recently been migrated and
re-enrolled against a new IPA server. The originals all had netgroup
domains of local.lan so something must have gone wrong in the migration
process. Is there a way to correct the netgroup domains of these hosts,
or is the only option to run ipa-client-install --uninstall followed by
ipa-client-install to reattach them ?

Many thanks


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to