Morning,

We have a collection of hosts within prod1.local.lan. However, the
domain section of the shadow netgroups for the hosts is
mgmt.prod.local.lan. This seems to prevent sudo rules working on these
hosts unless they specify all hosts -

-sh-4.2$ getent netgroup oepp_hosts
oepp_hosts           
(oeppsdas001.z2.prod1.local.lan,-,mgmt.prod.local.lan)
(oeppsdas002.z2.prod1.local.lan,-,mgmt.prod.local.lan)
(oeppservice001.z2.prod1.local.lan,-,mgmt.prod.local.lan)
(oeppredis002.z4.prod1.local.lan,-,mgmt.prod.local.lan)
(oeppredis001.z4.prod1.local.lan,-,mgmt.prod.local.lan)
-sh-4.2$ hostname
oeppredis001.z4.prod1.local.lan
-sh-4.2$ nisdomainname
local.lan
-sh-4.2$ domainname
local.lan

The VMs associated with these hosts have recently been migrated and
re-enrolled against a new IPA server. The originals all had netgroup
domains of local.lan so something must have gone wrong in the migration
process. Is there a way to correct the netgroup domains of these hosts,
or is the only option to run ipa-client-install --uninstall followed by
ipa-client-install to reattach them ?

Many thanks

Bob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to