Morning, We have a collection of hosts within prod1.local.lan. However, the domain section of the shadow netgroups for the hosts is mgmt.prod.local.lan. This seems to prevent sudo rules working on these hosts unless they specify all hosts -
-sh-4.2$ getent netgroup oepp_hosts oepp_hosts (oeppsdas001.z2.prod1.local.lan,-,mgmt.prod.local.lan) (oeppsdas002.z2.prod1.local.lan,-,mgmt.prod.local.lan) (oeppservice001.z2.prod1.local.lan,-,mgmt.prod.local.lan) (oeppredis002.z4.prod1.local.lan,-,mgmt.prod.local.lan) (oeppredis001.z4.prod1.local.lan,-,mgmt.prod.local.lan) -sh-4.2$ hostname oeppredis001.z4.prod1.local.lan -sh-4.2$ nisdomainname local.lan -sh-4.2$ domainname local.lan The VMs associated with these hosts have recently been migrated and re-enrolled against a new IPA server. The originals all had netgroup domains of local.lan so something must have gone wrong in the migration process. Is there a way to correct the netgroup domains of these hosts, or is the only option to run ipa-client-install --uninstall followed by ipa-client-install to reattach them ? Many thanks Bob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
