Charles Hedrick wrote:
> In my opinion the whole rfc3704bis implementation of net groups is wonky.
Since you seem to be using FreeIPA wouldn't it be a better solution to
implement a script for converting your netgroups into HBAC rules?
I never did this myself though.
Ciao, Michael.
smime.p7s
In my opinion the whole rfc3704bis implementation of net groups is wonky.
This isn’t the only problem. Why is there a distinction between internal and
external hosts? Suppose I add an external host to a net group, and later do ipa
host-add for it. If the distinction actually matters I’d expect
Pavel, does this sound like the bug you were looking at wrt sudo lately?
On Wed, Nov 08, 2017 at 09:46:25PM +, Charles Hedrick wrote:
> Netapp wants the domain field to be blank. That leaves us a problem that’s
> hard to solve.
>
> On Nov 8, 2017, at 4:41 PM, Charles Hedrick
>
Netapp wants the domain field to be blank. That leaves us a problem that’s hard
to solve.
On Nov 8, 2017, at 4:41 PM, Charles Hedrick
> wrote:
OK, I see what’s going on, but it looks like a bug.
We mostly use net groups for hosts. In NIS our
OK, I see what’s going on, but it looks like a bug.
We mostly use net groups for hosts. In NIS our entries like like (hostname,,)
You can put that into IPA by specifying NISdomain=, i.e. blank domain name.
However if you do that, getent shows no entries. That is, entries with blank
hostname
We want to move our net groups from NIS to IPA. I’ve loaded the groups. They’re
visible on a system that uses nslcd pointed at the IPA server. But the systems
that use SSSD for authentication don’t show anything. The net groups all show
as undefined.
I’ve turned on debugging and looked at the
On Wed, Nov 8, 2017 at 3:39 PM, Sumit Bose wrote:
> On Wed, Nov 08, 2017 at 02:39:46PM -0500, Asif Iqbal wrote:
> > On Thu, Nov 2, 2017 at 12:05 PM, Asif Iqbal wrote:
> >
> > > Hi
> > >
> > > I like to authenticate user based on uid if meets the following two
On Wed, Nov 08, 2017 at 02:39:46PM -0500, Asif Iqbal wrote:
> On Thu, Nov 2, 2017 at 12:05 PM, Asif Iqbal wrote:
>
> > Hi
> >
> > I like to authenticate user based on uid if meets the following two
> > requirements
> >
> > ldap_search_base = ou=People,dc=mnet,dc=qintra,dc=com
>