Seeing a strange behavior. I deleted all Host Members from NetGroup and it was reflected in Client:
[root@cipa ~]# getent netgroup stg.initd.com stg.initd.com then I added one hostgroup *"cipa" * and it was successfully quried in getent on IPA Server [root@mipa ~]# getent netgroup stg.initd.com stg.initd.com (cipa.stg.initd.com,-,stg.initd.com) However, when adding another hostgroup in Netgroup , I am not able to see that in getent though ipa command list it. [root@mipa ~]# ipa netgroup-show stg.initd.com Netgroup name: stg.initd.com Description: sssss NIS domain name: stg.initd.com Member Group: admins, ipausers, masteruser, trust admins, webuser Member Hostgroup: cipa-servers, sipa-servers [root@mipa ~]# My Client is also unaware of changes. [root@cipa ~]# getent netgroup stg.initd.com stg.initd.com [root@cipa ~]# Is it network issue or sssd caching problem. Restart of SSSD also does not fix the problem. Should I share my SSSD logs of IPA server or Client or Both. Please suggest. *Best Regards,__________________________________________* *Yogesh Sharma* *Email: [email protected] <[email protected]> | Web: www.initd.in <http://www.initd.in>* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> On Mon, Mar 23, 2015 at 2:59 PM, Jakub Hrozek <[email protected]> wrote: > On Mon, Mar 23, 2015 at 02:23:52PM +0530, Yogesh Sharma wrote: > > Sure Jakub. ++FreeIPA-Users > > > > "getent netgroup" not working on IPA Server > > > > [root@mipa ~]# getent netgroup stg.initd.com > > [root@mipa ~]# > > > > > > > > [root@mipa ~]# ipa hostgroup-show cipa-servers > > Host-group: cipa-servers > > Description: cipa > > Member hosts: cipa.stg.initd.com > > Member of netgroups: stg.initd.com > > > > [root@mipa ~]# ipa netgroup-show stg.initd.com > > Netgroup name: stg.initd.com > > Description: ss > > NIS domain name: stg.initd.com > > Member Group: admins, ipausers, masteruser, trust admins, webuser > > Member Hostgroup: sipa-servers, cipa-servers > > > > However, I re-register the IPA Client and I am able to query netgroup, > > Though it does not shows cipa.stg.initd.com whereas IPA Server query > "ipa > > netgroup-show stg.initd.com" has it in list. > > > > [root@cipa ~]# getent passwd admin > > admin:*:1170400000:1170400000:Administrator:/home/admin:/bin/bash > > [root@cipa ~]# getent netgroup stg.initd.com > > stg.initd.com (sipa.stg.initd.com,-,stg.initd.com) > > [root@cipa ~]# > > OK, then we need to see the SSSD logs, but if the client suddently > started working, then I suspect some networking issues. >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
