[Freeipa-users] Netgroups and users
Sigbjorn Lie
sigbjorn at nixtra.com
Tue Dec 13 22:15:48 UTC 2011
On 12/13/2011 11:01 PM, Dmitri Pal wrote:
> On 12/13/2011 04:50 PM, Sigbjorn Lie wrote:
>> Hi,
>>
>> When adding users or user groups to a netgroup, the format of the
>> netgrouptriple ends up as following:
>>
>> nisNetgroupTriple: (-,username,ix.test.com)
>>
>> The extra "-" prevents me from using IPA's netgroups for tcp wrappers
>> using /etc/hosts.allow and /etc/hosts.deny for user access control.
>>
>> Making the same test with a NIS server, creating the same entry
>> without the "-", works for user access control.
>>
>> Looking at 389-ds' wiki, the "-" should not be there:
>> http://directory.fedoraproject.org/wiki/Howto:Netgroups
>>
>> Is this a configurable setting? Or should I open a ticket?
>>
>>
>> Regards,
>> Siggi
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> Are you using DS or IPA?
IPA :)
> IPA uses internal schema for netgroups to take advantage of some of the
> associations and exposes 2307bis schema for netgroups via compat plugin.
> Are you pointing clients at compat tree?
Yes. The netgroups are exposed, they just had an added "-" in the host
field.
> Are you trying to add the
> entries manually and not using the provided interfaces?
No, the entries we're added using the provided interface.
More information about the Freeipa-users
mailing list