Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

21.3. Creating Netgroups

21.3.1. Adding a Netgroup

To add a Netgroup, you can use:

Web UI: Adding a Netgroup

  1. Select IdentityGroupsNetgroups
  2. Click Add.
  3. Enter a unique name and, optionally, a description. The group name is the identifier used for the netgroup in the IdM domain. You cannot change it later.
  4. Click Add and Edit to save the changes and to start editing the entry.
  5. The default NIS domain is set to the IdM domain name. Optionally, you can enter the name of the alternative NIS domain in the NIS domain name field.

    Figure 21.1. Netgroup Tab

    Netgroup Tab
    The NIS domain name field sets the domain that appears in the netgroup triple. It does not affect which NIS domain the Identity Management NIS listener responds to.
  6. Click Save.

Command Line: Adding a Netgroup

You can add a new netgroup using the ipa netgroup-add command. Specify:
  • the group name.
  • optionally, a description.
  • optionally, the NIS domain name if it is different than the IdM domain name.
    Note
    The --nisdomain option sets the domain that appears in the netgroup triple. It does not affect which NIS domain the Identity Management listener responds to.
For example:
[root@server ~]# ipa netgroup-add --desc="Netgroup description" --nisdomain="example.com" example-netgroup

21.3.2. Adding Members to a Netgroup

Beside users and hosts, netgroups can contain user groups, host groups, and other netgroups (nested groups) as members. Depending on the size of a group, it can take up to several minutes after you create a nested groups for the members of the child group to show up as members of the parent group.
To add members to a Netgroup, you can use:
Warning
Do not create recursive nested groups. For example, if GroupA is a member of GroupB, do not add GroupB as a member of GroupA. Recursive groups are not supported and can cause unpredictable behavior.

Web UI: Adding Members to a Netgroup

To add members to a netgroup using the Web UI:
  1. Select IdentityGroupsNetgroups
  2. Click the name of the netgroup to which to add members.
  3. Click Add next to the required member type.

    Figure 21.2. User Menu in the Netgroup Tab

    User Menu in the Netgroup Tab
  4. Select the members you want to add, and click > to confirm.

    Figure 21.3. Add User Menu in the Netgroup Tab

    Add User Menu in the Netgroup Tab
  5. Click Add.

Command Line: Adding Members to a Netgroup

After you created the netgroup, you can add members using the ipa netgroup-add-member command:
# ipa netgroup-add-member --users=user_name --groups=group_name --hosts=host_name \
     --hostgroups=host_group_name --netgroups=netgroup_name group_nameame
To set more than one member, use a comma-separated list inside a set of curly braces. For example:
[root@server ~]# ipa netgroup-add-member --users={user1;user2,user3} \
     --groups={group1,group2} example-group