Hola,
We couldn't get sssd and sudo to work and discovered this on the SSSD
troubleshooting page:
https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO#Knownissues
Is this on the radar to be solved at all or is it unsolvable?
Cheers
L.
--
The most dangerous phrase in the language is,
> -Original Message-
> From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
> boun...@redhat.com] On Behalf Of Alexander Bokovoy
> Sent: Thursday, 19 May 2016 5:12 PM
> To: Lachlan Musicman
> Cc: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] File user and group ownership
> -Original Message-
> From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
> boun...@redhat.com] On Behalf Of Jakub Hrozek
> Sent: Thursday, 19 May 2016 5:22 PM
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] File user and group ownership listings...
>
> On Thu,
Hello,
I've set up a one-way trust to an Active Directory domain. Things
seem to roughly work, but something's missing.
Can any kind soul spot a problem with my configuration, or advise on
how to further troubleshoot?
Facts:
- An AD user gets 'Access denied' when SSH'ing by password to the
hi users/devs
I've poked around samba list but was suggested to ask sssd
people, I thought IPA's might know as well.
Having joined AD with realm - can samba take advantage of
this membership? And if so then to what extent?
many thanks,
L.
--
Manage your subscription for the Freeipa-users
Hello all,
As OS X allows LDAP server failover via the altServer attribute (RFC4512)
from RootDSE, it would be great to be able to configure our Macs to connect
to a single FreeIPA server and add other FreeIPA servers as multiple
altServer values.
The current schema doesn't seem to support adding
On 05/19/2016 04:12 PM, lejeczek wrote:
> hi evebody
>
> I'd like to ask how does, what ipa installation does ot a box, relate to
> authconfig?
>
> I am specifically thinking of the fact that authconfig does not indicate that
> IPAv2 is used, on a box which is IPA member/client.
>
> Is it
(apologize for possible double post)
Can you share the details of how you managed to this with FreeIPA (even
if it includes kadmin.local work)? Many thanks!
On 5/18/16 6:03 PM, Coy Hile wrote:
> When I've done this in the past, I used mit directly, not IPA. I set up a one
> way trust, then
hi evebody
I'd like to ask how does, what ipa installation does ot a
box, relate to authconfig?
I am specifically thinking of the fact that authconfig does
not indicate that IPAv2 is used, on a box which is IPA
member/client.
Is it because it is for some older IPA, that "v2"? If yes,
Right, you have some process that creates the shadow accounts with a random,
unknown, unused pass. This assumes you have some workflow for provisioning
rather than doing ad hoc ipa user add as a human.
Sent from my iPad
> On May 18, 2016, at 23:20, John Meyers
On 05/17/2016 01:54 AM, Jeffery Harrell wrote:
> Is there a “soft” way to change the number of rows in tables like the hosts
> and
> DNS records search facets? I think I’d happily trade a little interactivity
> when
> going from one facet to another for the ability to see four or five times as
Hi:
As stated in the guidline online.../root/ipa.crt is the server cert
generated by 3rd patry CA ? or the CA cert itself that need to pair with
server cert later. thx
Give the CSR to your external CA and have them issue you a new certificate.
We assume that the resulting certificate is saved
For the replication issues please see
http://directory.fedoraproject.org/docs/389ds/howto/howto-replicationmonitoring.html
This has a perl script that you can use.
As for the authentication of the user monitoring replication, we thought
about it and ended up allowing anonymous reads on the
On Thu, May 19, 2016 at 04:33:45PM +1000, Lachlan Musicman wrote:
> Now that groups are working as expected, we have noticed that when listing
> a directory the user and group now have full domain qualifiers.
>
> This doesn't look great. We've also noticed that we now need to
>
> chown
On Wed, May 18, 2016 at 11:17:05PM +, Simpson Lachlan wrote:
> > -Original Message-
> > From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
> > boun...@redhat.com] On Behalf Of Jakub Hrozek
> > Sent: Wednesday, 18 May 2016 5:40 PM
> > To: freeipa-users@redhat.com
> > Subject:
On Thu, 19 May 2016, Lachlan Musicman wrote:
Now that groups are working as expected, we have noticed that when listing
a directory the user and group now have full domain qualifiers.
This doesn't look great. We've also noticed that we now need to
chown :group@subdomain filename
(with
Now that groups are working as expected, we have noticed that when listing
a directory the user and group now have full domain qualifiers.
This doesn't look great. We've also noticed that we now need to
chown :group@subdomain filename
(with default_domain_suffix set).
Is there a reason why
> -Original Message-
> From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
> boun...@redhat.com] On Behalf Of Alexander Bokovoy
> Sent: Thursday, 19 May 2016 4:07 PM
> To: Lachlan Musicman
> Cc: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] AD group membership
>
> On
We have:AD->winsync->FIPA1<->replica<->FIPA2etc to multiple other replicas from
FIPA1
What we want is to establish separate set of FIPA replicas which wold still
have information from AD and yet would not 'pollute' the FIPA1/FIPA2 replicas
above.
So far we have considered following options:1.
On Wed, 18 May 2016, John Meyers wrote:
All,
FreeIPA as we've discovered has some wonderful Windows integration
capability, but it is all predicated on Windows AD being the
authoritative source of user information. 2-Way trusts are great, but
they only work for kerberotized applications, not
On Thu, 19 May 2016, Lachlan Musicman wrote:
Hi,
We seem to have some progress, after reading this blog post about sssd
performance tuning.
https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/
So now we see that on the FreeIPA server, everything
21 matches
Mail list logo