After further testing, I've discovered that the dev system wasn't working
as well as I thought it was: HBAC and sshd don't seem to be playing well
together on one server, but fine on the other?
ie, I can run the same commands from both ipa-server and ipa-client:
ipa hbactest --user=user1
Hola,
I've set up a test domain that's as much as possible the same as the prod
domain, and successfully got a one way trust against the AD: cantos 7.2,
ipa 4.2.0-15/api2.156, sssd (copr) 1.14.1-3
On that test domain I believe I have HBAC working successfully.
Once I could show that it was
After an IPA server is re-initialized it immediately begins failing
incremental updates. I checked the kerberos logs and things appear to
be ok there, I can manually test LDAP from all servers against all
other servers.
There is an DS5ReplicaBindDN entry in "dn:
Nice, I think that page may also solve my problem. Going to try it soon.
> On Oct 10, 2016, at 1:35 PM, Степаненко Алексей
> wrote:
>
> I read again the topic
> http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA/NTMLSSP
>
>
Hello FreeIPA community.
I've inherited a group of three FreeIPA v4.2 servers on CentOS 7.2.
I had to reboot one of the servers and now IPA won't run saying, "Upgrade
required: please run ipa-server-upgrade command."
But when I run ipa-server-upgrade I get an error:
ipa: ERROR: Upgrade failed
I read again the topic
http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA/NTMLSSP
It works exactly as I wanted
ipa-adtrust-install created next configuration:
$ net conf list
[global]
workgroup = WORKGROUP
netbios name = SMB
realm = GW.SPB.RU