On Thu, Mar 19, 2015 at 10:32:08PM +0100, Andrew Holway wrote:
I wasn't precise enough, I meant the sssd version, sorry. But given that
you're on RHEL-7, I think you can switch to:
sudo_provider=ipa
That does indeed seem to work. Thanks!
You're welcome, btw if you set up your
On Wed, Mar 18, 2015 at 01:11:44PM -0400, Rob Crittenden wrote:
On Wed, Mar 18, 2015 at 17:40:19 +0100, Andrew Holway wrote:
Im wondering how we should be handing SSSD for redundant configurations
on our freeipa clients. We have three freeipa servers; how can we make
SSSD check another
Actually, I stumbled across this which explains everything you need to do
to get sudo working on Centos6 clients.
https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html
I have had to kind of scratch together bits of information from various
sources including this list (thanks!!)
On Fri, Mar 20, 2015 at 09:20:15AM +0100, Andrew Holway wrote:
Actually, I stumbled across this which explains everything you need to do
to get sudo working on Centos6 clients.
https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html
I have had to kind of scratch together bits
On Fri, Mar 20, 2015 at 11:06:04AM +0100, Jan Pazdziora wrote:
On Wed, Mar 18, 2015 at 01:11:44PM -0400, Rob Crittenden wrote:
On Wed, Mar 18, 2015 at 17:40:19 +0100, Andrew Holway wrote:
Im wondering how we should be handing SSSD for redundant configurations
on our freeipa clients.
Hi,
I am having one of those really annoying pesky troubles.
I add clients to freeipa but the first time I am logging in and trying to
sudo with my freeipa credentials the sudo is not working. If I restart the
SSSD process this usually fixes it but not always. Im going to try and do
some
On Fri, Mar 20, 2015 at 04:05:56PM +0100, Andrew Holway wrote:
Hi,
I am having one of those really annoying pesky troubles.
I add clients to freeipa but the first time I am logging in and trying to
sudo with my freeipa credentials the sudo is not working. If I restart the
SSSD process
On Fri, Mar 20, 2015 at 11:51:14AM +0100, Jakub Hrozek wrote:
Or even better, set the weight and priority fields on the server and
keep using SRV resolution :-)
How do you specify different priorities for different consumers if
the DNS is IPA-based (== the records are in LDAP and replicated)?
On Fri, Mar 20, 2015 at 01:02:58PM +0100, Jan Pazdziora wrote:
On Fri, Mar 20, 2015 at 11:51:14AM +0100, Jakub Hrozek wrote:
Or even better, set the weight and priority fields on the server and
keep using SRV resolution :-)
How do you specify different priorities for different consumers
,'cvml','freeipa-users-boun...@redhat.com');] *On
Behalf Of *Andrew Holway
*Sent:* Wednesday, March 18, 2015 9:40 AM
*To:* freeipa-users@redhat.com
javascript:_e(%7B%7D,'cvml','freeipa-users@redhat.com');
*Subject:* [Freeipa-users] SSSD in redundant configuration
Hello,
Im
On Thu, Mar 19, 2015 at 08:42:42AM +0100, Andrew Holway wrote:
Cool stuff. Thanks.
I had a look at our SRV records and found the following:
_kerberos-master._tcp
_kerberos-master._udp
_kerberos._tcp
_kerberos._udp
_kpasswd._tcp
_kpasswd._udp
_ldap._tcp
_ntp._udp
No mention of and
I am having problems with sudo and using _srv_ in the sssd config.
This works:
# For the SUDO integration
sudo_provider = ldap
ldap_uri = ldap://test-freeipa-1.cloud.domain.de
ldap_sudo_search_base = ou=sudoers,dc=cloud,dc=native-instruments,dc=de
ldap_sasl_mech = GSSAPI
ldap_sasl_authid =
I wasn't precise enough, I meant the sssd version, sorry. But given that
you're on RHEL-7, I think you can switch to:
sudo_provider=ipa
That does indeed seem to work. Thanks!
and remove all the ldap_ config parameters as well as krb5_server.
--
Manage your subscription for the
On Thu, Mar 19, 2015 at 03:51:48PM +0100, Andrew Holway wrote:
I am having problems with sudo and using _srv_ in the sssd config.
This works:
# For the SUDO integration
sudo_provider = ldap
ldap_uri = ldap://test-freeipa-1.cloud.domain.de
ldap_sudo_search_base =
Hi Jakub,
Name: ipa-client
Arch: x86_64
Version : 3.3.3
Release : 28.0.1.el7.centos.3
On 19 March 2015 at 17:33, Jakub Hrozek jhro...@redhat.com wrote:
On Thu, Mar 19, 2015 at 03:51:48PM +0100, Andrew Holway wrote:
I am having problems with sudo and using _srv_ in the
On Thu, Mar 19, 2015 at 05:38:49PM +0100, Andrew Holway wrote:
Hi Jakub,
Name: ipa-client
Arch: x86_64
Version : 3.3.3
Release : 28.0.1.el7.centos.3
I wasn't precise enough, I meant the sssd version, sorry. But given that
you're on RHEL-7, I think you can switch to:
Hello,
Im wondering how we should be handing SSSD for redundant configurations on
our freeipa clients. We have three freeipa servers; how can we make SSSD
check another freeipa in the event that one goes down?
It appears we can do something like the following:
ipa_hostname =
Craig White wrote:
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Andrew Holway
*Sent:* Wednesday, March 18, 2015 9:40 AM
*To:* freeipa-users@redhat.com
*Subject:* [Freeipa-users] SSSD in redundant configuration
Hello,
Im
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Andrew Holway
Sent: Wednesday, March 18, 2015 9:40 AM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] SSSD in redundant configuration
Hello,
Im wondering how we should be handing SSSD
19 matches
Mail list logo