well I dont know how or what command to use to display the logs, could you
teach me how? , but yes the network.negotiate-auth.trusted-uris has the same
domain name which is example.com this is on the server side only
while on the client side, even though the network.negotiate-auth.trusted-uris
is configured correctly, the web UI can't be accessed so its a really weird
scenario. but the registration of the ipa client to the server says its
On Tuesday, November 11, 2014 2:56 PM, Martin Kosek <mko...@redhat.com> wrote:
On 11/11/2014 06:37 AM, Rolf Nufable wrote:
> or could you guys direct me or guide me on how to deploy this ipa server?
> I've been successful deploying ipa version 3.3.5 before but this 4.0 and
> above series is really giving me a headache
Hm, that is worrying. FreeIPA 4.0+ should definitely not be more difficult to
deploy, on the contrary, it should be much cooler than 3.3.
> On Tuesday, November 11, 2014 1:24 PM, Rolf Nufable
> <rolf_16_nufa...@yahoo.com> wrote:
> well I'll try them now, my sssd config only consists of these lines added to
> the sudo area
> sudo_provider = ldap
> ldap_uri = ldap://myipaserver.example.com
> ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
> ldap_sasl_mech = GSSAPI
> ldap_sasl_authid = host/myipaserver.example.com
> ldap_sasl_realm = EXAMPLE.COM
> krb_server = myipaserver.example.com
BWT, with FreeIPA 4.0+ / RHEL-6.6+ / recent Fedoras you can use "ipa" sudo
provider. Actually, FreeIPA 4.0+ clients do that for you.
More info here:
> plus another question why is it that when I invoke the kinit admin command
> for the kerberos I couldnt access the web UI and keeps asking me to configure
> my web browser ( firefox) though I've already configured it many times..
Are you sure that network.negotiate-auth.trusted-uris in about:config
correctly? Are you saying that your Firefox works with FreeIPA 3.3 server but
not with FreeIPA 4.0+? What is the domain of the FreeIPA 4.0+ server and what
is the setting of network.negotiate-auth.trusted-uris?
In any case, it is still hard to advise as I still did not see any related
logs, error messages or actual real errors preventing you from enrolling
> On Monday, November 10, 2014 8:41 PM, Jakub Hrozek <jhro...@redhat.com> wrote:
> On Mon, Nov 10, 2014 at 12:56:00PM +0100, Martin Kosek wrote:
>> On 11/10/2014 02:05 AM, Rolf
> Nufable wrote:
>>> I have tons of questions on why free ipa wont't work on my network , I've
>>> been using fedora 20 as the os for the server and client free ipa .
>>> I deployed freeipa 4.0.3 at the server side and freeipa 4.1.0 for the
>>> client side using 2 VM's at first it was okay, got it connected and used
>>> ldap to pass sudo for the client side, but when I finally deployed it in
>>> our real network consisting of an esxi server and one work station having
>>> the same versions of free ipa for server and client, the error that I'm
>>> getting is that " the user does not exist " when I invoked the " su - (
>>> user ) " command, so My question is how can I solve this problem?? I've
>>> been at it for 3 weeks now ..
>> I assume this is on Fedora 20, running from the mkosek/freeipa Copr repo. I
>> assume this is a problem in SSSD client part, if the user cannot be found.
>> CCing Lukas and Jakub to advise.
> Sorry, I skipped this thread b/c the subject didn't look like it was
> I think we need to examine SSSD logs...
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project