On (16/11/16 11:46), Lachlan Musicman wrote: >I don't know what I've done wrong, but when I use ipa-client-install on a >new host to add to my one way trust domain, I now have a >[domain/shadowutils] stanza. > >This first happened a couple of weeks ago, I saw this bug and thought "it >will be solved soon". > >https://bugzilla.redhat.com/show_bug.cgi?id=1369118 > >The report says it's been resolved in a recent advisory but I'm still >seeing the error. > It was fixed by reverting upstream commit which introduced such seature. https://git.fedorahosted.org/cgit/sssd.git/commit/?id=59744cff6edb106ae799b2321cb8731edadf409a
>Is it because I'm using sssd 1.14.2-1 from COPR instead of the centrally >supplied sssd? > Yes, theis feature is still available in upstream/fedora. A) "domain/shadowutils" should not cause any problems. If yes then it should be also reproducible on fedora please filae a bug. B) It does not happen with SELinux in enforcing mode. Another reason for "setenforce 1" :-) LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project