Great - thank you. That worked.
Unfortunately SELinux creates too much overhead on a subset of our servers,
so we have it disabled.
The most dangerous phrase in the language is, "We've always done it this
- Grace Hopper
On 16 November 2016 at 19:39, Lukas Slebodnik <lsleb...@redhat.com> wrote:
> On (16/11/16 11:46), Lachlan Musicman wrote:
> >I don't know what I've done wrong, but when I use ipa-client-install on a
> >new host to add to my one way trust domain, I now have a
> >[domain/shadowutils] stanza.
> >This first happened a couple of weeks ago, I saw this bug and thought "it
> >will be solved soon".
> >The report says it's been resolved in a recent advisory but I'm still
> >seeing the error.
> It was fixed by reverting upstream commit which
> introduced such seature.
> >Is it because I'm using sssd 1.14.2-1 from COPR instead of the centrally
> >supplied sssd?
> Yes, theis feature is still available in upstream/fedora.
> A) "domain/shadowutils" should not cause any problems.
> If yes then it should be also reproducible on fedora
> please filae a bug.
> B) It does not happen with SELinux in enforcing mode.
> Another reason for "setenforce 1" :-)
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project