no problem, thanks for trying! I just figured it out.
yum -y install libsss_sudo fixed it. Should this package be a dependency that
gets pulled in when IPA client is installed? shall I file a bug?
Thanks,
Brian
---
Brian Cook
Solutions Architect, Red Hat, Inc.
407-212-7079
On Mar 21, 2013,
Sorry that's all I have in my notes. I'm sure others will have ideas. Sorry
I couldn't be more help.
Thanks,
_
John Moyer
On Mar 21, 2013, at 11:50 PM, Brian Cook wrote:
> Those packages are installed. The second part is against what I
Those packages are installed. The second part is against what I am trying to
accomplish. My sudo rule is already created in IPA. I just need SSSD to fetch
it.
Thanks,
Brian
On Mar 21, 2013, at 8:37 PM, John Moyer wrote:
> I had sudo issues similar to this, I can't remember the exact fix.
I had sudo issues similar to this, I can't remember the exact fix. I have the
following two things in my notes. The second command would obviously need you
to add the people you want to be able to sudo to the admins group after you add
this.
yum install ipa-client fprintd-pam -y
echo "%admi
Running F18 and following the instructions here:
http://jhrozek.fedorapeople.org/sssd/1.9.1/man/sssd-sudo.5.html
When I try to run sudo -l as any user I get the following error:
bash-4.2$ sudo -l
sudo: Unable to dlopen /usr/lib64/libsss_sudo.so: (null)
sudo: Unable to initialize SSS source. Is SS
- Original Message -
From: "KodaK"
To: "Michael ORourke"
Cc:
Sent: Wednesday, March 20, 2013 8:35 PM
Subject: Re: [Freeipa-users] Mail Challenge Password Reset
On Wed, Mar 20, 2013 at 6:23 PM, Michael ORourke
wrote:
We have a POC with PWM and a testIPA server running freeIPA v2.2.
- Original Message -
From: "Dmitri Pal"
To:
Sent: Wednesday, March 20, 2013 7:29 PM
Subject: Re: [Freeipa-users] Mail Challenge Password Reset
On 03/20/2013 07:23 PM, Michael ORourke wrote:
We have a POC with PWM and a testIPA server running freeIPA v2.2.0.
It is working very well a
On Thu, Mar 21, 2013 at 05:25:57PM -0400, Rob Crittenden wrote:
> > ipa : ERRORUpdate failed: Object class violation: attribute
> > "ipaSELinuxUserMapOrder" not allowed
> >
> >so I suspect there are some problem with our LDAP schema. That might be
> >related to the "No SELinux user
Miller, Kevin R wrote:
There is still and iptables rule set but I disabled the service with a
chkconfig iptables off and a chkconfig ip6tables off. I also did a chkconfig
firewalld off. I just verified that each was still disabled with a service
iptables status and repeated for the other ser
Jan-Frode Myklebust wrote:
On Thu, Mar 21, 2013 at 03:29:38PM +0100, Jakub Hrozek wrote:
I see several failures related to the SELinux processing:
---
(Thu Mar 21 08:23:57 2013) [sssd[be[example.net]]] [ipa_selinux_get_maps_done]
(0x0400): No SELinux user maps found!
(Thu Mar 21 08:23:
On Wed, Mar 20, 2013 at 7:54 PM, Simo Sorce wrote:
> You should have given the pwm user 'password sync' privileges.
> See this: http://www.freeipa.org/page/PasswordSynchronization
I remember what my problem with PWM was now: it wants to go out and
retrieve something from "the cloud" when it runs
On Thu, Mar 21, 2013 at 03:29:38PM +0100, Jakub Hrozek wrote:
>
> I see several failures related to the SELinux processing:
> ---
> (Thu Mar 21 08:23:57 2013) [sssd[be[example.net]]]
> [ipa_selinux_get_maps_done] (0x0400): No SELinux user maps found!
> (Thu Mar 21 08:23:57 2013) [sssd[be[
Miller, Kevin R wrote:
I went down that route because when I run the ipa_client_install it says that
my IPA server is incorrect and to ensure that I have the required ports open. I
disabled iptables and placed selinux into permissive mode. I attempted
externally to connect to the necessary po
Miller, Kevin R wrote:
I am able to connect to the web server (80) from the localhost but that is
because it uses loopback to connect to the ipv6 listener. I can telnet to 389
on localhost but again this is due to loopback.
Right, but what about 127.0.0.1, for example? Or the IPv4 address. I
I'm not sure what happened here. The log dir for pki-ca was completely
empty. I restarted pki-ca, the log files were created, and it appeared
to operate normally.
I rebuilt the box from scratch (just to have a clean start) and
everything came up perfectly fine.
-Patrick
On 2013/20/03 12:54, Ade
On 03/21/2013 01:45 PM, Joseph, Matthew (EXP) wrote:
Hey Rich,
I've changed the password multiple times now and it's still not
accepting the password. I've even set it as simple as password.
I forgot to mention in my initial post that my domain looks more like
this.
Domain1.domain2.ca
So
Hey Rich,
I've changed the password multiple times now and it's still not accepting the
password. I've even set it as simple as password.
I forgot to mention in my initial post that my domain looks more like this.
Domain1.domain2.ca
So my command looks like cn=idmpasssync,cn=users,dc=domain1,dc
On 03/21/2013 01:26 PM, Joseph, Matthew (EXP) wrote:
Hey Rich,
Tried the command you listed below and it says ldap_bind: Invalid
Credentials (49)
This means you have the wrong password.
If I take away the --w 'WindowsIDMPassSyncPW' then it will bring back
the results of the LDAP search.
Hey Rich,
Tried the command you listed below and it says ldap_bind: Invalid Credentials
(49)
If I take away the -w 'WindowsIDMPassSyncPW' then it will bring back the
results of the LDAP search.
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Thursday, March 21, 2013 4:12 PM
To: Joseph,
On 03/21/2013 12:37 PM, Joseph, Matthew (EXP) wrote:
Hello,
I'm currently in the processing of installing/configuring IPA 2.2.0-16
on a Red Hat 6.4 Server and I'm running into some issues trying to
get IPA to replicate to a Windows 2003 SP2 DC.
Here is the steps I took (I used the Red Hat
Miller, Kevin R wrote:
I installed freeipa from the Fedora 18 repo and then ran the
freeipa-server-install with the proper parameters. Installation seems
to be successful but the http (80) and ldap (389) services are not
listening on the ipv4 interface. I confirmed that the /etc/hosts file
cont
Hello,
I'm currently in the processing of installing/configuring IPA 2.2.0-16 on a
Red Hat 6.4 Server and I'm running into some issues trying to get IPA to
replicate to a Windows 2003 SP2 DC.
Here is the steps I took (I used the Red Hat Identity Management Guide)
1) Create idmpasssync u
On Thu, Mar 21, 2013 at 11:39:27PM +0600, Arthur Fayzullin wrote:
> HI!
> I have configured sssd_sudo integration on EL6.4 and it works nice!
> But then I've checked this:
> [afaizullin@domen00 ~]$ sudo package-cleanup --leaves
> [sudo] password for afaizullin:
> Loaded plugins: fastestmirror
> lib
HI!
I have configured sssd_sudo integration on EL6.4 and it works nice!
But then I've checked this:
[afaizullin@domen00 ~]$ sudo package-cleanup --leaves
[sudo] password for afaizullin:
Loaded plugins: fastestmirror
libertas-usb8388-firmware-5.110.22.p23-3.1.el6.noarch
libhugetlbfs-utils-2.12-2.el
I installed freeipa from the Fedora 18 repo and then ran the
freeipa-server-install with the proper parameters. Installation seems to be
successful but the http (80) and ldap (389) services are not listening on the
ipv4 interface. I confirmed that the /etc/hosts file contains a proper entry
t
On Thu, Mar 21, 2013 at 11:43:55AM +0100, Jan-Frode Myklebust wrote:
> On Wed, Mar 20, 2013 at 02:29:07PM +0100, Jakub Hrozek wrote:
> >
> > I think pasting or attaching SSSD logs would be a good start. Can you
> > put debug_level = 6 into your sssd.conf into the [pam] and [domain]
> > sections re
Serverdefault has a hack for supporting nested groups on
RHEL5/apache-2.2 involving a ldap filter using
LDAP_MATCHING_RULE_IN_CHAIN on Active Directory, ref:
http://serverfault.com/a/424706
Does anybody know if a similar filter can be created for an with
IPA/389ds backend ?
-jf
_
On 21.3.2013 10:15, Martin Kosek wrote:
On 03/21/2013 06:59 AM, Brian Cook wrote:
Is there something equivalent to 'getattr' for ipa host-mod?
I see setattr, addattr and delattr but to get attributes you have to do
host-show --all. There is no way to ask for one specific attribute?
I would
On 03/21/2013 06:59 AM, Brian Cook wrote:
> Is there something equivalent to 'getattr' for ipa host-mod?
>
> I see setattr, addattr and delattr but to get attributes you have to do
> host-show --all. There is no way to ask for one specific attribute?
>
> Thanks,
> Brian
>
No, I am afraid ther
29 matches
Mail list logo