[Freeipa-users] Could not chdir to home directory: Permission denied

[Wanderley Teixeira via FreeIPA-users]

I installed the server and client (with --mkhomedir) without issues.
I created a user and tried to ssh and got this error creating directory

ssh us...@ipaclient1.int.example.com
Password:

Could not chdir to home directory /home/user1: Permission denied
-sh: /home/user1/.profile: Permission denied
-sh-4.2$

Any idea what the problem could be here?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: Cannot access Web UI after IPA upgrade to 4.5

[Sigbjorn Lie via FreeIPA-users]

Hi,

I just had the same issue as Gustavo with the webui after upgrading from 7.3 to 
7.4, and came across this thread. Adding the whoami plugin to dse.ldif solved 
the issue.

Thanks.


Regards,
Siggi


> On 9 Aug 2017, at 17:15, Pavel Vomacka via FreeIPA-users 
>  wrote:
> 
> 
> 
> On 08/08/2017 02:03 PM, Gustavo Berman via FreeIPA-users wrote:
>> Pavel,
>> Thanks for the help, that solved the problem. Now I can access the web ui.
> I'm glad that it works again.
>> The upgrade took place yesterday and it was a release upgrade from rhel 7.3 
>> (last update was last week) to rhel 7.4 (so we had a lot of package updates):
>> 
> Thank you for info. I have one additional question: What was the first 
> y-version of RHEL 7 you used? 
> 
>> ID | Command line | Date and time| Action(s)  | 
>> Altered
>> ---
>> 35 | update   | 2017-08-07 09:07 | E, I, O, U |  470 
>> EE
>> 
>> 
>> Acording to yum history info, this are the ipa packages that where updated:
>> Obsoleted   ipa-admintools-4.4.0-14.el7_3.7.noarch   
>>  @rhel7
>> Updated ipa-client-4.4.0-14.el7_3.7.x86_64   
>>  @rhel7
>> Obsoleting  ipa-client-4.5.0-21.el7.x86_64   
>>  @rhel7
>> Updated ipa-client-common-4.4.0-14.el7_3.7.noarch
>>  @rhel7
>> Update4.5.0-21.el7.noarch
>>  @rhel7
>> Updated ipa-common-4.4.0-14.el7_3.7.noarch   
>>  @rhel7
>> Update 4.5.0-21.el7.noarch   
>>  @rhel7
>> Updated ipa-python-compat-4.4.0-14.el7_3.7.noarch
>>  @rhel7
>> Update4.5.0-21.el7.noarch
>>  @rhel7
>> Updated ipa-server-4.4.0-14.el7_3.7.x86_64   
>>  @rhel7
>> Update 4.5.0-21.el7.x86_64   
>>  @rhel7
>> Updated ipa-server-common-4.4.0-14.el7_3.7.noarch
>>  @rhel7
>> Update4.5.0-21.el7.noarch
>>  @rhel7
>> Updated ipa-server-dns-4.4.0-14.el7_3.7.noarch   
>>  @rhel7
>> Update 4.5.0-21.el7.noarch   
>>  @rhel7
>> Updated libipa_hbac-1.14.0-43.el7_3.18.x86_64
>>  @rhel7
>> Update  1.15.2-50.el7.x86_64 
>>  @rhel7
>> Updated python-libipa_hbac-1.14.0-43.el7_3.18.x86_64 
>>  @rhel7
>> Update 1.15.2-50.el7.x86_64  
>>  @rhel7
>> Updated python2-ipaclient-4.4.0-14.el7_3.7.noarch
>>  @rhel7
>> Update4.5.0-21.el7.noarch
>>  @rhel7
>> Updated python2-ipalib-4.4.0-14.el7_3.7.noarch   
>>  @rhel7
>> Update 4.5.0-21.el7.noarch   
>>  @rhel7
>> Updated python2-ipaserver-4.4.0-14.el7_3.7.noarch
>>  @rhel7
>> Update4.5.0-21.el7.noarch
>>  @rhel7
>> Updated sssd-ipa-1.14.0-43.el7_3.18.x86_64   
>>  @rhel7
>> Update   1.15.2-50.el7.x86_64
>>  @rhel7
>> 
>> 
>> Again, thanks for the help!
>> Kind regards
>> 
>> 
>> On Tue, Aug 8, 2017 at 5:51 AM, Pavel Vomacka > > wrote:
>> 
>> 
>> 
>> On 08/07/2017 07:01 PM, Gustavo Berman via FreeIPA-users wrote:
>>> Hello Pavel
>>> 
>>> On Mon, Aug 7, 2017 at 12:40 PM, Pavel Vomacka >> > wrote:
>>> 
>>> Hello Gustavo,
>>> 
>>> From what I can see, the issue would be PROTOCOL ERROR in whoami command. 
>>> Could you please check whether all services running? Please run 
>>> # ipactl status
>>> 
>>> and post the output. 
>>> 
>>> 
>>> # ipactl status
>>> Directory Service: RUNNING
>>> krb5kdc Service: RUNNING
>>> kadmin Service: RUNNING
>>> named Service: RUNNING
>>> httpd Service: RUNNING
>>> ipa-custodia Service: RUNNING
>>> pki-tomcatd Service: RUNNING
>>> ipa-otpd Service: RUNNING
>>> ipa-dnskeysyncd Service: RUNNING
>>> ipa: INFO: The ipactl command was successful
>>> 
>>> 
>>>  
>>> And please could you send me the /etc/named.conf? Especially everything 
>>> after 
>>>  dyndb "ipa"  
>>> line is interesting for us. 
>>> 
>>> This is from /etc/named.conf 
>>> 
>>> options {
>>> // turns on IPv6 for port 53, IPv4 is on by default for all ifaces
>>> listen-on-v6 {any;};
>>> 
>>> // Put files that named is allowed to write in the data/ directory:
>>>

[Freeipa-users] Use TLD or not for freeipa

[Wanderley Teixeira via FreeIPA-users]

I have control of a domain for example example.com

I am designing envs that have a few private zones with dns such as
int.example.com, dev.example.com, stage.example.com and I will control all
these environments from int.example.com

Should I create ipa servers as int.example.com and have ipa servers in
ipa1.int.example.com, ipa2.int.example.com and set domain to example.com
and realm EXAMPLE.com. This way I can add the SRV and TXT entries to my
public DNS records and use domain=example.com and realm=EXAMPLE.com

Is this a good strategy or is there a better way to do this?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: Solaris client proxyDN logins not working

[Jakub Hrozek via FreeIPA-users]

> On 15 Sep 2017, at 01:25, Louis Abel via FreeIPA-users 
>  wrote:
> 
> Thank you for pointing that out. I've put sssd into debug to see what I can 
> find. Is there anything specific I should look for in the logs? Or is there 
> anything specific I can put here. The current set of logs of my login (based 
> on time) is 2643 lines.

Maybe try grepping for errors? grep 0x00 *.log

Or feel free to send the logs to me if you need help.

> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org