[Freeipa-users] Re: HBAC rules / ssh keys for AD users not working right away

Thank you for sharing this hint, I am going to try the upgrade. Can I ask you which version of IPA did you use with that sssd version? Did you upgrade sssd on each type of server (I mean both client and server)? I did a test roll out to just the clients before going to all. We are using the

[Freeipa-users] Re: HBAC rules / ssh keys for AD users not working right away

Thank you for sharing this hint, I am going to try the upgrade. Can I ask you which version of IPA did you use with that sssd version? Did you upgrade sssd on each type of server (I mean both client and server)? Many thanks, Bart ___ FreeIPA-users

[Freeipa-users] Re: HBAC rules / ssh keys for AD users not working right away

> On Thu, Jul 06, 2017 at 02:29:34PM -, bogusmaster--- via FreeIPA-users > wrote: > > > The ipa-client gets all its data from the IPA server and for efficiency > the lookup on the server goes via the SSSD cache on the server. > > While on the client during authentication the user data is

[Freeipa-users] Re: sssd providing dns cache?

On Fri, 7 Jul 2017 08:27:53 + "wouter.hummelink--- via FreeIPA-users" wrote: > No, > I would suggest to add it. > But you can use nscd with [services passwd group netgroup] caches disabled. > I saw the documentation about this on RedHat's wiki,

[Freeipa-users] Modify default dirsrv/LDAP certificate (add SAN)

Hi, I am using FreeIPAv4, some of clients products does not support LDAP failover so i am configuring LDAP loadbalancer based on KeepAlived to do LDAP stream fail-over. I have two FreeIPA server (ds01.xxx & ds02.xxx) and i added one new FreeIPA service LDAP/ldapha.xxx which have two IPs (ds01