[Freeipa-users] Re: Can’t SSH with AD user to freeipa joined Centos client

The client is in the IPA domain. Although it's sub-domain of ad.com, I did delegate it and configure the IPA servers as name servers. It uses a different domain suffix than ipa realm which was specified by ipa-client-install: ipa-client-install -U -p admin -w Passw0rd! --enable-dns-updates

[Freeipa-users] Re: Cannot access Web UI after IPA upgrade to 4.5

Hello Pavel On Mon, Aug 7, 2017 at 12:40 PM, Pavel Vomacka wrote: > > Hello Gustavo, > From what I can see, the issue would be PROTOCOL ERROR in whoami command. > Could you please check whether all services running? Please run > # ipactl status > > and post the output. > >

[Freeipa-users] Re: Can’t SSH with AD user to freeipa joined Centos client

> On 7 Aug 2017, at 18:11, Alexandre Pitre wrote: > > Clearing the sssd cache make the AD login works for a short while, it's > probably not necessary nor "production" ready. Looking at > /var/log/sssd/sssd_domain.ad.com . Sure, but

[Freeipa-users] Re: Can’t SSH with AD user to freeipa joined Centos client

Clearing the sssd cache make the AD login works for a short while, it's probably not necessary nor "production" ready. Looking at /var/log/sssd/ sssd_domain.ad.com. I do see offline messages: (Mon Aug 7 15:19:47 2017) [sssd[be[domain.ad.com]]] [sdap_id_op_connect_done] (0x0020): Failed to

[Freeipa-users] Re: ipa-getcert and java certstore/keytool

Jochen Hein wrote: > Jochen Hein via FreeIPA-users > writes: > >> Rob Crittenden via FreeIPA-users >> writes: >> >>> So theoretically certmonger could for example, track PEM files in the >>> filesystem and upon renewal

[Freeipa-users] Re: Correcting errors in the CA master certificate

Scott Stevson via FreeIPA-users wrote: > Hi all, > > We run IPA 3.0.0 and have a cert on the CA master expiring in about 10 days. > The problem is that we mistakenly provisioned the last cert using an old > hostname which means that automatically renewing the cert fails, and the IPA > cert

[Freeipa-users] Cannot access Web UI after IPA upgrade to 4.5

Hi there, Today we upgraded to the latest IPA 4.5, log says it upgraded just fine, ipa seems to authenticate allright, but web ui fails with: Operations ErrorSome operations failed.an internal error has occurred And the details it shows when I press the OK button are: Runtime error Web UI got

[Freeipa-users] Re: Trying To Connect FreeIPA with OKTA/OneLogin/Bitium

Hi all, Anybody having this issue? Thanks in advance! GUILLERMO FUENTES SENIOR SYSTEMS ADMINISTRATOR T: 561-880-2998 x1337 E: guillermo.fuen...@modmed.com [image: [ Modernizing Medicine ]] [image: [ Facebook ]] [image:

[Freeipa-users] Re: Unable to SSH into Linux machine using AD user

> On 7 Aug 2017, at 10:42, Supratik Goswami wrote: > > SSSD version: sssd-1.13.0-40.7.amzn1.x86_64 > Linux OS: Amazon Linux > > I am seeing only these messages repeated continuously. > > (Mon Aug 7 08:37:49 2017) [sssd[be[ipa.corp.example.com >

[Freeipa-users] Re: SUDO Rules not getting processed

Hi, Thanks for the reply. I would like to mention you that the same Configuration on Ubuntu 16.04 with the same sudo version is processing the sudo rules and users are able to execute the sudo commands. So if it is an issue with sudo, then is the fix to issue is to update the sudo to a higher

[Freeipa-users] Re: Unable to SSH into Linux machine using AD user

On (07/08/17 11:08), Supratik Goswami via FreeIPA-users wrote: >Hi > >I am using trust between AD and IPA > >AD domain: ad.corp.example.com >IPA domain: ipa.corp.example.com > >I am able to login using SSH to the IPA server using the AD user, when I am >trying to login using >SSH to the Linux

[Freeipa-users] Re: SUDO Rules not getting processed

Hello Team, Have checked all the logs, and the SSSD Logs are saying that it is processing the sudo rules which I have configured on my FreeIPA Server. However if I run sudo commands on my client, it is giving me the message that the user is not in sudoers file. Is it an issue with my SUDO

[Freeipa-users] Re: Unable to SSH into Linux machine using AD user

SSSD version: sssd-1.13.0-40.7.amzn1.x86_64 Linux OS: Amazon Linux I am seeing only these messages repeated continuously. (Mon Aug 7 08:37:49 2017) [sssd[be[ipa.corp.example.com]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path

[Freeipa-users] Re: Unable to SSH into Linux machine using AD user

Which sssd version is this on what OS? stracing the sssd processes might help, using this in the [domain] section: command = strace -ff -o /tmp/sssd_be_strace /usr/libexec/sssd/sssd_be --debug-level=10 --domain ipa.example.com --uid=0 --gid=0 (You’d need to substitute ipa.example.com

[Freeipa-users] Re: Failed Upgrade?

On 08/04/2017 11:02 PM, Ian Harding via FreeIPA-users wrote: On 8/4/17 2:16 AM, Florence Blanc-Renaud wrote: On 08/03/2017 11:13 PM, Ian Harding via FreeIPA-users wrote: On 08/03/2017 12:28 AM, Florence Blanc-Renaud wrote: On 08/02/2017 11:51 PM, Ian Harding via FreeIPA-users wrote: On

[Freeipa-users] Re: Unable to SSH into Linux machine using AD user

Hi Jakub /tmp directory has permission drwxrwxrwt 7 root root 4096 Aug 7 05:46 /tmp On Mon, Aug 7, 2017 at 11:57 AM, Jakub Hrozek wrote: > > > On 7 Aug 2017, at 07:38, Supratik Goswami via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > > > > > > Judging

[Freeipa-users] Re: FreeIPA AD Trust. Clarifying Doubts before I proceed

> On 7 Aug 2017, at 07:01, Sameer Gurung via FreeIPA-users > wrote: > > Hi All, > > I have a network consisting of both windows and linux clients running windows > server 2008 (active directory) and centos 7 (freeipa). Obviously, the windows > clients