Some output from "sudo journalctl -u ipa-custodia"
Sep 08 12:55:18 aus-freeipa1.indeed.net custodia[3038]: 127.0.0.1 - -
[08/Sep/2017 12:55:18] code 403, message Forbidden
Sep 08 12:55:18 aus-freeipa1.indeed.net custodia[3038]: 127.0.0.1 - -
[08/Sep/2017 12:55:18] "GET /keys/ HTTP/1.1" 403 -
Sep
Hello,
I am on CentOS 7.3.1611 running FreeIPA Version 4.4.0
I have the master installed and running:
:; sudo ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service
On 09/08/2017 12:44 PM, Simo Sorce wrote:
Sounds like a nice upgrade :-)
If the data is the same I see no issue on the general approach.
Simo.
Eek is right. Part of why I was hired was to fix a lot of these
bandaids and half-measures done for expediency's sake. The staff here
have been hamp
On Fri, 2017-09-08 at 12:36 -0400, Mark Haney wrote:
> On 09/08/2017 12:10 PM, Simo Sorce wrote:
> > On Fri, 2017-09-08 at 10:06 -0400, Mark Haney via FreeIPA-users
> > wrote:
> > > Probably the dumbest question you'll get all day, but we've got a
> > > hundred or so VMs with OpenLDAP on them (as c
On 09/08/2017 12:10 PM, Simo Sorce wrote:
On Fri, 2017-09-08 at 10:06 -0400, Mark Haney via FreeIPA-users wrote:
Probably the dumbest question you'll get all day, but we've got a
hundred or so VMs with OpenLDAP on them (as clients pointing to a
master). Are there any gotchas to replacing OpenLD
On Fri, 2017-09-08 at 10:06 -0400, Mark Haney via FreeIPA-users wrote:
> Probably the dumbest question you'll get all day, but we've got a
> hundred or so VMs with OpenLDAP on them (as clients pointing to a
> master). Are there any gotchas to replacing OpenLDAP with FreeIPA?
Do you mean that yo
Troels Hansen via FreeIPA-users
writes:
> We have discovered that Hyper-V is a s bad as always and that its
> almost impossible to have a sync'ed hardware and software time, and
> that some servers (still not on IPA) have a time diff of several
> hours.
I don't know what "hardware" and "software
Probably the dumbest question you'll get all day, but we've got a
hundred or so VMs with OpenLDAP on them (as clients pointing to a
master). Are there any gotchas to replacing OpenLDAP with FreeIPA? I'm
using Ansible to push the client install to the VMs, with a task for
uninstalling OpenLDAP
You may want to look at authconfig for doing that in the future, I don't
think it will be overridden on update (that was a bug once I believe), but
running it for some other reason could alter what you intend to be set up.
authconfig maintains a state file in /etc/sysconfig and will set things
as i
On pe, 08 syys 2017, Bart J via FreeIPA-users wrote:
I invoked this command with --external=true, but result is the same:
ipa trust-add --type=ad my.domain.com --admin adminaccount --password
--external=true
Active Directory domain administrator's password:
ipa: ERROR: CIFS server communication
Hey
So looking at the logs, sssd did not get any request.
The solution was to add nss and pam into the sssd section of sssd.conf
[sssd]
services = sudo, ssh, nss, pam
Thanks Kuba for your help! :)
M.
On Fri, Sep 8, 2017 at 10:02 AM, Maciej Drobniuch
wrote:
> This helps.
> Thank you for the l
I invoked this command with --external=true, but result is the same:
ipa trust-add --type=ad my.domain.com --admin adminaccount --password
--external=true
Active Directory domain administrator's password:
ipa: ERROR: CIFS server communication error: code "-1073741801", message
"Memory allocatio
This helps.
Thank you for the link!
M.
On Thu, Sep 7, 2017 at 1:31 PM, Jakub Hrozek via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> On Thu, Sep 07, 2017 at 11:02:50AM +0200, Maciej Drobniuch via
> FreeIPA-users wrote:
> > Hey Freeipa users!
> >
> > Proxmox supports pam logins
13 matches
Mail list logo
