Thanks Jakub and Justin,
It definitely is related to the wheel group. For a quick explanation, the
wheel group exists in AD with a gid of 10 so users who belong to that group
automatically have wheel/sudo perms on EL systems (we use posix attributes
in AD for all our users/groups).
The easy fix s
On Thu, Oct 19, 2017 at 10:40:12AM +, Joel Kåberg via FreeIPA-users wrote:
> Hello
>
> I'm trying to sign an CSR which has multiple CN in the certificate
> subject. When the certificate is signed it only contains one CN in
> the subject (should be 2, site1.domain.tld and site2.domain.tld),
> a
Jeremy Utley writes:
> New FreeIPA deployment, and i have one server that is not allowing
> Kerberos to handle authentication, but instead is prompting for
> password with a valid kerberos ticket. All other machines are working
> normally. I've double-checked the /etc/ssh/sshd_config file,
> ide
On to, 19 loka 2017, Chris Dagdigian via FreeIPA-users wrote:
Hi folks,
We have an absurdly complex multi-domain/multi-child AD forrest tied
together on AWS via FreeIPA.
I'm spending a lot of time debugging login issues and the "ipa
hbactest" command is fantastic at "proving" out if somethi
On 10/19/2017 02:14 PM, Jakub Hrozek via FreeIPA-users wrote:
On Tue, Oct 17, 2017 at 02:21:07PM -0700, Steve Dainard via FreeIPA-users wrote:
Hello,
I've installed a 60 day 'self supported' trial of red hat idm on rhel7.
I've created a cross-forest trust with an AD domain (2012R2) which alread
On Tue, Oct 17, 2017 at 02:21:07PM -0700, Steve Dainard via FreeIPA-users wrote:
> Hello,
>
> I've installed a 60 day 'self supported' trial of red hat idm on rhel7.
> I've created a cross-forest trust with an AD domain (2012R2) which already
> has posix attributes in ldap for users and groups.
>
Hi folks,
We have an absurdly complex multi-domain/multi-child AD forrest tied
together on AWS via FreeIPA.
I'm spending a lot of time debugging login issues and the "ipa hbactest"
command is fantastic at "proving" out if something should or should not
work.
I currently "kinit admin" befo
New FreeIPA deployment, and i have one server that is not allowing Kerberos
to handle authentication, but instead is prompting for password with a
valid kerberos ticket. All other machines are working normally. I've
double-checked the /etc/ssh/sshd_config file, identical between the one not
worki
I am running into an issue deploying FreeIPA. I am converting from OpenLDAP.
However I have multiple sub-domain under my tld.
So let's say I own example.com
I have multiple zones under that where I have servers sitting. All of these
sub-domains are specific to VLANs as well.
mgt.$DC.example.co
On to, 19 loka 2017, Kees Bakker via FreeIPA-users wrote:
On 19-10-17 15:07, Alexander Bokovoy wrote:
On to, 19 loka 2017, Kees Bakker via FreeIPA-users wrote:
[...]
[18/Oct/2017:11:24:27 +0200] NSMMReplicationPlugin - agmt="cn=meTolinge.ghs.nl"
(linge:389): Replication bind with GSSAPI auth r
On 19-10-17 15:07, Alexander Bokovoy wrote:
> On to, 19 loka 2017, Kees Bakker via FreeIPA-users wrote:
>> [...]
>> [18/Oct/2017:11:24:27 +0200] NSMMReplicationPlugin -
>> agmt="cn=meTolinge.ghs.nl" (linge:389): Replication bind with GSSAPI auth
>> resumed
>>
>> Again, I would really appreciate i
On to, 19 loka 2017, Kees Bakker via FreeIPA-users wrote:
On 19-10-17 10:03, Kees Bakker via FreeIPA-users wrote:
On 18-10-17 22:57, Robbie Harwood wrote:
Kees Bakker writes:
Since I've setup a replica it gives errors like these:
[17/Oct/2017:11:36:55 +0200] slapd_ldap_sasl_interactive_bind
On to, 19 loka 2017, Bart J via FreeIPA-users wrote:
Hi all,
I set up an instance of FreeIPA server and established trust with AD
domain. I configured AD users and they can successfully log in to the
web UI. Then, I set up a replica. Although the trust is visible for
that instance both in the we
On 19-10-17 10:03, Kees Bakker via FreeIPA-users wrote:
> On 18-10-17 22:57, Robbie Harwood wrote:
>> Kees Bakker writes:
>>
>>> Since I've setup a replica it gives errors like these:
>>>
>>> [17/Oct/2017:11:36:55 +0200] slapd_ldap_sasl_interactive_bind - Error:
>>> could not perform interactive b
Hi all,
I set up an instance of FreeIPA server and established trust with AD domain. I
configured AD users and they can successfully log in to the web UI. Then, I set
up a replica. Although the trust is visible for that instance both in the web
UI and CLI, AD users cannot log in to it, nor can
Hello
I'm trying to sign an CSR which has multiple CN in the certificate subject.
When the certificate is signed it only contains one CN in the subject (should
be 2, site1.domain.tld and site2.domain.tld), and furthermore only two
alternative names (should be 3 – missing the site2.domain.tld),
On 18-10-17 22:57, Robbie Harwood wrote:
> Kees Bakker writes:
>
>> Since I've setup a replica it gives errors like these:
>>
>> [17/Oct/2017:11:36:55 +0200] slapd_ldap_sasl_interactive_bind - Error: could
>> not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local
>> error) (SA
Kristian Petersen wrote:
I'm still struggling with this one and it seems at least partially
responsible for the UI misbehaving as we discussed in another thread.
Have you had any new insights regarding this?
I'd start with looking at /var/log/pki/pki-tomcat/ca/debug. You want to
find the lates
john.bowman--- via FreeIPA-users wrote:
After a crash of one of our IPA servers this morning I noticed that two of the
6 IPA servers we use have an old replica listed. It was part of a previous
failed install attempt. Normally in this situation I would use the clean-ruv
but the replica does
19 matches
Mail list logo