Hi Rob,
Thank you for your reply.
I looked it up using both "nslookup" and "host" commands.
Adding idnsname=90.91 filter did not get me wanted results:
# ldapsearch -Y GSSAPI -b
idnsname=0.10.inaddr.arpa.,cn=dns,dc=example,dc=com idnsname=90.91
SASL/GSSAPI authentication started
SASL
Thanks very much John. I will try it.
On Tue, Dec 14, 2021 at 12:41 PM John Desantis
wrote:
> Hello,
>
> Do your AD users in question belong to any IPA groups?
>
> Your symptoms are very similar to the following post:
>
>
Kathy Zhu via FreeIPA-users wrote:
> Hi List,
>
> I created a PTR record "90.91" in "0.10.inaddr.arpa." zone via GUI, then
> found:
>
> 1, I can see the record via GUI
> 2, When I looked it up on the command line, I got "not found: 3(NXDOMAIN)".
How did you look?
> 3, Its dn is not in
In a master/replica freeipa setup with DNSSEC -- is it normal the
"sending notifies" happens forever?
It would appear the master sends a notify for a zone, the replica gets
it, sees an updated SOA, updates itself, sends a notify to the master,
which sees a higher SOA, updates itself, sends a
Hi List,
I created a PTR record "90.91" in "0.10.inaddr.arpa." zone via GUI, then
found:
1, I can see the record via GUI
2, When I looked it up on the command line, I got "not found: 3(NXDOMAIN)".
3, Its dn is not in "ldapsearch -Y GSSAPI -b
idnsname=0.10.inaddr.arpa.,cn=dns,dc=example,dc=com"
Hi all,
Sorry for the reply to an ancient post.
But I thought I share how I finally managed to get xrdp to play nice with
freeipa.
The solution was rather simple.
When in ipa allow_all policy is disabled.
Add xrdep-sesman to the hbac-services then add the service to the
hbac-policy that allows
Hello there,
Something went wrong after recent yum update (CentOS 7)
The current version is 4.6.8-5.el7.centos.9
I have two FreeIPA replicas and one Active Directory agreement (winsync)
Here what i'm getting from cn=replicacn=mapping tree,cn=config
nsds5replicaLastUpdateStart:
Am Tue, Dec 14, 2021 at 01:05:52PM +0100 schrieb Ronald Wimmer via
FreeIPA-users:
> On 10.12.21 09:50, Florence Blanc-Renaud wrote:
> > Hi,
> >
> > You can have a look at
> >
Hello,
Do your AD users in question belong to any IPA groups?
Your symptoms are very similar to the following post:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/VHTB3GR65L77SS7CS5H4GWHRMBIKQWXP/
In a nutshell, AD users would only be seen on clients
Anyone please?. I don't really know how to fix this. Thanks.
On Thu, Dec 9, 2021 at 11:20 AM tizo wrote:
> The scenario is an IPA with an AD trust. The users belong to AD. IPA is a
> Rocky Linux 8, and AD is a Samba 4.14.10 over Rocky Linux 8 too.
>
> We have a couple of IPA host clients to
On 10.12.21 09:50, Florence Blanc-Renaud wrote:
Hi,
You can have a look at
Hi,
In our setup we have a forest root domain. Let's call it mydomain.at
with two subdomains domainone.mydomain.at and domaintwo.mydomain.at.
Users are only located in domainone.mydomain.at. So we disabled
domaintwo.mydomain.at with trustdomain-disable.
Is there any way to prevent the
On Tue, 2021-12-14 at 10:23 +0100, Sumit Bose wrote:
> Am Mon, Dec 13, 2021 at 06:14:13PM - schrieb Sam Morris via FreeIPA-users:
>
> >
> > I've filed https://bugs.debian.org/1001644 to discuss whether pam_sss can
> > be moved before pam_unix in the Debian packaging.
>
> Btw, in RHEL and
Hi John,
thank you for those settings. With the information above we were able to reduce
the login time significantly.
Especially the trustdomain hint of yours is brilliant.
We reduced the login time to consistent 3.5s.
Best,
Georg
___
FreeIPA-users
Am Mon, Dec 13, 2021 at 06:14:13PM - schrieb Sam Morris via FreeIPA-users:
> You're absolutely right. On Debian in /etc/pam.d/common-auth we have:
>
> # here are the per-package modules (the "Primary" block)
> auth[success=2 default=ignore] pam_unix.so nullok
> auth[success=1
15 matches
Mail list logo
