If you are editing dse.ldif manually while dirsrv is running, do not do
that. Stop the service first and then edit the file.
The service loads dse.ldif into ram upon startup and writes changes made
using ldapmodify out upon being shut down or restarted.
On 9/27/22 15:33, Nick Polites via Free
You might not be able to auto-discover the realm (dns_lookup_realm = true).
Have you tried manually configuring DOMAIN.NET?
[libdefaults]
default_realm = DOMAIN.NET
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
dns_canonicalize_hostname = false
ticket_lifetime = 24h
Change "nsslapd-allow-anonymous-access" to "rootdse" in "cn=config" on all IPA
Servers:
$ ldapmodify -x -D "cn=Directory Manager" -W -h server.example.com -p 389 -ZZ
dn: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: rootdse
___
Jonathan,
You will want to set "nsslapd-allow-anonymous-access" within "cn=config"
to "rootdse":
$ ldapmodify -x -D "cn=Directory Manager" -W -h server.example.com -p
389 -ZZ
dn: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: rootdse
Hi,
Create the file /etc/ipa/server.conf if it is not made:
# touch /etc/ipa/server.conf
Then, edit it so that it has debugging:
[global]
debug=True
Then, restart Apache:
# systemctl restart httpd
After, reproduce the login failure. Once that is done, check the output
of /var/log/httpd
I would start here:
May 30 21:00:06 grover1-prod sshd[87570]: pam_sss(sshd:account): Access denied
for user blahblahusername: 4 (System error)
However, you might want to set 'debug_level = 9' instead. After reproducing
and getting the same error from the system's logs, grep the SSSD domain log
I noticed there is a new logo design on freeipa.org. Is it possible to
get the scalable version of this for a printed banner?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@li
A servers, your clients will have a bad time.
Sent via carrier pigeons
Original message ----
From: Striker Leggette via FreeIPA-users
Date: 6/14/17 8:12 PM (GMT-05:00)
To: FreeIPA users list
Cc: Striker Leggette
Subject: [Freeipa-users] Re: FreeIPA - Active Directory integra
Yes
Sent via carrier pigeons
Original message
From: bogusmaster--- via FreeIPA-users
Date: 6/14/17 6:06 AM (GMT-05:00)
To: freeipa-us...@redhat.com
Cc: bogusmas...@o2.pl
Subject: [Freeipa-users] FreeIPA - Active Directory integration and domain
names
Hi,
I have
It is possible to set up a cron job to do this for you. However, it is
good practice for companies to do this process manually instead of
relying on a script that will run at some point on it's own. Either
way, someone will have to do something to initiate the process.
What I suggest is to k
Hi all,
This is a reminder of the upcoming Linux Fest this weekend (June 9th to
the 11th). We will have two folks manning a table for FreeIPA, showing
off features and spreading the good word while answering questions from
the audience.
If you're in the area, feel free to stop by.
3315 Sco
You can try to force a re-init from the broken server:
# kinit admin
# ipa-replica-manage re-initialize --from workinghost1.example.com
On 06/05/2017 11:07 AM, Bret Wortman via FreeIPA-users wrote:
I've also just realized that replication appears to have ceased; I
have entries in some IPA se
I think your kinit is a little wrong. Try this:
kinit -k /root/cyberj.keytab cyb...@example.com
Otherwise, trace it and you might find out more:
KRB5_TRACE=/dev/stdout kinit -k -t cyberj.keytab cyb...@example.com
On 06/05/2017 10:18 AM, Kat via FreeIPA-users wrote:
Ok, I guess I am not under
Leggette via FreeIPA-users wrote:
ipa-client-install needs to be ran as root or with sudo. Or do you
mean which user can you use when it asks for the admin username?
On 06/04/2017 11:27 AM, Ronald Wimmer via FreeIPA-users wrote:
Which privileges are needed for ipa-client-install? I created a
ipa-client-install needs to be ran as root or with sudo. Or do you mean
which user can you use when it asks for the admin username?
On 06/04/2017 11:27 AM, Ronald Wimmer via FreeIPA-users wrote:
Which privileges are needed for ipa-client-install? I created a user
and gave it host enrollment p
We have documentation that might help:
https://www.freeipa.org/page/V4/FreeIPA_to_FreeIPA_Migration
Is this what you need?
On 06/02/2017 03:22 PM, Adrian HY via FreeIPA-users wrote:
Hi, I need to export an existing user from a freeipa server to another
server, including password. Regards.
FreeIPA has a very well-made and easy to use DNS management GUI that
would serve well as a standalone tool. Are there any plans to fork the
DNS GUI like this for those who would like an easy DNS management
application who do not necessarily need LDAP/PKI/Kerberos/etc.?
--
Striker Leggette
Ide
17 matches
Mail list logo