john.bowman--- via FreeIPA-users wrote:
> Since taking over our FreeIPA environment I've been unable to create a new CA
> replica. A bunch of failed attempts and upgrades over the last year and I
> keep running in to issues. After my latest attempt I noticed something that
> I had not seen
On to, 06 heinä 2017, Robert Sturrock wrote:
Hi Alexander,
On 6 Jul 2017, at 4:55 pm, Alexander Bokovoy wrote:
Can you show 'ipa trust-show staff.localdomain'? It should have list of
additional name suffixes we derive from the AD forest trust. After
releasing 4.4.x we
Hi All,
We have IPA running in a one-way trust with our AD and it’s working well.
However, there are a number of users who belong to an affiliated institution
who are nonetheless present in our AD, but with a different UPN suffix to the
trust domains. The particulars are:
IPA realm:
On 2017-07-06 08:25, Robert Sturrock via FreeIPA-users wrote:
[...]
We have a test IPA server with HBAC allow_all and we can ssh to it reliably as
a regular user, but when we try to ssh as ‘first name.lastname@affiliate’ we
see the following exceptions in /var/log/sssd/krb5_child.log:
[...]
wenxing zheng wrote:
> Thanks to Rob.
>
> We finally got the root cause, it's a bug in the application. Our LDAP
> URL or DN is too long which triggered a bug in the JDK Properties. Java
> Properties doesn't allow the value to be longer than 47, and if the
> length is longer than 47, it will
Hi harald,
Thanks for the update.
Lakshan Jayasekara
Senior Systems Engineer
Mobile: +94 77 294 0396 | Dir: +94 11 235 6949
General:+94 11 235 6949 Ext: 949 | Fax: +94 11 2544346
LankaClear (Pvt) Ltd, Level 18, Bank of Ceylon Head Office,
“BOC Square”, No. 01, Bank of Ceylon Mw, Colombo 01,
On 7 July 2017 at 00:29, bogusmaster--- via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Just to add some example of behaviour I described, I configured an AD user
> group membership and granted him access via HBAC rule. Waited approximately
> for 2 hours and then, all of a