[Freeipa-users] Re: Can't create new CA replica

john.bowman--- via FreeIPA-users wrote: > Since taking over our FreeIPA environment I've been unable to create a new CA > replica. A bunch of failed attempts and upgrades over the last year and I > keep running in to issues. After my latest attempt I noticed something that > I had not seen

[Freeipa-users] Re: Authenticating users with a different UPN suffix in an AD trust configuration

On to, 06 heinä 2017, Robert Sturrock wrote: Hi Alexander, On 6 Jul 2017, at 4:55 pm, Alexander Bokovoy wrote: Can you show 'ipa trust-show staff.localdomain'? It should have list of additional name suffixes we derive from the AD forest trust. After releasing 4.4.x we

[Freeipa-users] Authenticating users with a different UPN suffix in an AD trust configuration

Hi All, We have IPA running in a one-way trust with our AD and it’s working well. However, there are a number of users who belong to an affiliated institution who are nonetheless present in our AD, but with a different UPN suffix to the trust domains. The particulars are: IPA realm:

[Freeipa-users] Re: Authenticating users with a different UPN suffix in an AD trust configuration

On 2017-07-06 08:25, Robert Sturrock via FreeIPA-users wrote: [...] We have a test IPA server with HBAC allow_all and we can ssh to it reliably as a regular user, but when we try to ssh as ‘first name.lastname@affiliate’ we see the following exceptions in /var/log/sssd/krb5_child.log: [...]

[Freeipa-users] Re: Failed to retrieve entry 32

wenxing zheng wrote: > Thanks to Rob. > > We finally got the root cause, it's a bug in the application. Our LDAP > URL or DN is too long which triggered a bug in the JDK Properties. Java > Properties doesn't allow the value to be longer than 47, and if the > length is longer than 47, it will

[Freeipa-users] Re: IPA client configuration fail on AIX client

Hi harald, Thanks for the update. Lakshan Jayasekara Senior Systems Engineer Mobile: +94 77 294 0396 | Dir: +94 11 235 6949 General:+94 11 235 6949 Ext: 949 | Fax: +94 11 2544346 LankaClear (Pvt) Ltd, Level 18, Bank of Ceylon Head Office, “BOC Square”, No. 01, Bank of Ceylon Mw, Colombo 01,

[Freeipa-users] Re: HBAC rules / ssh keys for AD users not working right away

On 7 July 2017 at 00:29, bogusmaster--- via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Just to add some example of behaviour I described, I configured an AD user > group membership and granted him access via HBAC rule. Waited approximately > for 2 hours and then, all of a