[Freeipa-users] Re: several IPA CA certificate entries

On 10/23/2017 08:59 PM, Bhavin Vaidya via FreeIPA-users wrote: Hello Rob, here what we have. Looks like /etc/http/alias certificate is different, as it is from Sug 03 2014 through Aug 03 2034, which is original date. If /etc/httpd/alias does not contain the latest IPA CA certificate,

[Freeipa-users] Re: Enrolling SLE 12 SP2 hosts with FreeIPA

On Tue, 2017-10-24 at 16:23 +1300, Aaron Hicks via FreeIPA-users wrote: > Hello the FreeIPA List, > >   > > We've got a FreeIPA directory set up and running. That's all good. > >   > > The difficult part is that we also have a number (many) of SLE 12 SP2 > hosts > that need to be enrolled. >

[Freeipa-users] ipa sudorule-add-user SUDORULE-NAME doesn't support multiple groups

Hi, I noticed that on FreeIPA 4.5.0 on CentOS I can't specify multiple groups with the sudorule-add-user command. Example: ipa sudorule-add-user sudorule --groups=group1,group2 Failed users/groups: member user: member group: group1,group2 - Number of members

[Freeipa-users] Re: cross-forest trust, client system cannot id AD users.

Hi Jakub, As a follow up, you are correct - neither the primary group or wheel group that existed in AD needed to be created in IPA. Thanks On Fri, Oct 20, 2017 at 1:01 AM, Jakub Hrozek wrote: > On Thu, Oct 19, 2017 at 05:34:41PM -0700, Steve Dainard wrote: > > Thanks

[Freeipa-users] Re: ipa sudorule-add-user SUDORULE-NAME doesn't support multiple groups

Would you look at that! Problem solved.Thanks. On Tue, Oct 24, 2017 at 12:08 PM, Rob Crittenden wrote: > Alexandre Pitre via FreeIPA-users wrote: > > Hi, > > > > I noticed that on FreeIPA 4.5.0 on CentOS I can't specify multiple > > groups with the sudorule-add-user

[Freeipa-users] Re: ipa sudorule-add-user SUDORULE-NAME doesn't support multiple groups

Alexandre Pitre via FreeIPA-users wrote: > Hi, > > I noticed that on FreeIPA 4.5.0 on CentOS I can't specify multiple > groups with the sudorule-add-user command. > > Example: > > ipa sudorule-add-user sudorule --groups=group1,group2 > > Failed users/groups: > member user: > member

[Freeipa-users] Re: Latest updates broke pki-tomcatd

Kristian Petersen via FreeIPA-users wrote: > You mentioned that once before, but that path doesn't seem to exist on > my server for some reason. When I go to /var/log/pki i get: > -bash-4.2$ cd /var/log/pki/ > -bash-4.2$ ls > pki-server-upgrade-10.4.1.log pki-upgrade-10.4.1.log server > > In

[Freeipa-users] Re: Enrolling SLE 12 SP2 hosts with FreeIPA

Aaron Hicks via FreeIPA-users wrote: > Hi Simo, > >> Use ipa-getkeytab on an admin workstation, then securely transfer the keytab >> to the servers. > > We have _many_ hosts in a cluster, so this is not practical on a per host > basis. I single line command we could bulk execute on each of

[Freeipa-users] Re: IPA cross-forest trust, retrieve additional ldap attributes for users

On ti, 24 loka 2017, Steve Dainard wrote: Hi Alexander, That makes sense, is there a simple method to test which ldap_user_extras_attrs sssd is pulling in on the IPA server side (are we actually pulling in these attributes), and then test from the client side dbus (list said attributes)? See

[Freeipa-users] Re: Install replica

Oleg Danilovich via FreeIPA-users wrote: > Hello guys, > I want deploy freeipa replica. Now my master works on Ubuntu 16.04. > Master version VERSION: 4.3.1, API_VERSION: 2.164 > Then i try to install replica on ubuntu i get error. I tried to find a > solution but could not. It would help if