[Freeipa-users] Re: Unable to add AD group to new install

On ke, 20 syys 2017, Bobby Jones via FreeIPA-users wrote: Hi: I am trying to finish my integration of FreeIPA with Active Directory, but when I try to add my group information it fails. # ipa group-add-member ad_admins_external --external 'AD/Domain Admins' member group: AD\Domain Admins:

[Freeipa-users] Unable to add AD group to new install

Hi: I am trying to finish my integration of FreeIPA with Active Directory, but when I try to add my group information it fails. # ipa group-add-member ad_admins_external --external 'AD/Domain Admins' member group: AD\Domain Admins: trusted domain object not found As far as I can tell, I have

[Freeipa-users] Re: Can't log on using password when /tmp is full

On (19/09/17 18:46), Florence Blanc-Renaud via FreeIPA-users wrote: >On 09/18/2017 05:11 PM, Marius Bjørnstad via FreeIPA-users wrote: >> Hi, >> >> When /tmp is full, it is impossible to authenticate with Kerberos. Login >> with password over SSH and sudo don't work. Login with ssh key works

[Freeipa-users] ipa-server-install failing at wait_for_open_ports

Foolishly, I blew up my entire 4.4 on Centos 7.4 environment and I'm trying to get 4.5 working on 7.4. I've been hitting the same exact problem while trying to install freeipa 4.5 on centos 7.4 from scratch and that's at step 6/45 "starting directory server". The following message is what I get

[Freeipa-users] Re: Can't log on using password when /tmp is full

Thanks for the replies. We have migrated most servers to RHEL7. I'll see about configuring the default_ccache_name on those, one way or another. -Marius > 20. sep. 2017 kl. 09.02 skrev Jakub Hrozek via FreeIPA-users > : > > On Tue, Sep 19, 2017 at

[Freeipa-users] Re: How to Setup FreeIPA Services for Mac OS X 10.12

Thanks for your response and time Jason, much appreciated. It sounds like you in fact have almost the opposite symptoms to me, how strange! I did find that ldapsearch using -Y for GSSAPI was failing on Mac until I sorted out the reverse DNS entries for my IPA servers. The symptom was the

[Freeipa-users] LDAP OTP Failure Using Interim BIND

Hi All, Since updating to CentOS 7.4/FreeIPA 4.5 (from 7.3/4.4) I have seen the following fault. IPA user accounts using password+OTP will authenticate *without OTP (only)* when using an interim LDAP BIND configuration. To clarify, I am specifically talking about Cisco ASA device, using a

[Freeipa-users] Re: 7.4 upgrade fails with timeout exceeded

On ke, 20 syys 2017, Lachlan Musicman wrote: Notice that many ports are only available as tcp6 listeners? Like 636 (LDAPS), 389 (LDAP), 80 (HTTP), 443 (HTTPS) and so on? This is an effect of using v6 API that supports v4-mapped-on-v6 addresses. It makes the code less complex and handles with the

[Freeipa-users] IPA Vault Feature

Hi, I read about the vault feature in the documentation and installed the feature on my ipa master (ipa-kra-install). However, when I try to access my vault on an ipa client, I get: ipa: INFO: trying https://ipa2.linux.mydomain.at/ipa/session/json ipa: INFO: trying

[Freeipa-users] Re: Can't log on using password when /tmp is full

On Tue, Sep 19, 2017 at 04:25:21PM -0400, Simo Sorce wrote: > On Tue, 2017-09-19 at 20:27 +0200, Jakub Hrozek via FreeIPA-users > wrote: > > On Mon, Sep 18, 2017 at 05:11:09PM +0200, Marius Bjørnstad via > > FreeIPA-users wrote: > > > Hi, > > > > > > When /tmp is full, it is impossible to

[Freeipa-users] Re: 7.4 upgrade fails with timeout exceeded

On 20 September 2017 at 16:15, Lachlan Musicman wrote: > On 20 September 2017 at 15:54, Alexander Bokovoy > wrote: > >> >> Ok. By the look of this commit (to 4.5): >>> >>> https://pagure.io/freeipa/c/bdf9a34dffdf4d7925208e5df9f69e3927b88858 >>> >>> from

[Freeipa-users] Re: 7.4 upgrade fails with timeout exceeded

On 20 September 2017 at 15:54, Alexander Bokovoy wrote: > > Ok. By the look of this commit (to 4.5): >> >> https://pagure.io/freeipa/c/bdf9a34dffdf4d7925208e5df9f69e3927b88858 >> >> from this issue https://pagure.io/freeipa/issue/7083 >> >> It is (or was) the IPv6 problem.