Thanks Jakub and Justin,
It definitely is related to the wheel group. For a quick explanation, the
wheel group exists in AD with a gid of 10 so users who belong to that group
automatically have wheel/sudo perms on EL systems (we use posix attributes
in AD for all our users/groups).
The easy fix
On Thu, Oct 19, 2017 at 10:40:12AM +, Joel Kåberg via FreeIPA-users wrote:
> Hello
>
> I'm trying to sign an CSR which has multiple CN in the certificate
> subject. When the certificate is signed it only contains one CN in
> the subject (should be 2, site1.domain.tld and site2.domain.tld),
>
On to, 19 loka 2017, Chris Dagdigian via FreeIPA-users wrote:
Hi folks,
We have an absurdly complex multi-domain/multi-child AD forrest tied
together on AWS via FreeIPA.
I'm spending a lot of time debugging login issues and the "ipa
hbactest" command is fantastic at "proving" out if
On 10/19/2017 02:14 PM, Jakub Hrozek via FreeIPA-users wrote:
On Tue, Oct 17, 2017 at 02:21:07PM -0700, Steve Dainard via FreeIPA-users wrote:
Hello,
I've installed a 60 day 'self supported' trial of red hat idm on rhel7.
I've created a cross-forest trust with an AD domain (2012R2) which
On Tue, Oct 17, 2017 at 02:21:07PM -0700, Steve Dainard via FreeIPA-users wrote:
> Hello,
>
> I've installed a 60 day 'self supported' trial of red hat idm on rhel7.
> I've created a cross-forest trust with an AD domain (2012R2) which already
> has posix attributes in ldap for users and groups.
>
Hi folks,
We have an absurdly complex multi-domain/multi-child AD forrest tied
together on AWS via FreeIPA.
I'm spending a lot of time debugging login issues and the "ipa hbactest"
command is fantastic at "proving" out if something should or should not
work.
I currently "kinit admin"
New FreeIPA deployment, and i have one server that is not allowing Kerberos
to handle authentication, but instead is prompting for password with a
valid kerberos ticket. All other machines are working normally. I've
double-checked the /etc/ssh/sshd_config file, identical between the one not
I am running into an issue deploying FreeIPA. I am converting from OpenLDAP.
However I have multiple sub-domain under my tld.
So let's say I own example.com
I have multiple zones under that where I have servers sitting. All of these
sub-domains are specific to VLANs as well.
On to, 19 loka 2017, Kees Bakker via FreeIPA-users wrote:
On 19-10-17 15:07, Alexander Bokovoy wrote:
On to, 19 loka 2017, Kees Bakker via FreeIPA-users wrote:
[...]
[18/Oct/2017:11:24:27 +0200] NSMMReplicationPlugin - agmt="cn=meTolinge.ghs.nl"
(linge:389): Replication bind with GSSAPI auth
On 19-10-17 15:07, Alexander Bokovoy wrote:
> On to, 19 loka 2017, Kees Bakker via FreeIPA-users wrote:
>> [...]
>> [18/Oct/2017:11:24:27 +0200] NSMMReplicationPlugin -
>> agmt="cn=meTolinge.ghs.nl" (linge:389): Replication bind with GSSAPI auth
>> resumed
>>
>> Again, I would really appreciate
On to, 19 loka 2017, Kees Bakker via FreeIPA-users wrote:
On 19-10-17 10:03, Kees Bakker via FreeIPA-users wrote:
On 18-10-17 22:57, Robbie Harwood wrote:
Kees Bakker writes:
Since I've setup a replica it gives errors like these:
[17/Oct/2017:11:36:55 +0200] slapd_ldap_sasl_interactive_bind
On to, 19 loka 2017, Bart J via FreeIPA-users wrote:
Hi all,
I set up an instance of FreeIPA server and established trust with AD
domain. I configured AD users and they can successfully log in to the
web UI. Then, I set up a replica. Although the trust is visible for
that instance both in the
On 19-10-17 10:03, Kees Bakker via FreeIPA-users wrote:
> On 18-10-17 22:57, Robbie Harwood wrote:
>> Kees Bakker writes:
>>
>>> Since I've setup a replica it gives errors like these:
>>>
>>> [17/Oct/2017:11:36:55 +0200] slapd_ldap_sasl_interactive_bind - Error:
>>> could not perform interactive
Hi all,
I set up an instance of FreeIPA server and established trust with AD domain. I
configured AD users and they can successfully log in to the web UI. Then, I set
up a replica. Although the trust is visible for that instance both in the web
UI and CLI, AD users cannot log in to it, nor can
Hello
I'm trying to sign an CSR which has multiple CN in the certificate subject.
When the certificate is signed it only contains one CN in the subject (should
be 2, site1.domain.tld and site2.domain.tld), and furthermore only two
alternative names (should be 3 – missing the site2.domain.tld),
On 18-10-17 22:57, Robbie Harwood wrote:
> Kees Bakker writes:
>
>> Since I've setup a replica it gives errors like these:
>>
>> [17/Oct/2017:11:36:55 +0200] slapd_ldap_sasl_interactive_bind - Error: could
>> not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local
>> error)
Kristian Petersen wrote:
I'm still struggling with this one and it seems at least partially
responsible for the UI misbehaving as we discussed in another thread.
Have you had any new insights regarding this?
I'd start with looking at /var/log/pki/pki-tomcat/ca/debug. You want to
find the
17 matches
Mail list logo