Hi All.
We have IPA setup in an AD trust to support our Linux fleet. I’m running into
a problem trying to get Ubuntu (16.04) clients to resolve names/ids on an
NFS-mounted filesystem from an NFS server using NFSv4/krb5. Files and
directories show up as ‘nobody’ or an incorrect numerical ID wh
Aaron Hicks via FreeIPA-users wrote:
> Hi Simo,
>
>> Use ipa-getkeytab on an admin workstation, then securely transfer the keytab
>> to the servers.
>
> We have _many_ hosts in a cluster, so this is not practical on a per host
> basis. I single line command we could bulk execute on each of them
On ti, 24 loka 2017, Steve Dainard wrote:
Hi Alexander,
That makes sense, is there a simple method to test which
ldap_user_extras_attrs sssd is pulling in on the IPA server side (are we
actually pulling in these attributes), and then test from the client side
dbus (list said attributes)?
See St
Hi Simo,
> Use ipa-getkeytab on an admin workstation, then securely transfer the keytab
> to the servers.
We have _many_ hosts in a cluster, so this is not practical on a per host
basis. I single line command we could bulk execute on each of them to retrieve
the key would be preferred.
Regard
Hi Alexander,
That makes sense, is there a simple method to test which
ldap_user_extras_attrs sssd is pulling in on the IPA server side (are we
actually pulling in these attributes), and then test from the client side
dbus (list said attributes)?
Thanks,
Steve
On Tue, Oct 24, 2017 at 9:30 AM, Al
Nicholas Hinds via FreeIPA-users wrote:
> During an upgrade from 4.5.0-21.el7.centos.1.2
> to 4.5.0-21.el7.centos.2.2 on a CentOS 7.4 machine, FreeIPA's DNS server
> briefly returned NXDOMAIN for records which existed in FreeIPA. These
> invalid responses were returned for a very short amount of ti
Oleg Danilovich via FreeIPA-users wrote:
> Hello guys,
> I want deploy freeipa replica. Now my master works on Ubuntu 16.04.
> Master version VERSION: 4.3.1, API_VERSION: 2.164
> Then i try to install replica on ubuntu i get error. I tried to find a
> solution but could not.
It would help if you
During an upgrade from 4.5.0-21.el7.centos.1.2 to 4.5.0-21.el7.centos.2.2
on a CentOS 7.4 machine, FreeIPA's DNS server briefly returned NXDOMAIN for
records which existed in FreeIPA. These invalid responses were returned for
a very short amount of time, but caused long-running issues with Java
cli
Hello guys,
I want deploy freeipa replica. Now my master works on Ubuntu 16.04. Master
version VERSION: 4.3.1, API_VERSION: 2.164
Then i try to install replica on ubuntu i get error. I tried to find a
solution but could not.
I want try to install freeipa replica on centos. Can i use freeipa replica
Kristian Petersen via FreeIPA-users wrote:
> You mentioned that once before, but that path doesn't seem to exist on
> my server for some reason. When I go to /var/log/pki i get:
> -bash-4.2$ cd /var/log/pki/
> -bash-4.2$ ls
> pki-server-upgrade-10.4.1.log pki-upgrade-10.4.1.log server
>
> In
You mentioned that once before, but that path doesn't seem to exist on my
server for some reason. When I go to /var/log/pki i get:
-bash-4.2$ cd /var/log/pki/
-bash-4.2$ ls
pki-server-upgrade-10.4.1.log pki-upgrade-10.4.1.log server
In a previous reply, I ran a command you asked me to that show
Would you look at that! Problem solved.Thanks.
On Tue, Oct 24, 2017 at 12:08 PM, Rob Crittenden
wrote:
> Alexandre Pitre via FreeIPA-users wrote:
> > Hi,
> >
> > I noticed that on FreeIPA 4.5.0 on CentOS I can't specify multiple
> > groups with the sudorule-add-user command.
> >
> > Example:
> >
On ti, 24 loka 2017, Steve Dainard via FreeIPA-users wrote:
Hello,
I'm running a cross-forest trust with RHEL 7 IPA (60 day trial), when I do
an ldapsearch on the AD user against the IPA server I get very few
attributes.
It seems like the sssd option 'ldap_user_extras_attrs' should fetch
additi
That did it, thanks Fraser.
On Fri, Oct 20, 2017 at 5:48 PM, Fraser Tweedale
wrote:
> On Fri, Oct 20, 2017 at 10:59:36AM -0700, Steve Dainard via FreeIPA-users
> wrote:
> > Hello
> >
> > I have a RHEL7 IPA server installed as a subordinate CA. I'd like to be
> > able to add SAN's for a different
Hello,
I'm running a cross-forest trust with RHEL 7 IPA (60 day trial), when I do
an ldapsearch on the AD user against the IPA server I get very few
attributes.
It seems like the sssd option 'ldap_user_extras_attrs' should fetch
additional attributes but I can't seem to get any results. I'm also
Alexandre Pitre via FreeIPA-users wrote:
> Hi,
>
> I noticed that on FreeIPA 4.5.0 on CentOS I can't specify multiple
> groups with the sudorule-add-user command.
>
> Example:
>
> ipa sudorule-add-user sudorule --groups=group1,group2
>
> Failed users/groups:
> member user:
> member gro
Hi,
I noticed that on FreeIPA 4.5.0 on CentOS I can't specify multiple groups
with the sudorule-add-user command.
Example:
ipa sudorule-add-user sudorule --groups=group1,group2
Failed users/groups:
member user:
member group: group1,group2
-
Number of members add
Hi Jakub,
As a follow up, you are correct - neither the primary group or wheel group
that existed in AD needed to be created in IPA.
Thanks
On Fri, Oct 20, 2017 at 1:01 AM, Jakub Hrozek wrote:
> On Thu, Oct 19, 2017 at 05:34:41PM -0700, Steve Dainard wrote:
> > Thanks Jakub and Justin,
> >
> >
On Tue, 2017-10-24 at 16:23 +1300, Aaron Hicks via FreeIPA-users wrote:
> Hello the FreeIPA List,
>
>
>
> We've got a FreeIPA directory set up and running. That's all good.
>
>
>
> The difficult part is that we also have a number (many) of SLE 12 SP2
> hosts
> that need to be enrolled.
>
>
On 10/23/2017 08:59 PM, Bhavin Vaidya via FreeIPA-users wrote:
Hello Rob,
here what we have. Looks like /etc/http/alias certificate is different,
as it is from Sug 03 2014 through Aug 03 2034, which is original date.
If /etc/httpd/alias does not contain the latest IPA CA certificate,
runnin
20 matches
Mail list logo
