[Freeipa-users] Re: Help please - Need to install Freeipa client on Fedora 14 talking to FreeIPA server 4.5.0

Aravindh Sampathkumar via FreeIPA-users wrote: > Hello list, > > I'm trying to move from NIS to FreeIPA for authentication in a cluster.  > I already setup FreeIPA server running version 4.5.0 on CentOS 7 and it > works good. I've got a few Centos 7 and Fedora 23 clients talking to it > all good.

[Freeipa-users] Re: user_add post_callback doesn't seem to be called.

On pe, 12 tammi 2018, Bryce Larson via FreeIPA-users wrote: We have function that are supposed to be called in a plugin from a post_callback It's registered with: user.user_add.register_post_callback(useradd_postcallback) The plugin is at

[Freeipa-users] Re: FreeIPA NFS Automount with Kerberos troubleshooting help needed

so why is it working with the home folders then? i thought also this gets fixed by my manual systemctl restart rpc-gssd ? if this is the error i think apparmor is involved in this…. > On 12. Jan 2018, at 18:47, Robbie Harwood wrote: > > jcccb via FreeIPA-users

[Freeipa-users] FreeIPA NFS Automount with Kerberos troubleshooting help needed

> jcccb via FreeIPA-users > > Well this is the source of the problem, isn't it? I don't think NFS > brought up GSSAPI support. > > Thanks, > --Robbie then its an APPARMOR related problem i guess thought i fixed this error with systemctl

[Freeipa-users] user_add post_callback doesn't seem to be called.

We have function that are supposed to be called in a plugin from a post_callback It's registered with: user.user_add.register_post_callback(useradd_postcallback) The plugin is at /usr/lib/python2.7/site-packages/ipaserver/plugins/csAccount.py It doesn't seem to be called at all, it used to. 

[Freeipa-users] Re: FreeIPA NFS Automount with Kerberos troubleshooting help needed

jcccb via FreeIPA-users writes: > Jan 12 15:25:12 nfs_server systemd[1]: Starting Kernel Module supporting > RPCSEC_GSS... > Jan 12 15:25:12 nfs_server systemd[1]: Starting Preprocess NFS > configuration... > Jan 12 15:25:12 nfs_server systemd[1]:

[Freeipa-users] Re: FreeIPA NFS Automount with Kerberos troubleshooting help needed

jcccb via FreeIPA-users writes: > freeipa-server is an fedora27 with selinux active but i cant see any > errors in the logs while restarting autofs service so far What OS/package versions is everything? Thanks, --Robbie signature.asc Description: PGP

[Freeipa-users] Help please - Need to install Freeipa client on Fedora 14 talking to FreeIPA server 4.5.0

Hello list, I'm trying to move from NIS to FreeIPA for authentication in a cluster.I already setup FreeIPA server running version 4.5.0 on CentOS 7 and it works good. I've got a few Centos 7 and Fedora 23 clients talking to it all good. We have a few legacy nodes that *fedora 14* and *fedora 20*

[Freeipa-users] HBAC Lookups by host rather than user/group

Hello. I was curious if there is something built in to FreeIPA (4.5.0 on CentOS) as a whole or if someone has created scripts or the like that perform access rights lookups without doing the typical hbac rule lookups which requires user -> host -> service (as far as I know), where those things

[Freeipa-users] FreeIPA NFS Automount with Kerberos troubleshooting help needed

"getent passwd" gave me on all maschines the same results some logs from the NFS Server= journalctl: Jan 12 14:37:14 nfs_server sssd_be[216]: GSSAPI client step 1 Jan 12 14:37:14 nfs_server sssd_be[216]: GSSAPI client step 1 Jan 12 14:37:14 nfs_server sssd_be[216]: GSSAPI client step 1 Jan 12

[Freeipa-users] Re: FreeIPA NFS Automount with Kerberos troubleshooting help needed

"getent passwd" gave me on all maschines the same results some logs from the NFS Server= journalctl: Jan 12 14:37:14 nfs_server sssd_be[216]: GSSAPI client step 1 Jan 12 14:37:14 nfs_server sssd_be[216]: GSSAPI client step 1 Jan 12 14:37:14 nfs_server sssd_be[216]: GSSAPI client step 1 Jan 12

[Freeipa-users] Re: help : Enrolled a FreeIPA client but unable to login to it via SSH

Aravindh Sampathkumar via FreeIPA-users writes: > localmachine > ssh admin@c10b01 > > It keeps repeating the password prompts in spite of supplying the > correct password. No meaningful errors thrown either. Please increase the verbosity of ssh (i.e., add

[Freeipa-users] Re: ns-slapd hangs for 2-3 minutes, then resumes.

Hi list, Just closing the loop on this one. This issue finally got resolved for us after installing the latest FreeIPA update available for CentOS 7: OS version: CentOS Linux release 7.4.1708 (Core) ipa-server-trust-ad-4.5.0-22.el7.centos.x86_64 ipa-common-4.5.0-22.el7.centos.noarch

[Freeipa-users] Re: ipa: ERROR: Major (851968): Unspecified GSS failure. - before kinit

On 10/01/18 15:53, Alexander Bokovoy wrote: Looks like you are using KEYRING type of Kerberos ccache in both the host and LXCs. KEYRING is not namespaced, so your LXCs are using whatever was put in the KEYRING ccache for the same user (root) on the host. From within LXCs, remove

[Freeipa-users] Re: "certmonger.py", line 317, in request_and_wait_for_cert

On 12/01/18 12:32, Alexander Bokovoy wrote: On pe, 12 tammi 2018, lejeczek via FreeIPA-users wrote: On 11/01/18 18:55, Florence Blanc-Renaud wrote: then the problem you are seeing is probably BZ 14852017 [RFE] If the umask is too restrictive the installation won't work [1] Did you

[Freeipa-users] Re: "certmonger.py", line 317, in request_and_wait_for_cert

On pe, 12 tammi 2018, lejeczek via FreeIPA-users wrote: On 11/01/18 18:55, Florence Blanc-Renaud wrote: then the problem you are seeing is probably BZ 14852017 [RFE] If the umask is too restrictive the installation won't work [1] Did you install the master with a umask different from 022?

[Freeipa-users] help : Enrolled a FreeIPA client but unable to login to it via SSH

Hello list. I'm a new user of FreeIPA trying to use it to manage SSH user authentication in a cluster of CentOS machines. I built a server dedicated to run FreeIPA server and have successfully set it up. I'm able to get the web UI from it, and everything seems as expected based on the docs. I

[Freeipa-users] Re: replica install fails: CA_UNREACHABLE

On 11/01/18 20:28, Rob Crittenden wrote: lejeczek via FreeIPA-users wrote: On 11/01/18 17:12, Florence Blanc-Renaud wrote: I must admit that I'm getting lost among all the errors... Can you summarize your topology (for instance server A installed as first IPA master, then server B

[Freeipa-users] Re: "certmonger.py", line 317, in request_and_wait_for_cert

On 11/01/18 18:55, Florence Blanc-Renaud wrote: then the problem you are seeing is probably BZ 14852017 [RFE] If the umask is too restrictive the installation won't work [1] Did you install the master with a umask different from 022? In this case, some configuration files are probably not

[Freeipa-users] Re: Unable to configure an IPA replica with dns

-Sorry, I clink on reply instead of reply to all Both servers running Centos (7.4, last test from today) [root@gcp-sec-ipamaster-01 ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) IPA packages [root@gcp-dmz-ipareplica-01 ipa]# rpm -qa | grep ipa| sort

[Freeipa-users] Re: Unable to configure an IPA replica with dns

On pe, 12 tammi 2018, Nacho del Rey via FreeIPA-users wrote: Hi list I have spent several days trying to configure a mater<->replica scenario but I'm having a problem with the dns which doesn't allow to me to go ahead I could deploy an IPA server successfully in a Centos 7.3 using the

[Freeipa-users] Unable to configure an IPA replica with dns

Hi list I have spent several days trying to configure a mater<->replica scenario but I'm having a problem with the dns which doesn't allow to me to go ahead I could deploy an IPA server successfully in a Centos 7.3 using the following command ipa-server-install --realm .COM