[Freeipa-users] Re: CentOS to Ubuntu migration

Satish Patel via FreeIPA-users kirjoitti 19.1.2024 klo 0.46: Folks, We are running 4 freeIPA servers on CentOS 7.x in master-master replication and life is good. But now it's time to say goodbye to CentOS. What can I do to migrate them to Ubuntu OS? Can I create one Ubuntu instance with

[Freeipa-users] Re: Seeking an advice on migrating freeipa environment from centos 7 to Almalinux 9

On Пят, 19 сту 2024, Polavarapu Manideep Sai via FreeIPA-users wrote: Hi Team, Seeking an advice on migrating freeipa environment from centos 7 to Almalinux 9 Consider there are 4 servers 1 as IPA master and rest are replicas 1. master.ipa.example.com [centos 7.9 IPA 4.6.8] 2.

[Freeipa-users] Re: Allow users from AD trust to run ipa commands

On Пят, 19 сту 2024, Yuriy Halytskyy via FreeIPA-users wrote: Hi, At first I've just created an external group, added the user, and added that group to a role but that didn't work. Then I stumbled across this while googling: ipa idoverrideuser-add 'Default Trust View' username@DOMAIN And it

[Freeipa-users] Seeking an advice on migrating freeipa environment from centos 7 to Almalinux 9

Hi Team, Seeking an advice on migrating freeipa environment from centos 7 to Almalinux 9 Consider there are 4 servers 1 as IPA master and rest are replicas 1. master.ipa.example.com [centos 7.9 IPA 4.6.8] 2. Replica1.ipa.example.com [centos 7.9 IPA 4.6.8] 3. Replica2.ipa.example.com

[Freeipa-users] Allow users from AD trust to run ipa commands

Hi, At first I've just created an external group, added the user, and added that group to a role but that didn't work. Then I stumbled across this while googling: ipa idoverrideuser-add 'Default Trust View' username@DOMAIN And it works, the user can use IPA commands with AD kerberos ticket and

[Freeipa-users] Re: Number of concurrent connections are decreased by replication.

Hello Rob, Thank you for the reply. I got the logs, as you commeted. = access log [18/Jan/2024:23:34:13.087718471 +] conn=788 fd=258 slot=258 connection from 52.78.30.18 to 34.84.136.11 [18/Jan/2024:23:34:13.088018506 +] conn=788 op=0 EXT oid="1.3.6.1.4.1.1466.20037"

[Freeipa-users] CentOS to Ubuntu migration

Folks, We are running 4 freeIPA servers on CentOS 7.x in master-master replication and life is good. But now it's time to say goodbye to CentOS. What can I do to migrate them to Ubuntu OS? Can I create one Ubuntu instance with freeIPA and join my existing freeIPA cluster and slowly retire old

[Freeipa-users] dirsrv cannot start on new replica server

I'm trying to add a new replica server to an existing FreeIPA domain. It is failing to start dirsrv because there is not enough ramdisk for the db cache. This is still a very small domain with less than one dozen users/hosts.Adding the first replica was not a problem about 5 months ago.

[Freeipa-users] Re: Number of concurrent connections are decreased by replication.

Jaehwan Kim via FreeIPA-users wrote: > Hello Rob, > > I successfully installed a single FreeIPA server with fedora-39-4.11.0 > docker(container) and tested performance with high host_add rate (14 host_add > per min) by about 1K clients. > > Test procedure is like... > First, I added 500 hosts

[Freeipa-users] Re: Upgrade to FreeIPA 4.9.12 on RHEL 8.9 caused web UI login and ipa command to stop working

Paul Nickerson via FreeIPA-users wrote: > I confirmed that users who had an ipaNTSecurityIdentifier attribute could log > in to the web UI, and those that did not have the ipaNTSecurityIdentifier > attribute could not. > > I found the error in /var/log/dirsrv/slapd-SEMI-EXAMPLE-NET/errors like

[Freeipa-users] Re: Create IPA user via LDAP

On Чцв, 18 сту 2024, Ronald Wimmer wrote: On 08.01.24 17:58, Alexander Bokovoy wrote: On Пан, 08 сту 2024, Ronald Wimmer wrote: On 02.01.24 17:57, Ronald Wimmer via FreeIPA-users wrote: On 02.01.24 16:27, Rob Crittenden wrote: Ronald Wimmer via FreeIPA-users wrote: On 14.12.23 14:42,

[Freeipa-users] Re: web login failed after upgrade

On Чцв, 18 сту 2024, 彭勇 via FreeIPA-users wrote: when we upgrade ipa-server-4.9.12-9 to ipa-server-4.9.12-11 on RHEL 8, we can't login to web. the web give me message: “Your session has expired. Please log in again.” Read the thread:

[Freeipa-users] web login failed after upgrade

when we upgrade ipa-server-4.9.12-9 to ipa-server-4.9.12-11 on RHEL 8, we can't login to web. the web give me message: “Your session has expired. Please log in again.” we check the error_log [Thu Jan 18 21:56:42.535394 2024] [auth_gssapi:error] [pid 11025:tid 139639453087488] [client

[Freeipa-users] Re: SSSD LDAP provider fails to fetch nested groups (groups member of groups)

Hi, On Thu, Jan 18, 2024 at 12:03 PM Finn Fysj via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > I'm experiencing problems on my RHEL 9 instance when looking up members of > group using getent group . I can only get users which has > direct access to a group, and no the "user

[Freeipa-users] SSSD LDAP provider fails to fetch nested groups (groups member of groups)

I'm experiencing problems on my RHEL 9 instance when looking up members of group using getent group . I can only get users which has direct access to a group, and no the "user groups" part of the group. My sssd.conf: [domain/] id_provider = ldap auth_provider = ldap chpass_provider = ldap

[Freeipa-users] Re: Freeipa Ansible Galaxy collection - missing idoverride module from community.general collection.

Hi Rafael, thanks much! this was indeed the case. Works like a charm now. -- ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct:

[Freeipa-users] Re: Create IPA user via LDAP

On 08.01.24 17:58, Alexander Bokovoy wrote: On Пан, 08 сту 2024, Ronald Wimmer wrote: On 02.01.24 17:57, Ronald Wimmer via FreeIPA-users wrote: On 02.01.24 16:27, Rob Crittenden wrote: Ronald Wimmer via FreeIPA-users wrote: On 14.12.23 14:42, Alexander Bokovoy wrote: On Чцв, 14 сне 2023,