On 01.02.24 19:29, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
Is it possible? If yes what needs to be done?
Set nsaccountlock to TRUE/FALSE. This is an operational attribute so
when searching for it you have to specify it as an attribute you want to
see with ldapsearch.
Hello
We have made the recommended changes by updating
ignore_group_members = True
subdomain_inherit = ignore_group members
in the [domain/...] section on IPA servers and clients
and updated
refresh_expired_interval = 4000
Unfortunately we are still unable to log in to IPA clients using AD
On Чцв, 01 лют 2024, Steve Berg via FreeIPA-users wrote:
Is there anyway to just delete all these SID requirements? My ipa
domain doesn't have a trust to anything windows and there's no plan to
ever set that up.
No.
S4U protocol extensions for Kerberos are requiring PAC buffers presence
as
slek kus via FreeIPA-users
writes:
> Hi Rob, unfortunally not. I am honestly out of options here. I must be
> missing something trivial or it is a configuration issue.
...
> On the client:
>
>
> ansible@debclient1:~$ sudo -i
> [sudo] password for ansible:
> ansible is not allowed to run
Is there anyway to just delete all these SID requirements? My ipa
domain doesn't have a trust to anything windows and there's no plan to
ever set that up.
Been trying to add the RID and it fails but doesn't tell me why it failed.
On 2/1/24 11:43, Florence Blanc-Renaud via FreeIPA-users
Ronald Wimmer via FreeIPA-users wrote:
> Is it possible? If yes what needs to be done?
Set nsaccountlock to TRUE/FALSE. This is an operational attribute so
when searching for it you have to specify it as an attribute you want to
see with ldapsearch.
rob
--
Is it possible? If yes what needs to be done?
Cheers,
Ronald
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
Hi,
On Thu, Feb 1, 2024 at 12:51 PM Steve Berg via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Still not working. I do not have any trust set up with any active
> directory currently, we have a AD running on the network but that and my
> ipa domain don't trust each other in
Hi Rob, unfortunally not. I am honestly out of options here. I must be missing
something trivial or it is a configuration issue.
I am clearing the cache of the user on the idm server as the client. Even
removed sssd cache, rebooted both client and idm controllers.
Sudo permission is simply not
Tania Hagan via FreeIPA-users wrote:
> Hi Freeipa Users,
>
> I have upgraded one of my ipa replicas from 4.9.11 to 4.10.2 however I am
> struggling to get pki-tomcatd@pki-tomcat to start both via ipactl start and
> systemctl start pki-tomcatd.
>
> My java/tomcat versions are
>
> Java:
>
Melissa Ferreira da Silva Boiko via FreeIPA-users wrote:
> Hello all.
>
> I'm trying to replace an ancient FreeIPA 4.5.0 master (and primary CA
> master) on CentOS 7.4. I am having problems trying to make replicas
> with FreeIPA 4.11, and past threads suggest the errors are due to
>
slek kus via FreeIPA-users wrote:
> Hi, created an account which is meant to automate things with Ansible AWX.
> Tried to grant this account sudo access to the linux clients but things seem
> not to work out.
>
> Not sure why. hbactests returns OK.
>
>
> [root@idm01 ~]# ipa hbactest
Still not working. I do not have any trust set up with any active
directory currently, we have a AD running on the network but that and my
ipa domain don't trust each other in any way.
Got two idranges setup:
---
Range name: domain_id_range
First Posix ID of the range: 82440
Hi Freeipa Users,
I have upgraded one of my ipa replicas from 4.9.11 to 4.10.2 however I am
struggling to get pki-tomcatd@pki-tomcat to start both via ipactl start and
systemctl start pki-tomcatd.
My java/tomcat versions are
Java:
Idm-pki-java 11.4.2-1.el9
Java-11-openjdk-headless
Hi Freeipa Users,
I have upgraded one of my ipa replicas from 4.9.11 to 4.10.2 however I am
struggling to get pki-tomcatd@pki-tomcat to start both via ipactl start and
systemctl start pki-tomcatd.
My java/tomcat versions are
Java:
Idm-pki-java 11.4.2-1.el9
Java-11-openjdk-headless
Hi Freeipa Users,
I have upgraded one of my ipa replicas from 4.9.11 to 4.10.2 however I am
struggling to get pki-tomcatd@pki-tomcat to start both via ipactl start and
systemctl start pki-tomcatd.
My java/tomcat versions are
Java:
Idm-pki-java 11.4.2-1.el9
Java-11-openjdk-headless
Ok, maybe you are missing some id range...
Let's check this page, just to point in the right direction:
https://www.linuxsysadmins.com/ipa-error-4203-databaseerror/
(I had that error, after a couple of migration: CentOS 7 -> CentOS 8
stream -> RHEL 9).
Briefly:
- "ipa idrange-find" should
17 matches
Mail list logo
