[Freeipa-users] unsubscribr
plz guide me how to unsubscribe from this list ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-users] Re: Sudo command not working
Hi i had this problem too. i studied all of these pages but it doesnt work and i had to stop working with IPA On Mon, 20 Apr 2020, 18:45 Rob Crittenden via FreeIPA-users, < freeipa-users@lists.fedorahosted.org> wrote: > Faraz Younus via FreeIPA-users wrote: > > Hi Team, > > I'm getting error when executing sudo su on client server what can be > > the issue sudo command is there > > > > [faraz.younus@england-web-dev ~]$ sudo su > > > > [sudo] password for faraz.younus: > > > > faraz.younus is not allowed to run sudo on england-web-dev. This > > incident will be reported. > > Start with these: > > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_identity_management/granting-sudo-access-to-an-idm-user-on-an-idm-client_configuring-and-managing-idm > > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/troubleshooting-sudo > > https://docs.pagure.org/SSSD.sssd/users/sudo_troubleshooting.html > > To help we'd need a lot more information: the distro of client and > server, the HBAC settings, what the SUDO rules are, logs, etc. > > rob > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] sudo rule doesn't work
Hi friends i define a SudoRule with this properties: rulename : rsyslog_rule Enabled : true RunAs group Category : All users :user-test hosts: ipacli-irvlt01.mydomain.com sudo Deny Commands : sudo /usr/bin/systemctl restart rsyslog now i login with "user-test" into "ipacli-irvlt01" server and i try to run " sudo /usr/bin/systemctl restart rsyslog" command. i expected to doesnt allow to run this command but no action happend and i could run it!!! why my sudo rule doesnt work? -- this is less /var/log/sssd/sssd_domain.log: (Sun Jan 12 13:59:01 2020) [sssd[be[lshs.dc]]] [orderly_shutdown] (0x0010): SIGTERM: killing children -- this is /var/log/sssd/sssd_sudo.log (Sun Jan 12 13:59:01 2020) [sssd[sudo]] [orderly_shutdown] (0x0010): SIGTERM: killing children -- this is less /var/log/sudo_debug Jan 12 14:19:27 sudo[17370] /etc/sudoers:53 CMNDALIAS ALIAS = COMMAND , COMMAND ARG , COMMAND ARG Jan 12 14:19:27 sudo[17370] -> alias_add @ ./alias.c:120 Jan 12 14:19:27 sudo[17370] -> rcstr_addref @ ./rcstr.c:81 Jan 12 14:19:27 sudo[17370] <- rcstr_addref @ ./rcstr.c:88 := 0x55f2968e7714 Jan 12 14:19:27 sudo[17370] -> rbinsert @ ./redblack.c:177 Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54 Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := -13 Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54 Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := -6 Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54 Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := -6 Jan 12 14:19:27 sudo[17370] -> rotate_right @ ./redblack.c:147 Jan 12 14:19:27 sudo[17370] <- rotate_right @ ./redblack.c:163 Jan 12 14:19:27 sudo[17370] <- rbinsert @ ./redblack.c:265 := 0 Jan 12 14:19:27 sudo[17370] <- alias_add @ ./alias.c:143 := (null) Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> fill_txt @ ./toke_util.c:52 Jan 12 14:19:27 sudo[17370] <- fill_txt @ ./toke_util.c:80 := true Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103 Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132 Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956 Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2968ff550 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103 Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132 Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956 Jan 12 14:19:27 sudo[17370] <-
[Freeipa-users] Re: Ipa user can't login via ssh
I checked it but i couldnt solve it
On Wed, 9 Oct 2019, 12:30 Jakub Hrozek via FreeIPA-users, <
freeipa-users@lists.fedorahosted.org> wrote:
> On Wed, Oct 09, 2019 at 08:45:16AM -, Elhamsadat Azarian via
> FreeIPA-users wrote:
> > ### Request for enhancement
> > as a Linux admin i want to login into my ipa client with a user that is
> defined in ipa-server UI.
> >
> > ### Issue
> > I installed Ipa-server and an Ipa-client on CentOS7.6
> > I defined Internal DNS on ipa-server and i defined A and PTR records for
> client on ipa-server.
> > now i can see my client in ipa-UI and i defined a user with name "elham"
> and i expect that it can login into ipa-client.
> > when i login with root in ipa-client and i do sudo elham, it works and
> kinit elham works too but
> > when i do ssh into ipa-client with this user, it show "Access denied"
> > i have errors with this context:
> > pam_reply : authentication failure to the client
> > pam_sss: authentication falure
> >
> > im tired of this issue. please help me if you know the solution.
>
> Please start here:
> https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
> >
> > Steps to Reproduce
> > 1. define new user "elham" in ipa UI
> > 2. SSH to ipa-client with elham
> > 3. access denied
> >
> > Actual behavior
> > (what happens)
> >
> > Expected behavior
> > login into ipa-client successfully
> >
> > Version/Release/Distribution
> >ipa-server 4.6.5-11.el7
> >ipa-client 4.6.4-10.el7.centos.3
> > Log files and config files are added below:
> >
> >
> >
> > krb5.conf
> >
> > #File modified by ipa-client-install
> >
> > includedir /etc/krb5.conf.d/
> > includedir /var/lib/sss/pubconf/krb5.include.d/
> >
> >
> > [logging]
> > default = FILE:/var/log/krb5libs.log
> > kdc = FILE:/var/log/krb5kdc.log
> > admin_server = FILE:/var/log/kadmind.log
> > [libdefaults]
> > default_realm = LSHS.DC
> > dns_lookup_realm = false
> > dns_lookup_kdc = false
> > rdns = false
> > ticket_lifetime = 24h
> > forwardable = yes
> > allow_weak_crypto = true
> > default_ccache_name = KEYRING:persistent:%{uid}
> >
> > [realms]
> > LSHS.DC = {
> > kdc = ipa-irvlt01.example.dc:88
> > admin_server = ipa-irvlt01.example.dc:749
> > default_domain = example.dc
> > }
> > [domain_realm]
> > .example.com = LSHS.DC
> > example.com = LSHS.DC
> >
> >
> >
> > sssd.conf
> > -
> > [domain/example.dc]
> >
> > cache_credentials = True
> > krb5_store_password_if_offline = True
> > ipa_domain = example.dc
> > id_provider = ipa
> > auth_provider = ipa
> > access_provider = ipa
> > ldap_tls_cacert = /etc/ipa/ca.crt
> > ipa_hostname = ipacli-irvlt01.example.dc
> > chpass_provider = ipa
> > dyndns_update = True
> > ipa_server = _srv_, ipa-irvlt01.example.dc
> > dyndns_iface = ens160
> > dns_discovery_domain = example.dc
> >
> > debug_level = 10
> > [sssd]
> > ### AFTER IPA ###
> > #services = nss, sudo, pam, ssh
> > services = nss, pam
> > config_file_version = 2
> > #
> > domains = example.dc
> >
> > debug_level = 10
> > [nss]
> > homedir_substring = /home
> >
> > [pam]
> > debug_level = 10
> >
> > [sudo]
> >
> > [autofs]
> >
> > [ssh]
> >
> > [pac]
> >
> > [ifp]
> >
> > [secrets]
> >
> > [session_recording]
> >
> > ##
> >
> >
> > ___
> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> > To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> > Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Ipa user can't login via ssh
### Request for enhancement
as a Linux admin i want to login into my ipa client with a user that is defined
in ipa-server UI.
### Issue
I installed Ipa-server and an Ipa-client on CentOS7.6
I defined Internal DNS on ipa-server and i defined A and PTR records for client
on ipa-server.
now i can see my client in ipa-UI and i defined a user with name "elham" and i
expect that it can login into ipa-client.
when i login with root in ipa-client and i do sudo elham, it works and kinit
elham works too but
when i do ssh into ipa-client with this user, it show "Access denied"
i have errors with this context:
pam_reply : authentication failure to the client
pam_sss: authentication falure
im tired of this issue. please help me if you know the solution.
Steps to Reproduce
1. define new user "elham" in ipa UI
2. SSH to ipa-client with elham
3. access denied
Actual behavior
(what happens)
Expected behavior
login into ipa-client successfully
Version/Release/Distribution
ipa-server 4.6.5-11.el7
ipa-client 4.6.4-10.el7.centos.3
Log files and config files are added below:
krb5.conf
#File modified by ipa-client-install
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = LSHS.DC
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
allow_weak_crypto = true
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
LSHS.DC = {
kdc = ipa-irvlt01.example.dc:88
admin_server = ipa-irvlt01.example.dc:749
default_domain = example.dc
}
[domain_realm]
.example.com = LSHS.DC
example.com = LSHS.DC
sssd.conf
-
[domain/example.dc]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.dc
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname = ipacli-irvlt01.example.dc
chpass_provider = ipa
dyndns_update = True
ipa_server = _srv_, ipa-irvlt01.example.dc
dyndns_iface = ens160
dns_discovery_domain = example.dc
debug_level = 10
[sssd]
### AFTER IPA ###
#services = nss, sudo, pam, ssh
services = nss, pam
config_file_version = 2
#
domains = example.dc
debug_level = 10
[nss]
homedir_substring = /home
[pam]
debug_level = 10
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
[secrets]
[session_recording]
##
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] LDAP error while installing IPA client
Hi
i installed ipa server but when i try to install ipa-client, this error was
showed:
Error checking LDAP: Operation error: 04DC: LdapErr: DSID-0C0907c2,
comment: In order to perform this operation a successful bind must be completed
on the connection.
it shows FQDN of my windows DNS Server instead of IPA server FQDN. and produced
an error that is attached.
Additional info:
i have a windows DNS server.
Log file of ipaclient_intsall.log
2019-08-18T10:00:08Z DEBUG Logging to /var/log/ipaclient-install.log
2019-08-18T10:00:08Z DEBUG ipa-client-install was invoked with arguments [] and
options: {'no_dns_sshfp': False, 'force': False, 'verbose': False,
'ip_addresses': None, 'configure_firefox': False, 'realm_name': None,
'force_ntpd': False, 'on_master': False, 'no_nisdomain': False,
'ssh_trust_dns': False, 'principal': None, 'keytab': None, 'no_ntp': False,
'domain_name': None, 'request_cert': False, 'fixed_primary': False, 'no_ac':
False, 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False,
'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': False,
'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False,
'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir': None,
'unattended': False, 'quiet': False, 'nisdomain': None, 'prompt_password':
False, 'host_name': None, 'permit': False, 'automount_location': None,
'preserve_sssd': False, 'mkhomedir': True, 'log_file': None, 'uninstall': False}
2019-08-18T10:00:08Z DEBUG IPA version 4.6.4-10.el7.centos.3
2019-08-18T10:00:08Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2019-08-18T10:00:08Z DEBUG Starting external process
2019-08-18T10:00:08Z DEBUG args=/usr/sbin/selinuxenabled
2019-08-18T10:00:08Z DEBUG Process finished, return code=0
2019-08-18T10:00:08Z DEBUG stdout=
2019-08-18T10:00:08Z DEBUG stderr=
2019-08-18T10:00:08Z DEBUG Starting external process
2019-08-18T10:00:08Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2019-08-18T10:00:08Z DEBUG Process finished, return code=1
2019-08-18T10:00:08Z DEBUG stdout=disabled
2019-08-18T10:00:08Z DEBUG stderr=
2019-08-18T10:00:08Z DEBUG Starting external process
2019-08-18T10:00:08Z DEBUG args=/bin/systemctl is-active chronyd.service
2019-08-18T10:00:08Z DEBUG Process finished, return code=3
2019-08-18T10:00:08Z DEBUG stdout=inactive
2019-08-18T10:00:08Z DEBUG stderr=
2019-08-18T10:00:08Z DEBUG [IPA Discovery]
2019-08-18T10:00:08Z DEBUG Starting IPA discovery with domain=None,
servers=None, hostname=ipacli-irvlt01.shs.dc
2019-08-18T10:00:08Z DEBUG Start searching for LDAP SRV record in "shs.dc"
(domain of the hostname) and its sub-domains
2019-08-18T10:00:08Z DEBUG Search DNS for SRV record of _ldap._tcp.shs.dc
2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp02.shs.dc.
2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp01.shs.dc.
2019-08-18T10:00:10Z DEBUG [Kerberos realm search]
2019-08-18T10:00:10Z DEBUG Search DNS for TXT record of _kerberos.shs.dc
2019-08-18T10:00:10Z DEBUG DNS record not found: NXDOMAIN
2019-08-18T10:00:10Z DEBUG Search DNS for SRV record of _kerberos._udp.shs.dc
2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 88 dc-irvwp01.shs.dc.
2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 88 dc-irvwp02.shs.dc.
2019-08-18T10:00:10Z DEBUG [LDAP server check]
2019-08-18T10:00:10Z DEBUG Verifying that dc-irvwp02.shs.dc (realm None) is an
IPA server
2019-08-18T10:00:10Z DEBUG Init LDAP connection to: ldap://dc-irvwp02.shs.dc:389
2019-08-18T10:00:10Z DEBUG Search LDAP server for IPA base DN
2019-08-18T10:00:10Z DEBUG Check if naming context 'DC=SHS,DC=DC' is for IPA
2019-08-18T10:00:10Z DEBUG Unhandled LDAPError: OPERATIONS_ERROR: {'info':
'04DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation
a successful bind must be completed on the connection., data 0, v2580', 'desc':
'Operations error'}
2019-08-18T10:00:10Z ERROR Error checking LDAP: Operations error: 04DC:
LdapErr: DSID-0C0907C2, comment: In order to perform this operation a
successful bind must be completed on the connection., data 0, v2580
2019-08-18T10:00:10Z DEBUG Cannot connect to LDAP server. Check that minssf is
not enabled
2019-08-18T10:00:10Z DEBUG Assuming realm is the same as domain: SHS.DC
2019-08-18T10:00:10Z DEBUG Generated basedn from realm: dc=shs,dc=dc
2019-08-18T10:00:10Z DEBUG Discovery result: NO_TLS_LDAP; server=None,
domain=shs.dc, kdc=dc-irvwp01.shs.dc,dc-irvwp02.shs.dc, basedn=dc=shs,dc=dc
2019-08-18T10:00:10Z DEBUG Validated servers: dc-irvwp02.shs.dc
2019-08-18T10:00:10Z DEBUG will use discovered domain: shs.dc
2019-08-18T10:00:10Z DEBUG Start searching for LDAP SRV record in "shs.dc"
(Validating DNS Discovery) and its sub-domains
2019-08-18T10:00:10Z DEBUG Search DNS for SRV record of _ldap._tcp.shs.dc
2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp01.shs.dc.
2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389
[Freeipa-users] external DNS
Hi i installed Ipa-server without internal DNS and i set it to user a windows DNS server in network. when install process finished it note that: "please add records in this file to your DNS system" now i dont know what i must do? i must add them into "windows DNS server" or in "Network part of ipa server GUI"? can u tell me what should i do with this file? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] external DNS
Hi i installed Ipa-server without internal DNS and i set it to user a windows DNS server in network. when install process finished it note that: "please add records in this file to your DNS system" now i dont know what i must do? i must add them into "windows DNS server" or in "Network part of ipa server GUI"? can u tell me what should i do with this file? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: freeipa-client-install error
dear friends no one have idea about my problem? i install freeipa server base on a windows DNS server. i mean there was a windows DNS Server and while i was installing freeipa i set resolve.conf and hosts base on this windows DNS. then i installed a freeipa-client on my client server. base on instructions i changed client's resolve.conf to free-ipa IP. (mean i set DNS of my client to free-ipa-server IP) when i did freeipa-client-install it show an error: "Failed to verify that ipa-server.shs.dc is an IPA server. this may mean that the remote server is not up or reachabe due to network settings." in ipaclient-install files: "search DNS for SRV record of _ldap._tcp.shs.dc DNS record not found: timeout." of course i opened all ports in firewall and im sure the server is up. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] freeipa-client-install error
Hi i install freeipa server base on a windows DNS server. i mean there was a windows DNS Server and while i was installing freeipa i set resolve.conf and hosts base on this windows DNS. then i installed a freeipa-client on my client server. base on instructions i changed client's resolve.conf to free-ipa IP. (mean i set DNS of my client to free-ipa-server IP) when i did freeipa-client-install it show an error: "Failed to verify that ipa-server.shs.dc is an IPA server. this may mean that the remote server is not up or reachabe due to network settings." in ipaclient-install files: "search DNS for SRV record of _ldap._tcp.shs.dc DNS record not found: timeout." of course i opened all ports in firewall and im sure the server is up. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Hi
___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] error in FreeIPA UI login page
Dear friends I instalked freeIPA on centos 7 with external DNS and internal CA server. It finished successfuly but with a failed message about installing client components! Anyway i open a web browser and browse freeipa page. It showed and i add exeption for certificate. Then login page appeared. I inserted admin user and pasdword but it showed error. "Invalid CA renewal master. All masters must have CA server role enabled" ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
