Can I please get clarification on a FreeIPA instance (as IdM in RHEL8.3) and
AD's POSIX attributes?
From what I can see, the POSIX attributes - are ignored?
Specifically, when I run
$ id u...@ad.domain.com
$ id -u u...@ad.domain.com
$ id -g u...@ad.domain.com
The POSIX attribute values are
Perfect, thank you.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
Hola,
When I browse to the webUI for IDM, I'm getting nothing.
The http error log is showing:
[Thu Dec 10 15:30:44.429646 2020] [wsgi:error] [pid 1773:tid 139794280646400]
[remote 172.26.33.93:42908] ipa: INFO: [jsonserver_i18n_messages] UNKNOWN:
i18n_messages(version='2.239'): SUCCESS
[Thu
On Wed, 3 Oct 2018 at 09:28, Lachlan Musicman wrote:
> On Wed, 3 Oct 2018 at 08:34, Lachlan Musicman wrote:
>
>> How do I delete a replica from the master if the replica no longer exists?
>>
>> The message I get is "Unable to delete replica hostname; cannot connect
>> to ldaps://hostname:389"
On Thu, 4 Oct 2018 at 23:22, Rob Crittenden via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> As part of a larger IPA "health" checker and driven largely by necessity
> I have the beginning of a certificate checking tool available at
> https://github.com/rcritten/checkcerts
>
>
On Wed, 3 Oct 2018 at 08:34, Lachlan Musicman wrote:
> How do I delete a replica from the master if the replica no longer exists?
>
> The message I get is "Unable to delete replica hostname; cannot connect to
> ldaps://hostname:389"
>
I tried using --force but got
$ ipa-csreplica-manage del
How do I delete a replica from the master if the replica no longer exists?
The message I get is "Unable to delete replica hostname; cannot connect to
ldaps://hostname:389"
cheers
L.
--
'...postwork futures are dismissed with the claim that "it is not in our
nature to be idle", thereby
On 14 August 2018 at 01:38, Hacker Sword via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi Alex,
>
> >The documentation is only conflicting if you are using it in a
> conflicting way.
>
>
> > The choice of Kerberos library is important. Samba AD DC with MIT
> Kerberos still is
On 11 July 2018 at 14:39, Sameer Gurung via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> my IPA server is linserver. IP: 192.168.0.111
> domain is dcs.smcs
>
> on my client machine /etc/resolv.conf
> namserver 192.168.0.111
>
> when i dig linserver.dcs.smcs
>
> I get no result.
On Mon., 18 Jun. 2018, 16:15 Alexander Bokovoy, wrote:
> On ma, 18 kesä 2018, Lachlan Musicman wrote:
> >On 15 June 2018 at 16:03, Alexander Bokovoy wrote:
> >
> >> On pe, 15 kesä 2018, Lachlan Musicman via FreeIPA-users wrote:
> >>
> >>>
>
On 15 June 2018 at 16:03, Alexander Bokovoy wrote:
> On pe, 15 kesä 2018, Lachlan Musicman via FreeIPA-users wrote:
>
>>
>> https://github.com/freeipa/freeipa/pull/1825
>>
>> And from here
>> https://lists.fedorahosted.org/archives/list/freeipa-use
CentOS 7.5
ipa --version VERSION: 4.5.4, API_VERSION: 2.228
When on my replica, and I use
ipa idoverrideuser-find 'Default Trust View' I get the expected
results:
--
1 User ID override matched
--
Anchor to override:
On 6 June 2018 at 11:24, Lachlan Musicman wrote:
> From ipaupgrade.log, the CA isn't coming up?
>
Digging, I found this
Internal Database Error encountered: Could not connect to LDAP server host
vmpr-linuxidm.unix.company.com port 636 Error netscape.ldap.LDAPException:
Unable to create
>From ipaupgrade.log, the CA isn't coming up?
2018-06-06T01:05:40Z DEBUG wait_for_open_ports: localhost [8080, 8443]
timeout 300
2018-06-06T01:05:40Z DEBUG waiting for port: 8080
2018-06-06T01:05:40Z DEBUG Failed to connect to port 8080 tcp on ::1
2018-06-06T01:05:40Z DEBUG Failed to connect to
On 30 May 2018 at 23:58, Alexander Bokovoy via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> On ke, 30 touko 2018, Zak Wolfinger via FreeIPA-users wrote:
>
>> Is it possible to run FreeIPA 4.6.3 on CentOS 7.5 (build 1804)?
>>
>> It appears to me that 4.6.3 is only available in
On Wed, May 16, 2018 at 12:04 PM, Ronald Wimmer via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi,
>>
>> is there a way to configure parameters in sssd.conf when calling
>> ipa-client-install? It would be very helpful to be able to specify these
>> parameters:
>>
>> [sssd]
>>
On 1 May 2018 at 17:40, SOLER SANGUESA Miguel via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> hello,
>
>
>
> I have an IPA master that updated from 4.5.0 (RHEL 7.4) to 4.5.4 (RHEL
> 7.5). An hour later I tried to do the same with the unique replica I have,
> but after update
On 24 April 2018 at 15:43, Lachlan Musicman <data...@gmail.com> wrote:
> On 23 April 2018 at 17:00, Alexander Bokovoy <aboko...@redhat.com> wrote:
>
>> On ma, 23 huhti 2018, Lachlan Musicman via FreeIPA-users wrote:
>>>>
>>>>> Am I making hard wo
On 23 April 2018 at 17:53, Lachlan Musicman <data...@gmail.com> wrote:
> On 23 April 2018 at 17:00, Alexander Bokovoy <aboko...@redhat.com> wrote:
>
>> On ma, 23 huhti 2018, Lachlan Musicman via FreeIPA-users wrote:
>>
>>> Am I making hard work of someth
On 23 April 2018 at 17:00, Alexander Bokovoy <aboko...@redhat.com> wrote:
> On ma, 23 huhti 2018, Lachlan Musicman via FreeIPA-users wrote:
>
>> Am I making hard work of something that is relatively straight forward and
>> solved elsewhere but I've missed?
>>
>&
Not 100% sure where to send this. Am trying to write an Ansible playbook to
install SSSD and enroll the host in a domain.
The problem starts when the host exists in the domain and ipa-client is
already installed.
We can use Ansible's delegate module to remove host from domain enrollment
(would
Has anyone on the list used the FreeIPA Ansible scripts?
https://github.com/freeipa/ansible-freeipa
It looks relatively up to date and functional.
Cheers
L.
--
"The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic civics
is the insistence that we cannot ignore the truth, nor
On 29 March 2018 at 06:45, Jakub Hrozek wrote:
> > On 28 Mar 2018, at 21:20, Rob Crittenden wrote:
> >
> > What COPR is that?
>
> The SSSD team copr:
> https://copr.fedorainfracloud.org/groups/g/sssd/coprs/
>
> Fabiano already built the packages, I just
On 9 March 2018 at 23:28, Jakub Hrozek via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> SSSD 1.16.1
> ===
>
> The SSSD team is proud to announce the release of version 1.16.1 of the
> System Security Services Daemon.
>
> The tarball can be downloaded from
Stupid question, but to stop anyone from logging in anywhere - for instance
during a maintenance period - is there an easy maintenance mode in IPA?
Or is the best method to disable all HBAC rules?
cheers
L.
--
"The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic civics
is the
<http://skype:Trefex?call>
>
>
> This message is confidential and may contain privileged information.
> It is intended for the named recipient only.
> If you receive it in error please notify me and permanently delete the
> original message and any copies.
>
>
>
Hola,
I'm still trying to wrap my head around the master-replica concept.
>From what I read in the documentation (Chapter 4 of
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/
)
the replica should be able
On 4 April 2017 at 17:44, Lukas Slebodnik wrote:
> >>> On Mon, Apr 03, 2017 at 11:00:21AM +1000, Lachlan Musicman wrote:
> >>> >
> >>> > With SSSD/IPA in use, in a one way trust to AD, and AD users have
> spaces
> >>> in
> >>> > their names, libsemanage fails to update:
>
On 27 October 2017 at 07:38, Rob Crittenden <rcrit...@redhat.com> wrote:
> Lachlan Musicman via FreeIPA-users wrote:
>
> >
> > ipa -version
> > VERSION: 4.5.0, API_VERSION: 2.228
>
> It shouldn't be even trying port 7389 with v4.5.0. Very old versions of
&
On 27 October 2017 at 10:32, Lachlan Musicman <data...@gmail.com> wrote:
> On 27 October 2017 at 07:38, Rob Crittenden <rcrit...@redhat.com> wrote:
>
>> Lachlan Musicman via FreeIPA-users wrote:
>> >
>> > When I look at the ID Views in the interface, I
When I first installed our replica, it worked just fine - I could add a
user and see it on the master server. And vice versa.
I recently went back to take a look and make sure everything was working -
and it's not.
ipactl status shows everything is ok. Munge is up. I can ssh hostname
between
On 20 September 2017 at 16:15, Lachlan Musicman wrote:
> On 20 September 2017 at 15:54, Alexander Bokovoy
> wrote:
>
>>
>> Ok. By the look of this commit (to 4.5):
>>>
>>> https://pagure.io/freeipa/c/bdf9a34dffdf4d7925208e5df9f69e3927b88858
>>>
>>> from
On 20 September 2017 at 15:54, Alexander Bokovoy
wrote:
>
> Ok. By the look of this commit (to 4.5):
>>
>> https://pagure.io/freeipa/c/bdf9a34dffdf4d7925208e5df9f69e3927b88858
>>
>> from this issue https://pagure.io/freeipa/issue/7083
>>
>> It is (or was) the IPv6 problem.
On 20 September 2017 at 13:01, Lachlan Musicman wrote:
> https://pagure.io/freeipa/c/bdf9a34dffdf4d7925208e5df9f69e3927b88858
> On 20 September 2017 at 12:30, Fraser Tweedale
> wrote:
>
>>
>> Can you please provide log files? Especially
>>
On 20 September 2017 at 12:30, Fraser Tweedale <ftwee...@redhat.com> wrote:
> On Wed, Sep 20, 2017 at 08:50:03AM +1000, Lachlan Musicman via
> FreeIPA-users wrote:
> > 2017-09-19T22:30:50Z DEBUG wait_for_open_ports: localhost [8080, 8443]
> > timeout 300
> > 2017-09
2017-09-19T22:30:50Z DEBUG wait_for_open_ports: localhost [8080, 8443]
timeout 300
2017-09-19T22:35:51Z ERROR IPA server upgrade failed: Inspect
/var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
2017-09-19T22:35:51Z DEBUG File "/usr/lib/python2.7/site-
What version of IPA is available in 7.4?
cheers
L.
--
"The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic civics
is the insistence that we cannot ignore the truth, nor should we panic
about it. It is a shared consciousness that our institutions have failed
and our ecosystem
On 13 July 2017 at 00:48, bogusmaster--- via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> > On Thu, Jul 06, 2017 at 02:29:34PM -, bogusmaster--- via
> FreeIPA-users wrote:
>
> I have verified that hint. I've stopped sssd daemon, cleared the cache and
> started it back again.
Thank you for sharing this hint, I am going to try the upgrade. Can I ask
you which version of IPA did you use with that sssd version? Did you
upgrade sssd on each type of server (I mean both client and server)?
I did a test roll out to just the clients before going to all. We are using
the
On 7 July 2017 at 00:29, bogusmaster--- via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Just to add some example of behaviour I described, I configured an AD user
> group membership and granted him access via HBAC rule. Waited approximately
> for 2 hours and then, all of a
Bart,
Which versions of SSSD and FreeIPA are you using?
cheers
L.
--
"Mission Statement: To provide hope and inspiration for collective action,
to build collective power, to achieve collective transformation, rooted in
grief and rage but pointed towards vision and dreams."
- Patrisse
Hola,
I have logwatch set up on my server, and there is a stanza in my daily
email called "**Unmatched Entries**", which is filled with lines from
either ipa or sssd:
Failed password for usen...@domain.com from 10.126.67.170 port 57331 ssh2 :
2 time(s)
Accepted password for usen...@domain.com
42 matches
Mail list logo