Am Thu, Jan 27, 2022 at 04:06:19PM -0600 schrieb Russell Jones via
> FreeIPA-users:
> > Hi all,
> >
> > I am very confused on why I am not able to enumerate the group members
> on a
> > centos 8 machine with the above command, but I can on a centos 7 machine.
> >
&
t="cn=meTofreeipa.us.ep.corp.local" (freeipa:389) -
Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid
credentials) ()"
On Fri, Jan 28, 2022 at 9:23 AM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wrote:
> > Thanks,
> >
> > I ended up finding the issue from an
49 AM Florence Blanc-Renaud
wrote:
> Hi,
> you can find troubleshooting tips in
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/trouble-gen-replication
>
> HTH,
> flo
>
> On Thu, Jan 27, 2022
Hi all,
I am very confused on why I am not able to enumerate the group members on a
centos 8 machine with the above command, but I can on a centos 7 machine.
[root@centos8-1 log]# getent group -s sss video
video:x:39:
[root@centos7-n11 log]# getent group -s sss video
video:*:39:
Both are config
Hi all,
I have a setup of 4 FreeIPA servers, version 4.6.5, all on CentOS 7.
I've discovered that #4 is not syncing a new "video" group I created, while
the other 3 all have the group.
When looking at dirsrv error log, I am seeing the following after running
an ipactl stop / ipactl start:
[27/J
Thank you!
It resolved itself before I got a chance to try resubmitting the ID's. :-)
On Mon, Sep 13, 2021 at 9:17 AM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wrote:
> > Hi all,
> >
> > I am not sure what to do with these below errors. Are they relate
Hi all,
I am not sure what to do with these below errors. Are they related to my
failed replica that I rebuilt and resynced, and as a result can be ignored?
All the current certificates seem to be healthy.
Thanks for the insight!
WARNING:
ipahealthcheck.ipa.certs.IPACertmongerExpirationCheck.20
working and non-working server to see
> if they match.
>
> rob
>
> >
> > On Thu, Sep 2, 2021 at 4:03 PM Rob Crittenden > <mailto:rcrit...@redhat.com>> wrote:
> >
> > Russell Jones via FreeIPA-users wrote:
> > > Hi all,
> >
2, 2021 at 4:03 PM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wrote:
> > Hi all,
> >
> > I have a replica that, while offline due to maintenance, some
> > certificates appear to have been auto renewed. Upon bringing the node
> > back online the ipa-
Hi all,
I have a replica that, while offline due to maintenance, some certificates
appear to have been auto renewed. Upon bringing the node back online the
ipa-healthcheck script showed several errors that were fixed by
re-initializing the replica.
However, the following errors were not fixed by
Use a bash script to do so. ipa-server-install . -p ${PASSWD}
On Thu, Mar 25, 2021 at 4:49 AM Dominik Vogt via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> We want to generate the initial passwords at random. Is there a
> non-interactive method of telling ipa-server-instal
rget: cn=*,cn=automember rebuild membership,cn=tasks,cn=config
>> ipaPermLocation: cn=tasks,cn=config
>> [root@freeipa4 ~]#
>>
>> On Thu, Feb 6, 2020 at 1:30 PM Rob Crittenden
>> wrote:
>>
>>> Russell Jones via FreeIPA-users wrote:
>&g
Thanks! We want to auth with password though. Just found in the docs where
it says NIS auth requires the hash to be set to crypt, so we are abandoning
this idea.
On Thu, Feb 6, 2020, 4:00 PM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wrote:
> > I have a client bound t
I have a client bound to FreeIPA using NIS, however when doing a "ypcat
passwd" the password fields are an asterisk (*) instead of a password hash.
The NIS integration docs are a bit sparse - am I missing something to allow
NIS clients to authenticate against FreeIPA as an actual NIS client? Is
th
er rebuild membership,cn=tasks,cn=config
> ipaPermLocation: cn=tasks,cn=config
> [root@freeipa4 ~]#
>
> On Thu, Feb 6, 2020 at 1:30 PM Rob Crittenden wrote:
>
>> Russell Jones via FreeIPA-users wrote:
>> > I have followed this documentation for enabling an automount to s
; output.txt
Enter LDAP Password:
[root@freeipa4 ~]# grep -i "cn=config" output.txt
ipaPermTarget: cn=*,cn=automember rebuild membership,cn=tasks,cn=config
ipaPermLocation: cn=tasks,cn=config
[root@freeipa4 ~]#
On Thu, Feb 6, 2020 at 1:30 PM Rob Crittenden wrote:
> Russell Jones via
I have followed this documentation for enabling an automount to show up for
a NIS client that is bound to FreeIPA, and it worked as expected and the
NIS client can see the automount:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_
Thanks! I just found an answer, enumeration isn't enabled in SSSD by
default. Turning this option on allows finger to match the extra fields
properly.
https://access.redhat.com/solutions/730033
On Thu, Jan 30, 2020 at 12:20 PM Rob Crittenden wrote:
> Russell Jones via FreeIPA-use
Hi all,
I have client machines bound to my FreeIPA domain correctly as best I can
tell. I have noticed however that the "finger" command appears to not be
matching on user's names anymore like it does with my older NIS clients.
Finger appears to only work when passing it the actual username of a u
Hi all,
I have ran into a bit of a surprise (for me anyway). After adding a second
NIC to my FreeIPA server in order to provide IPA services for the same
realm to a second network, I am unable to join clients to it and am getting
the following error:
2020-01-29T19:15:55Z DEBUG stderr=
2020-01-29T
g in the two servers due to one being seen from
autodiscovery, and the other being manually defined.
Thanks for the insight!
On Wed, Jan 29, 2020 at 11:34 AM Florence Blanc-Renaud
wrote:
> On 1/29/20 3:54 PM, Russell Jones via FreeIPA-users wrote:
> > Hi Rob,
> >
> > Thanks
er = _srv_, freeipa3.*
> dns_discovery_domain =
> autofs_provider = ipa
> ipa_automount_location = default
> [sssd]
> services = nss, sudo, pam, autofs, ssh
> domains =
> [nss]
> homedir_substring = /home
> [pam]
> [sudo]
> [autofs]
> [ssh]
> [pac]
>
I'm running "ipa-client-install --force-join --no-nisdomain -U", and it
auto discovers my freeipa servers, but places both _srv_ and the first
server under the "ipa_server" line. This results in the first server being
listed twice when running "sssctl domain-status".
Is this expected behavior? Is
Ah I see now. Adding --raw to the end of the privilege-show CLI command
shows me that the admins group is a member of that privilege.
Thank you!
On Thu, Oct 10, 2019 at 10:36 AM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wrote:
> > Hi all,
> >
> > I am still
Hi all,
I am still exploring my default setup, and have noticed that while the
"admin" user is a part of the admins and trust admins group, neither the
user nor those groups have any roles defined on them that I can see.
Where is this special username getting its permissions from?
Thanks for th
That makes sense. Thank you!
On Wed, Oct 9, 2019 at 1:02 PM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wrote:
> > Hi all,
> >
> > I am in the beginning stages of researching moving from NIS to FreeIPA.
> > I am running through the workshop on the Fr
Hi all,
I am in the beginning stages of researching moving from NIS to FreeIPA. I
am running through the workshop on the FreeIPA github, and am having
difficulty understanding the difference between categories and groups.
For example, I have one HBAC rule that came pre-defined on my FreeIPA
serve
27 matches
Mail list logo