Am Thu, Apr 25, 2024 at 03:03:41PM - schrieb slek kus via FreeIPA-users:
> Hi, the only replica cannot retrieve AD trust users (one way trust). Trust
> agent had been installed on this replica.
> I noticed this issue, since clients that point to the replica started to fail
> authenticating
Am Fri, Apr 19, 2024 at 05:03:46PM + schrieb Carlos Lopez:
> Of course. Here it is:
>
> # PAM configuration for the Secure Shell service
>
> # Standard Un*x authentication.
> @include common-auth
>
> # Disallow non-root logins when /etc/nologin exists.
> accountrequired
Am Fri, Apr 19, 2024 at 08:56:36AM + schrieb Carlos Lopez via FreeIPA-users:
> Good morning,
>
> I have configured some Ubuntu clientes to authenticate via Kerberos against
> my RHEL9 IdM server. Everything works correctly: clients are authenticated,
> etc.
>
> The problem comes when a
Am Sun, Mar 10, 2024 at 04:46:45PM +0200 schrieb Alexander Bokovoy via
FreeIPA-users:
> On Суб, 09 сак 2024, Jonathan Calmels via FreeIPA-users wrote:
> > Thanks for the detailed answer, glad we didn't miss anything obvious.
> > I just want to add a bit more clarification on what we were
Am Wed, Dec 13, 2023 at 11:49:00PM + schrieb Ostrom, Erik via FreeIPA-users:
> Hi,
>
> I'm having some issues ssh'ing as an AD user to a freeipa client, but I can
> successfully ssh as the same user to the IPA master.
> Our IPA domain, ipa.subdomain.contoso.com, is set up with a one-way
Am Tue, Sep 19, 2023 at 01:52:13PM - schrieb Jeremy Tourville via
FreeIPA-users:
> At one point we tried working with the id view feature in IPA. As a
> result of that, our user group now shows up like this:
> 861201183(xt...@gsil.org). Prior to the change in IPA this group
> showed up as
Am Mon, Sep 18, 2023 at 03:55:32PM - schrieb Sirio Sannipoli via
FreeIPA-users:
> Hello everyone,
> I've already done searches without success, I need someone to point me
> in the direction of resolving a strange behavior I'm experiencing on
> servers with the RedHat/Centos operating system.
Am Mon, Sep 18, 2023 at 11:34:28AM -0400 schrieb Ranbir via FreeIPA-users:
> Hello Everyone,
>
> Is there a flag to disable all caching in sssd? I know we shouldn't
> disable the various caches. However, I'm working on isolating a problem
> we're seeing between our firewall and AD.
Hi,
no,
Am Sat, Jul 01, 2023 at 03:08:51PM +0200 schrieb Harald Dunkel via
FreeIPA-users:
> Hi folks,
>
> still trying to migrate from Centos7 to 8 I get an error message
> from ipa-replica-install on the first CentOS 8 host saying
>
> :
> Finalize replication settings
> Restarting
Am Wed, Jun 28, 2023 at 08:03:58AM +0200 schrieb Francis Augusto
Medeiros-Logeay via FreeIPA-users:
>
>
> > On 28 Jun 2023, at 07:50, Sumit Bose via FreeIPA-users
> > wrote:
> >
> > Am Wed, Jun 28, 2023 at 07:23:58AM +0200 schrieb Francis Augusto
> > Mede
Am Wed, Jun 28, 2023 at 07:23:58AM +0200 schrieb Francis Augusto
Medeiros-Logeay:
>
>
> > On 23 Jun 2023, at 10:52, Sumit Bose via FreeIPA-users
> > wrote:
> >
> > Am Fri, Jun 23, 2023 at 09:03:55AM +0200 schrieb Francis Augusto
> > Medeiros-Logeay via Fr
a FreeIPA-users:
> >> Hi Sumit,
> >>
> >>> On 23 Jun 2023, at 10:52, Sumit Bose via FreeIPA-users
> >>> wrote:
> >>>
> >>>>
> >>>> No. The users are the same on both - same uid, gid, etc, but no
> >>&
Am Tue, Jun 27, 2023 at 01:32:12PM +0200 schrieb Francis Augusto
Medeiros-Logeay via FreeIPA-users:
> Hi Sumit,
>
> > On 23 Jun 2023, at 10:52, Sumit Bose via FreeIPA-users
> > wrote:
> >
> >>
> >> No. The users are the same on both - same uid
Am Fri, Jun 23, 2023 at 12:25:03AM - schrieb barry y via FreeIPA-users:
> This happen randomly, local root can login through SSH to the affected system
> but for freeipa user, login was successful but there's no prompt.
> When successfully logged in, it only display a message saying "Last
Am Fri, Jun 23, 2023 at 09:03:55AM +0200 schrieb Francis Augusto
Medeiros-Logeay via FreeIPA-users:
>
>
> > On 22 Jun 2023, at 14:48, Rob Crittenden via FreeIPA-users
> > wrote:
> >
> > Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
> >> Hi,
> >>
> >> We have an application that
Am Thu, Jun 08, 2023 at 03:37:12PM - schrieb James Osbourn via
FreeIPA-users:
> Thanks I will take a look at the link.
>
> The krb5.conf file looks as follows
> includedir /etc/krb5.conf.d/
> includedir /var/lib/sss/pubconf/krb5.include.d/
>
> [logging]
> default =
Am Thu, Jun 08, 2023 at 11:48:58AM - schrieb James Osbourn via
FreeIPA-users:
> I have an inherited IPA domain that is a subdomain of an active directory
> domain, e.g. ipa.ad1.com as a child of ad1.com. The IPA domain has AD Trust
> enabled and a one way domain trust to another AD sub
Am Wed, Jun 07, 2023 at 05:10:15PM +0200 schrieb Ronald Wimmer via
FreeIPA-users:
> On 07.06.23 17:07, Ronald Wimmer via FreeIPA-users wrote:
> > On 07.06.23 14:27, Ronald Wimmer via FreeIPA-users wrote:
> > > When trying to add an AD group in an external group IPA fails to add
> > > certain
che HTTP
> server for several years now.
>
> On Thu, 1 Jun 2023 18:32:07 +0200
> Jelle de Jong via FreeIPA-users
> wrote:
>
> > On 6/1/23 15:18, Sumit Bose via FreeIPA-users wrote:
> > > Am Thu, Jun 01, 2023 at 02:18:40PM +0200 schrieb Jelle de Jong via
Am Thu, Jun 01, 2023 at 02:18:40PM +0200 schrieb Jelle de Jong via
FreeIPA-users:
> Hello everybody,
>
> I am looking for a way to digitally sign documents by end-users within an
> organisation.
Hi,
correct me if I'm wrong, but to my understanding the certificate is not
sufficient for a
Am Thu, May 11, 2023 at 11:48:45AM - schrieb J N via FreeIPA-users:
> > Am Thu, May 04, 2023 at 06:49:06AM - schrieb Finn Fysj via
> > FreeIPA-users:
> >
> > Hi,
> >
> > the above is part of the access control when a user is trying to log in.
> > As the messages says there are no HBAC
Am Thu, May 04, 2023 at 06:49:06AM - schrieb Finn Fysj via FreeIPA-users:
> I've tried to install and re-install the IPAserver on my node. Even tried to
> re-provision it. When I look in the SSSD log for my domain I get the
> following:
>
>* (2023-05-04 6:30:59): [be[lab.local]]
Am Wed, May 03, 2023 at 02:40:30PM - schrieb Finn Fysj via FreeIPA-users:
> > Am Wed, May 03, 2023 at 12:00:16PM - schrieb Finn Fysj via
> > FreeIPA-users:
> >
> > Hi,
> >
> > the behavior was changed due to
> > https://bugzilla.redhat.com/show_bug.cgi?id=1879869
> >
Am Wed, May 03, 2023 at 12:00:16PM - schrieb Finn Fysj via FreeIPA-users:
> I'm trying to setup new IPA server and when I run 'sudo su' I get
> prompted with password, which is fine.
> However, when I successfully type my password on a RHEL7 instance
> running FreeIPA version 4.6 I get a
Am Fri, Mar 17, 2023 at 02:21:33PM - schrieb None via FreeIPA-users:
> I have a fresh IPA server setup with a trust to an Active Directory. Alls IPA
> services are working fine, IPA users can connect to IPA client hosts without
> problems.
>
> I now have added an AD user via creating an ID
Am Fri, Feb 17, 2023 at 08:51:03AM +0100 schrieb Ronald Wimmer:
>
>
> On 16.02.23 12:18, Sumit Bose wrote:
> > Am Thu, Feb 16, 2023 at 12:14:02PM +0100 schrieb Ronald Wimmer via
> > FreeIPA-users:
> > > We do face the problem that we disabled a domain we do not need and that
> > > this
Am Thu, Feb 16, 2023 at 12:14:02PM +0100 schrieb Ronald Wimmer via
FreeIPA-users:
> We do face the problem that we disabled a domain we do not need and that
> this particular domain fills up sssd logs on the client side. Especially
> sssd_nss.log. How could we possibly avoid this behavior?
Hi,
Am Wed, Feb 08, 2023 at 08:37:11AM - schrieb r0 nam1 via FreeIPA-users:
> Uploaded logs that were created when logged in:
> https://temp.sh/FwJrh/terminallogs.zip
> (By 'tail -f' while logging in)
Hi,
it looks like you have added ipacertmapdata base mapping rule, but there
is no user in IPA
Am Wed, Feb 08, 2023 at 12:45:57AM - schrieb r0 nam1 via FreeIPA-users:
> Realized I never set up any mapping rules, fixed that and they match properly.
> Looking at the krb5_log now that's working, I see a few lines of interest:
> [sss_krb5_prompter] (0x4000): sss_krb5_prompter name [(null)]
Am Fri, Feb 03, 2023 at 07:16:58PM - schrieb r0 nam1 via FreeIPA-users:
> Apologies for my previous thread mess, I've learned to keep it neat.
>
> In following my previous thread
>
Am Mon, Jan 09, 2023 at 02:06:44PM - schrieb Damola Azeez via FreeIPA-users:
> Hi,
>
> Here is the krb5_child.log
>
> https://pastebin.com/zkcSBhAJ
Hi,
(2023-01-05 14:50:58): [krb5_child[22846]] [get_and_save_tgt] (0x0020): 1709:
[-1765328347][Clock skew too great]
(2023-01-05 14:50:58):
Am Mon, Jan 09, 2023 at 12:36:35PM - schrieb Damola Azeez via FreeIPA-users:
> Hi,
>
> here is the domain log from around the same time
>
> https://pastebin.com/EBQzQ7d0
Hi,
thanks, looks like the error is coming from krb5_child:
(2023-01-05 14:50:58): [be[domain.com]]
Am Thu, Jan 05, 2023 at 01:42:11PM - schrieb Damola Azeez via FreeIPA-users:
> Here is the link to sssd_pam.log after setting debug value to 9
>
> https://pastebin.com/embed_js/U345NVwA
Hi,
the PAM responders receives
(2023-01-05 14:50:58): [pam] [pam_dp_process_reply] (0x0200):
Am Wed, Jan 04, 2023 at 01:23:53PM -0300 schrieb tizo:
> >
> > Hi,
> >
> > 'Decrypt integrity check failed' typically means that the wrong
> > Kerberos password or key was used. Since you are using FAST it might
> > either be the user password the user is typing in or the host key which
> > was
Am Wed, Jan 04, 2023 at 11:52:21AM -0300 schrieb tizo via FreeIPA-users:
> We have an IPA-AD trust up and running. The IPA domain is
> idm.fnr.gub.uy and the AD (Samba) domain is smb.fnr.gub.uy. Our users
> belong to AD.
>
> We have a couple of Ubuntu 22.04 IPA clients configured. In the first
>
Am Fri, Dec 30, 2022 at 11:17:59AM - schrieb Damola Azeez via FreeIPA-users:
> After setting up my IPA environment, I am unable to log in successfully on
> some of my Linux servers. When I check /var/log/secure for authentication
> logs, I see the errors below
>
> Dec 30 12:18:31
Am Wed, Nov 09, 2022 at 08:09:16PM - schrieb Russ Long via FreeIPA-users:
> Hello,
>
> I am working on a test environment to test the integration of Okta as an
> external IDP. According to the docs, this is supported, however there is no
> okta-specific documentation that I can find.
Hi,
Am Wed, Sep 28, 2022 at 09:29:46PM +0200 schrieb Ronald Wimmer via
FreeIPA-users:
> On 28.09.22 20:18, Rob Crittenden wrote:
> > Ronald Wimmer via FreeIPA-users wrote:
> > > We set up IPA in a new network segment. Everything works fine but when I
> > > issue
> > >
> > > getent passwd
Am Fri, Sep 23, 2022 at 01:07:24PM +0200 schrieb Ronald Wimmer via
FreeIPA-users:
> I tried to give user access permissions to a specific host but when I try to
> log in via ssh I get an error:
>
> [hbac_evaluate] (0x0100): The rule [somerulename] did not match.
Hi,
near the log line above
Am Mon, Sep 19, 2022 at 11:23:34AM +0200 schrieb Ronald Wimmer:
> On 19.09.22 10:41, Sumit Bose via FreeIPA-users wrote:
> > Am Mon, Sep 19, 2022 at 08:28:56AM +0200 schrieb Ronald Wimmer via
> > FreeIPA-users:
> > > On 14.09.22 19:23, Rob Crittenden wrote:
> > >
Am Mon, Sep 19, 2022 at 08:28:56AM +0200 schrieb Ronald Wimmer via
FreeIPA-users:
> On 14.09.22 19:23, Rob Crittenden wrote:
> > Ronald Wimmer via FreeIPA-users wrote:
> > > Hi,
> > >
> > > on one of our ipa servers kinit stopped working. kinit admin shows an
> > > error:
> > >
> > > kinit:
Am Sun, Aug 14, 2022 at 04:34:30PM +0100 schrieb lejeczek via FreeIPA-users:
> Hi guys.
>
> Domain seems to function okey, 'healthcheck' reports no issues, but these
> begin to worry me, from sssd_pac.log
> ...
> (2022-08-14 16:19:52): [pac] [accept_fd_handler] (0x0020): Access denied for
> uid
Am Fri, Jul 08, 2022 at 09:28:34PM +0200 schrieb Sigbjorn Lie-Soland:
>
>
> > On 8 Jul 2022, at 12:18, Sumit Bose wrote:
> >
> > Am Fri, Jul 08, 2022 at 11:47:13AM +0200 schrieb Sigbjorn Lie-Soland:
> >>
> >>
> >>> On 8 Jul 2022, at 08:38, Sumit Bose wrote:
> >>>
> >>> Am Fri, Jun 03, 2022
Am Fri, Jul 08, 2022 at 11:47:13AM +0200 schrieb Sigbjorn Lie-Soland:
>
>
> > On 8 Jul 2022, at 08:38, Sumit Bose wrote:
> >
> > Am Fri, Jun 03, 2022 at 09:19:51AM +0200 schrieb Sigbjorn Lie via
> > FreeIPA-users:
> >> Hi list,
> >>
> >> When I have a 2FA enabled user account, I receive the
Am Fri, Jun 03, 2022 at 09:19:51AM +0200 schrieb Sigbjorn Lie via FreeIPA-users:
> Hi list,
>
> When I have a 2FA enabled user account, I receive the two password prompt
> for sudo at a host, even on hosts where 2FA is not required. This breaks
> Ansible for me, when using "become" with Ansible.
Am Tue, Jun 14, 2022 at 12:48:52PM -0400 schrieb Ranbir via FreeIPA-users:
> Hello Everyone,
>
> I have a situation where users' UPN in AD for the domain that my ipa
> domain has a trust with has been modified to look nothing like the
> domain account. The user name and suffix entered in the UPN
Am Wed, Jun 08, 2022 at 01:40:22AM -0400 schrieb Ranbir via FreeIPA-users:
> On Thu, 2022-06-02 at 13:33 +0200, Pavel Březina via FreeIPA-users
> wrote:
> > # SSSD 2.7.1
> >
> >
> > ### Configuration changes
> >
> > * New option `implicit_pac_responder` to control if the PAC responder
> > is
>
Am Thu, Jun 02, 2022 at 02:22:54PM -0400 schrieb Rob Crittenden via
FreeIPA-users:
> Jim Kinney via FreeIPA-users wrote:
> > It seems if valid ssh keys exist, the expired account status doesn't
> > block login with ssh keys. Any operation that touches a password is
> > blocking.
> > Is there a
Am Tue, May 24, 2022 at 07:45:01PM +0530 schrieb Joyce Babu via FreeIPA-users:
> Hello Sumit,
>
> I have generated the logs files.
>
> Is it okay, if I email the files directly to you?
Hi,
sure
bye,
Sumit
>
> *Thanks and regards,*
> Joyce Babu
>
Am Tue, May 17, 2022 at 08:22:30PM - schrieb Joyce Babu via FreeIPA-users:
> Thank you for your response.
>
> The password I entered is alpha numeric with no special characters. Also, I
> tried to login to both the old and new client through SSH from my laptop. So,
> it is not a keyboard
Am Mon, May 23, 2022 at 08:48:46AM +0200 schrieb Ronald Wimmer via
FreeIPA-users:
> Today I updated all packages on one of our IPA servers. Unfortunately, SSSD
> stopped working:
Hi,
to which package version did you update?
bye,
Sumit
>
> [sssd] [main] (0x0010): SSSD couldn't load the
Am Tue, May 17, 2022 at 01:32:15PM - schrieb Bayo A via FreeIPA-users:
> Hi Rob,
>
> The error Client 'host/xxx@XXX' not found in Kerberos
> database" which I'm also having in my environment.
>
> My IPA and AD realms use the same name however I'm not using DNS in my
> implementation as
Am Tue, May 17, 2022 at 02:29:24PM - schrieb Joyce Babu via FreeIPA-users:
> I have a FreeIPA installation with many Pop!_OS 21.10 clients. Today I
> upgraded one of the clients to Pop!_OS 22.04, and I can no longer
> authenticate with FreeIPA on the upgraded client.
>
> In krb5kdc.log file
Am Mon, May 16, 2022 at 01:20:27PM - schrieb Damola Azeez via FreeIPA-users:
> What if i use the host file for name resolution?
Hi,
this would not be sufficient. With careful manual configuration in
multiple configuration files you might be able to get some features
working. But this would
Am Thu, May 12, 2022 at 09:58:40AM - schrieb Damola Azeez via FreeIPA-users:
> From the dig -t SRV _kerberos._tcp.xxx output,
>
> 192.168.101.160 which is the IPA server didn't show. The other 3 IP addresses
> showed up. Those 3 IP addresses act as the DNS server and AD server for the
>
Am Wed, May 11, 2022 at 03:10:06PM - schrieb Damola Azeez via FreeIPA-users:
> Hi Sumit, Thanks for the assistance.
>
> Please find the ldap_child.log file in the link below
>
> https://pastebin.com/pKp1tvCt
Hi,
thanks for the log. It looks like the KDC with the IP address
192.168.101.160
Am Wed, May 11, 2022 at 02:19:23PM - schrieb Damola Azeez via FreeIPA-users:
> Hi,
>
> The above should be done on the IPA client right?
Hi,
yes.
bye,
Sumit
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To
Am Wed, May 11, 2022 at 12:14:56PM - schrieb Damola Azeez via FreeIPA-users:
> Hi,
>
> Output below
Hi,
thanks, so this is working as expected, SSSD's ldap_child basically does
the same. Can you add 'debug_level = 9' to the [domain/...] section of
sssd.conf, restart SSSD, try to lookup some
Am Wed, May 11, 2022 at 08:47:49AM - schrieb Damola Azeez via FreeIPA-users:
> Hi,
>
> below is the output of ipa host-show epmtestapp
>
>
> Host name: epmtestapp.xxx
> Platform: x86_64
> Operating system: 4.1.12-124.16.4.el6uek.x86_64
> Certificate: ---
> Subject:
Am Tue, May 10, 2022 at 03:57:19PM - schrieb Damola Azeez via FreeIPA-users:
> Output of 'klist -k'
>
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
>
> --
>1 host/epmtestapp.xxx@XXX
>1
Am Tue, May 10, 2022 at 02:17:18PM - schrieb Damola Azeez via FreeIPA-users:
> I've installed FreeIPA on all host I manage and everything has been fine
> until today when had to reboot the whole hosts. Every other host worked
> except one. checking the log file of the server, i saw the below
Am Mon, May 02, 2022 at 03:15:05PM -0300 schrieb tizo:
> On Mon, May 2, 2022 at 2:36 PM Sumit Bose wrote:
> >
> > Am Mon, May 02, 2022 at 12:32:34PM -0300 schrieb tizo:
> > > On Mon, May 2, 2022 at 11:56 AM Sumit Bose wrote:
> > > >
> > > > Am Mon, May 02, 2022 at 11:39:40AM -0300 schrieb tizo:
Am Mon, May 02, 2022 at 12:32:34PM -0300 schrieb tizo:
> On Mon, May 2, 2022 at 11:56 AM Sumit Bose wrote:
> >
> > Am Mon, May 02, 2022 at 11:39:40AM -0300 schrieb tizo:
> > > > Hi,
> > > >
> > > > thanks, at least I received your email. Can you run the tests with
> > > > "krb5_use_fast = never"
Am Mon, May 02, 2022 at 11:39:40AM -0300 schrieb tizo:
> > Hi,
> >
> > thanks, at least I received your email. Can you run the tests with
> > "krb5_use_fast = never" and "krb5_use_enterprise_principal = True" again
> > but with 'debug_level = 9' in the [domain/...] section of sssd.conf.
> > This
Am Mon, May 02, 2022 at 09:31:37AM -0300 schrieb tizo:
> >
> > Hi,
> >
> > can you try if adding
> >
> > krb5_use_enterprise_principal = True
> >
> > help? If not, please send full SSSD logs (everything in /var/log/sssd)
> > next time.
> >
> > bye,
> > Sumit
> >
>
> Hi and thanks Sumit. I
Am Mon, Apr 25, 2022 at 01:23:05PM -0300 schrieb tizo via FreeIPA-users:
> On Mon, Apr 25, 2022 at 12:23 PM tizo wrote:
> >
> > > Hi,
> > >
> > > thanks for the logs. The issue does not happen during Kerberos ticket
> > > validation, as I thought but while trying to establish the FAST tunnel.
> >
Am Wed, Apr 27, 2022 at 02:50:42PM - schrieb Ben Aveling via FreeIPA-users:
> We're having users unable to login on some hosts.
>
> The error message in /var/log/secure is:
>
> sshd[29399]: error: PAM: User account has expired for <> from
> <>
>
> The same users can login fine to other
Am Thu, Apr 07, 2022 at 05:07:00PM -0300 schrieb Mateo Duffour:
> Hi,
>
> The last answer that we received on bugzilla and on samba lists sais "Your
> kpasswd is expecting FAST support which has been added in samba 4.16. So you
> either have to disable FAST or upgrade first."
>
> We've
Am Wed, Apr 06, 2022 at 08:29:21AM - schrieb Francis Augusto
Medeiros-Logeay via FreeIPA-users:
> Hi,
> I wonder if it is possible to configure a FreeIPA client to assume that
> clients logging in are from a trusted AD domain, instead of having those
> users to type `username@ad_domain`
Am Wed, Mar 16, 2022 at 03:24:40PM - schrieb Florian Wilhelm via
FreeIPA-users:
> We are successfully running a FreeIPA setup connected to an AD using kerberos
> to authenticate. (IPA is used as provider).
> Our windows domain name is not identical to our main mail domain. For some
> users
Am Fri, Mar 11, 2022 at 01:32:50PM -0300 schrieb Mateo Duffour:
> Hi,
>
> I've send the network capture attached, it was made with tcpdump in the IdM
> server to the Samba AD DC server, while trying to log in with ssh with user5.
Hi,
thanks for the network trace.
Alexander, can you have a
Am Thu, Mar 10, 2022 at 06:11:41PM -0300 schrieb Mateo Duffour:
> I made a mistake and copied other log, the log of the test mentioned is:
>
> Mar 10 18:08:08 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[45687]: Password has
> expired
> Mar 10 18:08:08 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[45687]:
Am Thu, Mar 10, 2022 at 01:34:27PM -0300 schrieb Mateo Duffour:
> Hi Sumit,
>
> I have attached all the files you requested, this test was done with user
> usu5 which has its password expired.
Hi,
thanks for the new logs. Can you check if adding
krb5_use_enterprise_principal = True
to
Am Tue, Mar 08, 2022 at 01:42:53PM -0300 schrieb Mateo Duffour:
> Hi, thanks again for the quick reply.
> Sorry i did not have the time to test it again until now, i tried your
> recomendations.
>
> Its still behaving the same way than before, so I attached the sssd_pam.log
> you requested
Am Fri, Feb 25, 2022 at 11:21:55AM -0300 schrieb Mateo Duffour:
> Hi,
>
> I send you attached the files needed, let me know if you need something else.
Hi,
thanks for the file, they look ok. After looking again at what you send
I came across
Feb 23 08:14:35 idmsrvpru.idmpru.fnr.gub.uy
Am Thu, Feb 24, 2022 at 11:53:07AM -0300 schrieb Mateo Duffour via
FreeIPA-users:
> Which /etc/pam.d/ config file do you need ?
Hi,
from the logs below it looks like you are using ssh to log in, so it
would be /etc/pam.d/sshd and all the files which might be referenced in
that file.
bye,
Am Tue, Feb 22, 2022 at 03:40:27PM -0300 schrieb Mateo Duffour via
FreeIPA-users:
> Hi,
>
> We currently have an IdM installation with a trust relationship with a Samba
> AD DC. Our user accounts reside on Samba AD DC, we dont have user accounts on
> IdM.
> We are having a problem with Samba
Am Tue, Feb 22, 2022 at 07:42:18AM +0100 schrieb Michael Schwartzkopff via
FreeIPA-users:
> On 22.02.22 00:08, Angus Clarke wrote:
> > I was meant to have attached the script sorry!
> >
> > Attached now.
> >
> > Hope it helps
> > Angus
> >
> > From: Michael
Am Fri, Feb 18, 2022 at 02:06:24PM +0100 schrieb Michael Schwartzkopff via
FreeIPA-users:
> Hi,
>
>
> I want to use OTP for krb tickets. Plain login works as expected. When I
> start kinit user I get the response:
>
> $ kinit user
>
> kinit: Generic preauthentication failure while getting
Am Wed, Feb 16, 2022 at 03:09:00PM - schrieb David Galarreta via
FreeIPA-users:
> Hello!
> we get the next error when we try to create a kerberos ticket:
> kinit: Cannot find KDC for realm "TEST.INTERN" while getting initial
> credentials
>
> /etc/krb5.conf:
> [libdefaults]
>
Am Mon, Feb 07, 2022 at 10:09:36PM - schrieb Bill M via FreeIPA-users:
> Hi there,
>
> I've a primary and three secondary servers in the sssd.conf on my IPA
> clients. The failover works as expected, and from the logs I can see
> the client attempting to reconnect to the primary server every
Am Wed, Feb 09, 2022 at 11:09:02AM - schrieb Sascha Hartl via FreeIPA-users:
> Hello
>
> could now verify it's not the subdirectory
>
> i performe a homdirectory-override to /home/testuser in sssd.conf,
> the error is the same
>
> Failed to import environment: Process
Am Wed, Feb 09, 2022 at 08:57:04AM - schrieb Sascha Hartl via FreeIPA-users:
> found this in addition
>
> [root@host testuser]# cat .xsession-errors
> Failed to import environment: Process org.freedesktop.systemd1 exited with
> status 1
> /etc/X11/xinit/Xsession: line 88:
Am Wed, Feb 09, 2022 at 07:21:33AM - schrieb Sascha Hartl via FreeIPA-users:
> Hello
>
> I'm looking for a solution to use IPA and AD Users via IPA-provider for xorg
> Sessions on OL8.
> I've found some methods with "access_provider = ad" or "access_provider =
> simple" but i use
le_files_domain = false' will switch off the handling of the local
files in SSSD and let glibc and the nss modules collect the group
members.
HTH
bye,
Sumit
>
> On Mon, Feb 7, 2022 at 3:13 AM Sumit Bose via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
>
Am Thu, Jan 27, 2022 at 04:06:19PM -0600 schrieb Russell Jones via
FreeIPA-users:
> Hi all,
>
> I am very confused on why I am not able to enumerate the group members on a
> centos 8 machine with the above command, but I can on a centos 7 machine.
>
> [root@centos8-1 log]# getent group -s sss
Am Sun, Jan 16, 2022 at 12:50:28PM + schrieb lejeczek via FreeIPA-users:
> Hi guys.
>
> This have puzzled my and left clueless.
> It's a fresh new deployment and still only single master.
> Very first & only user and I cannot 'ssh' with password - but krb ticket I
> can obtain and 'ssh' with
Am Tue, Dec 21, 2021 at 01:25:20PM - schrieb Alexander Becker via
FreeIPA-users:
> Hello all,
>
> since some time we have some cases where a sssd login does not work anymore
> and a service restart is necessary. According to analysis, there is a high
> disk and CPU usage at that time.
>
Am Thu, Dec 23, 2021 at 01:13:32PM +0100 schrieb Winfried de Heiden via
FreeIPA-users:
> Hi all,
>
> Using FreeIPA, 2FA can be made optional by enabling "Password" AND "Two
> factor authentication (password + OTP)" for a user. For particular hosts the
> 2FA now can be made mandatory by enabling
Am Wed, Dec 15, 2021 at 01:35:49PM -0300 schrieb tizo via FreeIPA-users:
> On Wed, Dec 15, 2021 at 10:24 AM tizo wrote:
>
> > Just another problem of my lab about IPA trusting AD (but very close to
> > the end). We have this trust relation between IPA and AD. The IPA server is
> > installed on a
Am Tue, Dec 14, 2021 at 01:05:52PM +0100 schrieb Ronald Wimmer via
FreeIPA-users:
> On 10.12.21 09:50, Florence Blanc-Renaud wrote:
> > Hi,
> >
> > You can have a look at
> >
Am Mon, Dec 13, 2021 at 06:14:13PM - schrieb Sam Morris via FreeIPA-users:
> You're absolutely right. On Debian in /etc/pam.d/common-auth we have:
>
> # here are the per-package modules (the "Primary" block)
> auth[success=2 default=ignore] pam_unix.so nullok
> auth[success=1
Am Mon, Dec 13, 2021 at 01:34:12PM - schrieb Sam Morris via FreeIPA-users:
> I enabled OTP for my user. On RHEL and Fedora systems, I get the
> expected interactive 'first factor' followed by 'second factor'
> prompts which work fine.
>
> On a Debian system, PAM still only gives me the single
Am Tue, Nov 30, 2021 at 04:26:11PM +0200 schrieb Alexander Bokovoy via
FreeIPA-users:
> On ti, 30 marras 2021, Jan Poctavek via FreeIPA-users wrote:
> > Hi,
> >
> > Maybe I'm just missing something very trivial but I have trouble setting
> > user homedirs to a value of /home/%u instead of
Am Wed, Nov 17, 2021 at 03:06:16PM -0500 schrieb Rob Crittenden via
FreeIPA-users:
> Andrei Neagoe via FreeIPA-users wrote:
> > Hey Rob,
> >
> > Yes, it was an attempt to see if I can "fix" the issue. The problem was
> > there even before I added the new range. We have only a handful of users,
Am Mon, Nov 15, 2021 at 09:21:43AM - schrieb Tony Delov via FreeIPA-users:
> I'm reasonably sure the time is ok (on the client at least).
> I actually have been removing the cache and restarting. My ID was not in the
> cache.
Hi,
which version of SSSD are you using? Can you added
Am Thu, Nov 04, 2021 at 11:07:25PM - schrieb Mark Johnson via FreeIPA-users:
> Got my authentication working and I populated my directory with users
> and groups and assigned group memberships accordingly. I wasn't
> getting this issue originally, but now I'm suddenly getting the
> "cannot
Am Thu, Oct 28, 2021 at 02:16:25AM - schrieb Mark Johnson via FreeIPA-users:
> OK, I finally managed to get a successful login using an ldap access filter.
> The filter wasn't the real issue. I noticed from the debug logs in sssd that
> the DN didn't look right (cn=compat instead of
Am Wed, Oct 27, 2021 at 07:58:50AM - schrieb Mark Johnson via FreeIPA-users:
> I've been struggling with this all day and I'm getting nowhere. We're
> wanting to migrate from a 389-DS authenticated network to FreeIPA. We have a
> few Linux servers scattered around the world that
Am Thu, Sep 23, 2021 at 02:12:20PM -0400 schrieb Rob Crittenden via
FreeIPA-users:
> Radoslaw Kujawa via FreeIPA-users wrote:
> > Hi.
> >
> > On 9/23/21 15:06, Sumit Bose via FreeIPA-users wrote:
> >> Am Thu, Sep 23, 2021 at 12:33:25PM +0200 schrieb Radoslaw
1 - 100 of 379 matches
Mail list logo