[Freeipa-users] IPA, samba, and secondary groups

2012-02-29 Thread Kelvin Edmison
Hi all, I am running into an issue where users cannot access a samba volume if their only access is via a secondary group. For example, if testuser's primary group is ipausers, and secondary groups include testgroup, and the samba mount permissions are adminuser:testgroup:rwxrwx---, then

Re: [Freeipa-users] IPA, samba, and secondary groups

2012-02-29 Thread Stephen Gallagher
On Wed, 2012-02-29 at 11:24 -0500, Kelvin Edmison wrote: Hi all, I am running into an issue where users cannot access a samba volume if their only access is via a secondary group. For example, if testuser's primary group is ipausers, and secondary groups include testgroup, and the samba

Re: [Freeipa-users] IPA, samba, and secondary groups

2012-02-29 Thread Kelvin Edmison
On 12-02-29 1:40 PM, Stephen Gallagher sgall...@redhat.com wrote: On Wed, 2012-02-29 at 11:24 -0500, Kelvin Edmison wrote: Hi all, I am running into an issue where users cannot access a samba volume if their only access is via a secondary group. For example, if testuser's primary

Re: [Freeipa-users] IPA, samba, and secondary groups

2012-02-29 Thread Stephen Gallagher
On Wed, 2012-02-29 at 13:49 -0500, Kelvin Edmison wrote: On 12-02-29 1:40 PM, Stephen Gallagher sgall...@redhat.com wrote: On Wed, 2012-02-29 at 11:24 -0500, Kelvin Edmison wrote: Hi all, I am running into an issue where users cannot access a samba volume if their only access is

Re: [Freeipa-users] CA replica installation failure

2012-02-29 Thread Dan Scott
Anyone have any suggestions for how I can fix this? Dan On Mon, Feb 27, 2012 at 21:06, Dan Scott danieljamessc...@gmail.com wrote: Hi, I'm having another problem with replica installation - just the CA this time It looks like there's a problem with SELinux and the pki-ca service: After

Re: [Freeipa-users] CA replica installation failure

2012-02-29 Thread Ade Lee
Thats a pretty strange error. The ports there are supposed to be reserved for pki_ca_port_t. Can you do the following for each of the ports? semanage port -l |grep 9443 Its probably best to completely remove the replica. You could try use dogtag specific commands to uninstall and install the

Re: [Freeipa-users] CA replica installation failure

2012-02-29 Thread Dan Scott
On Wed, Feb 29, 2012 at 16:03, Ade Lee a...@redhat.com wrote: Thats a pretty strange error.  The ports there are supposed to be reserved for pki_ca_port_t. Can you do the following for each of the ports? semanage port -l |grep 9443 [root@fileserver3 ~]# semanage port -l |grep 9443

Re: [Freeipa-users] CA replica installation failure

2012-02-29 Thread Ade Lee
Its a little strange that its showing up as an error -- it shouldn't if they are already set and they are of the right context. That said, its not really an error - and should not be a problem unless its preventing the installation from completing successfully. Try doing the installation with