Hi,
Altough I have this configuration in client .conf:
##
client 172.30.47.241 {
secret = 877909
shortname = VodafonePinarsuAPNYeni1
nastype = other
}
client 172.30.47.242 {
secret = 877909
Tevfik Ceydeliler wrote:
Hi,
Altough I have this configuration in client .conf:
##
client 172.30.47.241 {
secret = 877909
shortname = VodafonePinarsuAPNYeni1
nastype = other
}
client 172.30.47.242 {
I see. Peter, Martin, thanks for the explanation. My worry was that
something went wrong in my reinstallation, glad to hear it is not the case.
Roberto
On 17 Mar 2015 14:51, Petr Spacek pspa...@redhat.com wrote:
On 17.3.2015 14:06, Martin Basti wrote:
On 17/03/15 13:32, Roberto Cornacchia
We have a trust relationship established between our AD domain and our IPA
domain, and AD users can be found on the IPA server with id and getent passwd.
When a user tries to SSH to the IPA server with AD credentials, the logs show:
(Tue Mar 17 10:45:54 2015) [sssd[be[middlebury.edu]]]
HI List
i was following this link :
http://www.freeipa.org/page/Active_Directory_trust_setup#Assumptions
to setup IPA server
my IPA version is 4.1.2
every setps in this tutorials was passed without any error
even *Allow access for users from AD domain to protected resources*
went successfully
Looks like a bug, yes. I am just not sure whether in missing Saltstack SELinux
module or the actual SELinux policy. You can try filing a bug to SELinux policy.
Looking at SaltStack Troubleshooting guide, would switching to rpm_script_t
help?
Joshua or Erinn, can either of you please help us improve the docs and file a
bug for the Windows integration guide, about the section you are concerned with?
This is a direct link:
On 03/17/2015 12:12 PM, Janelle wrote:
On 3/17/15 9:06 AM, Martin Kosek wrote:
On 03/17/2015 04:35 PM, Janelle wrote:
Hello,
I have a server - a master (has CA) - and it does not want to
restart after it
has been running sometime. pki-tomcatd keeps failing. It starts up
with these
errors,
On 03/17/2015 03:41 PM, Janelle wrote:
On 3/17/15 12:14 PM, Dmitri Pal wrote:
On 03/17/2015 12:12 PM, Janelle wrote:
On 3/17/15 9:06 AM, Martin Kosek wrote:
On 03/17/2015 04:35 PM, Janelle wrote:
Hello,
I have a server - a master (has CA) - and it does not want to
restart after it
has been
I’ve been getting messages like these when I try the id command for a test AD
domain user:
(Tue Mar 17 17:10:34 2015) [sssd[be[unix.test.osuwmc]]] [sdap_get_primary_name]
(0x0400): Processing object farus@test.osuwmc
(Tue Mar 17 17:10:34 2015) [sssd[be[unix.test.osuwmc]]] [sdap_save_user]
Kim Perrin wrote:
Hello all,
For nearly 2 years I’ve been running a Freeipa 3 (currently 3.0.0-42)
environment. We've had 2 masters since the start. Several replicas
have had problems that required me to remove them. I’ve removed them
all (except the very last one) by running
Watson, Dan wrote:
Hi all,
Can anyone tell me how to script calls from the ipa server? I would like
to be able to do something like ipa group-show unix_admin in a script,
but I dont know how to pass Kerberos credentials that dont expire.
I think you want to use credentials in a
Thanks for the reply Rob.
On Tue, Mar 17, 2015 at 2:06 PM, Rob Crittenden rcrit...@redhat.com wrote:
Kim Perrin wrote:
Hello all,
For nearly 2 years I’ve been running a Freeipa 3 (currently 3.0.0-42)
environment. We've had 2 masters since the start. Several replicas
have had problems that
On Tue, Mar 17, 2015 at 11:37:24AM +0300, Ben .T.George wrote:
HI List
i was following this link :
http://www.freeipa.org/page/Active_Directory_trust_setup#Assumptions
to setup IPA server
my IPA version is 4.1.2
every setps in this tutorials was passed without any error
even *Allow
HI
i have enabled debug
here is my sssd.conf
[root@kwtpocpbis01 ~]# cat /etc/sssd/sssd.conf
[domain/solaris.local]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = solaris.local
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname =
On Tue, Mar 17, 2015 at 12:57:27PM +0300, Ben .T.George wrote:
HI
i have enabled debug
here is my sssd.conf
[root@kwtpocpbis01 ~]# cat /etc/sssd/sssd.conf
[domain/solaris.local]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = solaris.local
id_provider =
On Tue, 2015-03-17 at 18:07 +0100, Natxo Asenjo wrote:
On Tue, Mar 17, 2015 at 4:19 PM, Tevfik Ceydeliler
tevfik.ceydeli...@astron.yasar.com.tr wrote:
Hi,
Altough I have this configuration in client .conf:
##
Hi all
how can i fix this issue.? even i tried to trust add AD again. that too
failed.
from where i need to troubleshoot ?
On Tue, Mar 17, 2015 at 3:02 PM, Ben .T.George bentech4...@gmail.com
wrote:
Hi
i did kinit
[root@kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab
kinit: Keytab
Sorry, the message got sent accidentally earlier before I could provide all
the details.
Version: 4.1.0 on RHEL 7.1 x86_64
Steps:
1. ipa-server-install
2. service sshd restart
3. kinit admin - This always works
4. ssh admin@localhost - This works for the
I don't think sss_cache -E removes cached idrange objects. You need to
delete the databases in /var/lib/sss/db/.
OK, I stopped sssd, removed everything in /var/lib/sss/db, and restarted sssd.
Still no change -- I get the same error.
You mean RHEL 7.1, right?
Yes, RHEL 7.1.
David Guertin
On Tue, 17 Mar 2015, Ben .T.George wrote:
Hi
i did kinit
[root@kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab
kinit: Keytab contains no suitable keys for
host/kwtpocpbis01.solaris.local@SOLARIS.LOCAL while getting initial
credentials
i destroyed and re-created. but still same
What did
On 03/17/2015 08:30 PM, Gould, Joshua wrote:
It looks like the range for your AD domain defined in ³ipa idrange-find
‹all² needs to match whats in for your domain in /etc/sssd/sssd.conf.
For your example. Under the [domain/CSNS.MIDDLEBURY.EDU] should have
ldap_idmap_range_min = 182460
I figured out that the ldap_idmap_range_min and ldap_idmap_range_size need
to match whats in ipa idrange-find --all for the AD domain.
# ipa idrange-mod --base-id=10 --range-size=90 --rid-base=0
Range name: TEST.OSUWMC_id_range
Modified ID range
On 03/17/2015 06:27 PM, Kim Perrin wrote:
On Tue, Mar 17, 2015 at 3:09 PM, Kim Perrin kper...@doctorondemand.com wrote:
On Tue, Mar 17, 2015 at 2:52 PM, Kim Perrin kper...@doctorondemand.com wrote:
Thanks for the reply Rob.
On Tue, Mar 17, 2015 at 2:06 PM, Rob Crittenden rcrit...@redhat.com
David,
I had a very similar issue which I posted to the list today. Your notes
indirectly helped me. I think we both had two ends to the same puzzle.
It looks like the range for your AD domain defined in ³ipa idrange-find
‹all² needs to match whats in for your domain in /etc/sssd/sssd.conf.
For
On 3/17/15 12:14 PM, Dmitri Pal wrote:
On 03/17/2015 12:12 PM, Janelle wrote:
On 3/17/15 9:06 AM, Martin Kosek wrote:
On 03/17/2015 04:35 PM, Janelle wrote:
Hello,
I have a server - a master (has CA) - and it does not want to
restart after it
has been running sometime. pki-tomcatd keeps
Hello all,
For nearly 2 years I’ve been running a Freeipa 3 (currently 3.0.0-42)
environment. We've had 2 masters since the start. Several replicas
have had problems that required me to remove them. I’ve removed them
all (except the very last one) by running ‘ipa-server-install
--uninstall’
HI
i have changed like this:
[root@kwtpocpbis01 yum.repos.d]# more /etc/sssd/sssd.conf
[domain/solaris.local]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = solaris.local
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname =
Oops sorry
here is the logs
== sssd_pam.log ==
(Tue Mar 17 14:33:23 2015) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn:
0x7fdea7263bd0
(Tue Mar 17 14:33:23 2015) [sssd[pam]] [sbus_dispatch] (0x4000):
Dispatching.
(Tue Mar 17 14:33:23 2015) [sssd[pam]] [sbus_message_handler] (0x4000):
Received
On Tue, Mar 17, 2015 at 02:38:41PM +0300, Ben .T.George wrote:
here is separated logs:
tail -f sssd_solaris.local.log
Thank you, see inline:
(Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_get_tgt_recv]
(0x0400): Child responded: 14 [Decrypt integrity check failed], expired on
Hi
i did kinit
[root@kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab
kinit: Keytab contains no suitable keys for
host/kwtpocpbis01.solaris.local@SOLARIS.LOCAL while getting initial
credentials
i destroyed and re-created. but still same
On Tue, Mar 17, 2015 at 2:45 PM, Jakub Hrozek
I was helping a friend out with his environment that was experiencing the same
issue. CC'ing him as well.
Between his ipa servers, the conflicted values were the same just time stamp
that created the conflict? (I'm still not sure what caused the conflict in the
first place). So what we did to
Thanks, I'll look into that. Would you mind sharing the script used to
clean up the entries? That would save me some time.
Not expecting anything that I can run blindly and that will magically solve
my problems, but some hints would definitely be appreciated :-)
- Andreas
On Mon, Mar 16, 2015
Quick update: I think that I have solved it, by just deleting the entries
holding nsuniqueid additional string. I went forward using a gui
application for browsing LDAP structures.
I guess a script for tackling this issue in a slightly more automated way
could probably be of value to other people.
Hi there,
I've just installed freeIPA on a FC21 server and trying to perform some
sanity checks.
A first puzzle for me is: I have some DNS forwarders, which I selected
during installation.
They do work and they do appear in /etc/named.conf
forward first;
forwarders {
Hi,
do you have the DS access logs from your servers from the time around
the conflicting entry was created ?
Thanks,
Ludwig
On 03/17/2015 11:14 AM, Andreas Skarmutsos Lindh wrote:
Quick update: I think that I have solved it, by just deleting the
entries holding nsuniqueid additional
On 17/03/15 13:32, Roberto Cornacchia wrote:
Hi there,
I've just installed freeIPA on a FC21 server and trying to perform
some sanity checks.
A first puzzle for me is: I have some DNS forwarders, which I selected
during installation.
They do work and they do appear in /etc/named.conf
On 17.3.2015 14:06, Martin Basti wrote:
On 17/03/15 13:32, Roberto Cornacchia wrote:
Hi there,
I've just installed freeIPA on a FC21 server and trying to perform some
sanity checks.
A first puzzle for me is: I have some DNS forwarders, which I selected
during installation.
They do work
On 3/17/15 9:06 AM, Martin Kosek wrote:
On 03/17/2015 04:35 PM, Janelle wrote:
Hello,
I have a server - a master (has CA) - and it does not want to restart after it
has been running sometime. pki-tomcatd keeps failing. It starts up with these
errors, then adds a lot more. Maybe this might
On 03/17/2015 04:27 PM, Benjamin Reed wrote:
On 3/17/15 7:33 AM, Martin Kosek wrote:
# ipa config-mod --enable-migration=true
# echo Secret123 | ipa migrate-ds --bind-dn=cn=Directory Manager
--user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts
On 03/17/2015 05:16 PM, Benjamin Reed wrote:
On 3/17/15 12:09 PM, Martin Kosek wrote:
I would still wished we fixed the original root cause why replication was
failing for you - as this is the obviously expected way of upgrading to
RHEL/CentOS 7.1 from RHEL-6 environment and I think/hope it
On 3/17/15 7:33 AM, Martin Kosek wrote:
# ipa config-mod --enable-migration=true
# echo Secret123 | ipa migrate-ds --bind-dn=cn=Directory Manager
--user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts
--group-objectclass=posixgroup
On 03/17/2015 11:14 AM, Andreas Skarmutsos Lindh wrote:
Quick update: I think that I have solved it, by just deleting the entries
holding nsuniqueid additional string. I went forward using a gui
application for browsing LDAP structures.
I guess a script for tackling this issue in a slightly
On 03/17/2015 04:35 PM, Janelle wrote:
Hello,
I have a server - a master (has CA) - and it does not want to restart after it
has been running sometime. pki-tomcatd keeps failing. It starts up with these
errors, then adds a lot more. Maybe this might point you to something that is
know or a
When you changed idrange, it helps to remove SSSD cache, both on IPA
master and IPA clients and restart SSSD.
OK, I cleared the cache and restarted sssd with:
sss_cache -E
systemctl restart sssd
Still no change in the error: Could not convert objectSID
On Tue, Mar 17, 2015 at 4:19 PM, Tevfik Ceydeliler
tevfik.ceydeli...@astron.yasar.com.tr wrote:
Hi,
Altough I have this configuration in client .conf:
##
client 172.30.47.241 {
secret = 877909
shortname = VodafonePinarsuAPNYeni1
Dear Alex
i already enable debugging and this is what i am getting on error_log while
running : ipa trust-add --type=ad infra.com --admin Administrator --password
[Wed Mar 18 08:10:17.470460 2015] [:error] [pid 15176] ipa: DEBUG: WSGI
wsgi_dispatch.__call__:
[Wed Mar 18 08:10:17.470571 2015]
47 matches
Mail list logo