On Thu, 09 Apr 2015, Guertin, David S. wrote:
We have a trust relationship set up between our IPA domain and our AD
domain. When ad AD user logs in to an IPA client, they are given a home
directory of /home/ad-domain/username. I would like to change this
to /home/username. (I'm not interested in
i.e. they both contain both sss and ldap, with sss first. The client was
installed with the script generated by running ipa-advise config-redhat-
sssd-before-1-9 on the server. This script contains:
# Use the authconfig to configure nsswitch.conf and the PAM stack
authconfig --updateall
Hi,
Does somebody have any pointers for me regarding this issue?
Regards,
D
2015-04-07 13:34 GMT+02:00 David Dejaeghere david.dejaegh...@gmail.com:
Hello,
I am trying to setup a replica for my master which has been setup with an
external CA to use our godaddy wildcard certificate.
The
On 04/09/2015 11:19 AM, Guertin, David S. wrote:
If that works it means that you are not using SSSD on RHEL5 clients.
Please check your nsswitch and pam.conf to see what modules are actually
used.
Hmm. /etc/nsswitch.conf contains:
--
passwd: files sss ldap
shadow:
Hi,
Great, modifying
/usr/lib/python2.7/site-packages/ipalib/constants.py did the
trick! Setting startup_timeout to 600 seconds was enough :)
After setting startup_timeout=600 in /etc/ipa/default.conf
restarting freeipa worked well allthough it
On 04/09/2015 07:51 AM, Martin Kosek wrote:
On 04/09/2015 05:59 AM, Alexander Frolushkin wrote:
-Original Message-
From: thierry bordaz [mailto:tbor...@redhat.com]
Sent: Wednesday, April 08, 2015 6:36 PM
To: Alexander Frolushkin (SIB)
Cc: 'Ludwig Krispenz'; Martin Kosek;
If your clients are RHEL 7.1, remove all of the hacks and use ID Views instead.
https://access.redhat.com/documentation/en-
US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/id-
views.html
ID view 'Default Trust View' will be applied automatically -- on RHEL7.1
clients by SSSD picking
Since the trusted AD domain is a 'subdomain' in SSSD lingo, you need to
change the 'subdomain_homedir' parameter in sssd.conf
Perfect! That's exactly what I was looking for.
Thanks.
David Guertin
--
Manage your subscription for the Freeipa-users mailing list:
On Thu, Apr 09, 2015 at 09:33:25AM +0200, Chamambo Martin wrote:
Good day
I have managed to follow this guide
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/htm
l/Deployment_Guide/SSSD-Troubleshooting.html#idp21135920 and I have
configured my sssd.conf file as
If that works it means that you are not using SSSD on RHEL5 clients.
Please check your nsswitch and pam.conf to see what modules are actually
used.
Hmm. /etc/nsswitch.conf contains:
--
passwd: files sss ldap
shadow: files sss ldap
group: files sss ldap
On (09/04/15 01:04), Martin Chamambo wrote:
I managed to install my ipa client on centos 5 using this command below
ipa-client-install --server cyclops.ai.co.zw --domain ai.co.zw
Pease follow instruction for rhel 5
David Dejaeghere wrote:
Hi,
Does somebody have any pointers for me regarding this issue?
It would help very much if you'd include the version you're working
with. Based on line numbers I'll assume IPA 4.1.
It's hard to say since you don't include the command-line you're using,
or what those
On 04/09/2015 07:59 AM, Alexander Frolushkin wrote:
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Thursday, April 09, 2015 11:51 AM
To: Alexander Frolushkin (SIB); 'thierry bordaz'
Cc: 'Ludwig Krispenz'; freeipa-users@redhat.com
Subject: Re: [Freeipa-users]
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Craig White
Sent: Wednesday, April 08, 2015 4:53 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] granular sudo commands
rpm -q sssd
sssd-1.11.6-30.el6_6.4.x86_64
rpm -q ipa-client
Hi,
Sorry for the lack of details!
You are indeed correct about the version its 4.1
The command I am using is this:
ipa-replica-prepare ipa-r1.myobscureddomain.com --http-cert-file
/home/fedora/newcert.pk12 --dirsrv-cert-file /home/fedora/newcert.pk12
--ip-address 172.31.16.31 -v
Regards,
D
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Thursday, April 09, 2015 11:51 AM
To: Alexander Frolushkin (SIB); 'thierry bordaz'
Cc: 'Ludwig Krispenz'; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Accident upgrade 3.3 to 4.1
On 04/09/2015 05:59 AM,
On 04/09/2015 12:34 PM, Guertin, David S. wrote:
We have a trust relationship set up between our IPA domain and our AD domain. When ad AD user
logs in to an IPA client, they are given a home directory of
/home/ad-domain/username. I would like to change this to /home/username.
(I'm not
On Thu, Apr 09, 2015 at 07:39:14PM +0200, Chamambo Martin wrote:
I managed to follow this up and here is the error im getting
Here is the error:
sudo: ldap sudoHost '+mailservers' ... not
sudo: ldap sudoHost '+dev_server' ... not
sudo: ldap sudoHost '+dev_server' ... not
sudo: ldap sudoHost
I managed to follow this up and here is the error im getting
[admin@pinnochio ~]$ sudo -l
LDAP Config Summary
===
uri ldap://cyclops.ai.co.zw
ldap_version 3
sudoers_base ou=SUDOers,dc=ai,dc=co,dc=zw
binddn
Прохоров Сергей wrote:
Thank you, Rob for your response
On 08.04.2015 21:07, Rob Crittenden wrote:
I assume you can't do this because the original host is lost, right?
Year, you right.
Every IPA master is a equal, some are just more equal than others. The
key bit that distinguishes them
David Dejaeghere wrote:
Hi,
Sorry for the lack of details!
You are indeed correct about the version its 4.1
The command I am using is this:
ipa-replica-prepare ipa-r1.myobscureddomain.com
http://ipa-r1.myobscureddomain.com --http-cert-file
/home/fedora/newcert.pk12 --dirsrv-cert-file
On Thu, Apr 09, 2015 at 05:38:40PM +, Guertin, David S. wrote:
If your clients are RHEL 7.1, remove all of the hacks and use ID Views
instead.
https://access.redhat.com/documentation/en-
US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/id-
views.html
ID view 'Default Trust
22 matches
Mail list logo