On Wed, Sep 16, 2015 at 11:28:49AM -0700, Gustavo Mateus wrote:
> Hi,
>
> I have an IPA server running on redhat and I'm trying find the best way to
> get my amazon linux instances to use it for authentication, ssh key
> management and sudo rules.
>
> I'm now trying to use SSSD to achieve those
I've narrowed it down a bit doing some testing. The sudo rules work when I
remove the user group restriction from them. My sudo rules all have my ad
groups in the rule
Rule name: ad_linux_admins
Enabled: TRUE
Host category: all
Command category: all
RunAs User category: all
RunAs
My FreeIPA PKI is totally broken since upgrade from 3.0 (RHEL 6.6) to 4.1
(RHEL 7.1)
This thread started on July and still no resolution... Can someone please
advice ?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to
On 09/17/2015 01:15 PM, Martin Kosek wrote:
On 09/16/2015 06:54 PM, Craig White wrote:
Virtually completed the steps listed here...
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html
On 09/16/2015 06:54 PM, Craig White wrote:
> Virtually completed the steps listed here...
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html
>
> Managed to get IPA2 deleted and removed from
Hi All
I'm trying to delete replication agreements between a 'master' ipa server and
a replica, but it seems the directory server has gotten into a state where the
replication agreements can't be removed (or some other stale meta-data is
still hanging around).
(CentOS Linux release 7.1.1503,
Any ideas on that?
Regards,
Andrey Ptashnik | Network Architect
CCC Information Services Inc.
222 Merchandise Mart Plaza, Suite 900 Chicago, IL 60654
Office: +1-312-229-2533 | Cell : +1-773-315-0200 | aptash...@cccis.com
On 9/16/15, 11:30 AM, "freeipa-users-boun...@redhat.com on behalf of
Andrey Ptashnik wrote:
> Any ideas on that?
/var/log/ipaclient-install.log probably has more details on the DNS
update failure.
rob
>
> Regards,
>
> Andrey Ptashnik | Network Architect
> CCC Information Services Inc.
> 222 Merchandise Mart Plaza, Suite 900 Chicago, IL 60654
> Office:
-Original Message-
From: Petr Vobornik [mailto:pvobo...@redhat.com]
Sent: Thursday, September 17, 2015 4:59 AM
To: Martin Kosek; Craig White; freeipa-users@redhat.com; Jan Cholasta
Subject: Re: [Freeipa-users] last step in retiring old RHEL 6 (IPA 3.0.0)
servers
On 09/17/2015 01:15 PM,
Sorry it's taken a while to get back to you, I was gone for a few
weeks. This seemed to get us back up and running and things looked like
they were working, but looking at the logs, it appears we're hitting the
next issue that is going to eventually bite us. :)
Here's what I'm seeing in the
The FreeIPA team would like to announce FreeIPA v4.2.1 bug fixing release!
It can be downloaded from http://www.freeipa.org/page/Downloads. The
builds are available for Fedora 23 and rawhide. Builds for Fedora 22 are
available in the official COPR repository
On 09/16/2015 06:30 PM, Andrey Ptashnik wrote:
Alexander,
Thank you for your feedback!
In my environment I noticed that client machines that are on Red Hat 6 have
version 3.0.0 of IPA client installed.
[root@ptr-test-6 ~]# yum list installed | grep ipa
ipa-client.x86_64
When I use id_provider=ipa I get:
[sssd[be[default]]] [main] (0x0010): Could not initialize backend [2]
Adding a [ssh] section with just "debug_level = 10"on it, I get:
(Thu Sep 17 17:27:12 2015) [sssd[ssh]] [get_client_cred] (0x4000): Client
creds: euid[174221] egid[174221] pid[6295].
Here is an interesting problem. Currently running 4.1 on RHEL 7.1 -- I
would like to migrate to 4.2, but that seems to only be running on
Fedora these days. Is there a way to bring up a 4.2.1c and migrate to
it from 4.1c using the ipa migrate tool? Or is theree another way possible??
thank
On Thu, 17 Sep 2015, Janelle wrote:
Here is an interesting problem. Currently running 4.1 on RHEL 7.1 -- I
would like to migrate to 4.2, but that seems to only be running on
Fedora these days. Is there a way to bring up a 4.2.1c and migrate to
it from 4.1c using the ipa migrate tool? Or is
On 09/17/2015 04:48 PM, Benjamin Reed wrote:
Sorry it's taken a while to get back to you, I was gone for a few
weeks. This seemed to get us back up and running and things looked like
they were working, but looking at the logs, it appears we're hitting the
next issue that is going to eventually
thank you - just downloaded the beta to check it out.
~J
On 9/17/15 10:20 AM, Alexander Bokovoy wrote:
On Thu, 17 Sep 2015, Janelle wrote:
Here is an interesting problem. Currently running 4.1 on RHEL 7.1 --
I would like to migrate to 4.2, but that seems to only be running on
Fedora these
This is rhel 7.1 with ipa version 4.1.0
user-show shows the user. However, if the user contains
ipaNTSecurityIdentifier: attribute, user-del hangs with no response.
Meanwhile, the KDC and 389ds stop working. The only way to recover
functionality is to reboot the machine. ipactl restart does
18 matches
Mail list logo