Re: [Freeipa-users] SSSD Child not responding

On Tue, Jan 12, 2016 at 10:59:28AM -0700, Sean Hogan wrote: > > Hi Jakub, > > I changed the DNS server in resolv.conf to a closer IPA server and it > seems to be stable now. If it bombs out again I will get more info but > right now I don't think we will see anything. Hmm, maybe some of the

Re: [Freeipa-users] Cross Domain Trust

We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far no differences. Best regards, Fabian > On 11 Jan 2016, at 19:37, Lukas Slebodnik wrote: > > On (11/01/16 14:56), Zoske, Fabian wrote: >> I looked deeper into the problem and tested it with ubuntu

Re: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN)

On Tue, 12 Jan 2016, CFMS Support wrote: Hi All, New to the mailing list, fairly new to IPA. We have three IPA servers in a cluster in a staging environment. We're looking to replace AD with IPA as we are mostly Linux based and we have just bought some new Pulse Secure Appliances to replace

Re: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN)

On Tue, 12 Jan 2016, CFMS Support wrote: Hi Alexander, Yes I see that as well actually, and when looking for a specific group I get: [12/Jan/2016:10:30:50 +] conn=30648 fd=114 slot=114 connection from 172.19.6.16 to 172.20.3.6 [12/Jan/2016:10:30:50 +] conn=30648 op=0 EXT

Re: [Freeipa-users] 4.2 (or 4.3) clients on 4.1.4 server?

On 01/11/2016 10:21 PM, Janelle wrote: > Good day, > > Just wondering if anyone knows of any reason a 4.2 client running on RHEL 7.2 > would have any issues talking to 4.1.4 server on RHEL 7.1? The reason I ask is > the process of upgrading. In this case we have to do clients first. If by

Re: [Freeipa-users] Documentation on Testing page

On 01/12/2016 03:54 AM, Rob Crittenden wrote: > Anthony Cheng wrote: >> Hi all, >> >> I have been looking at the documentation, specifically the test page: >> http://www.freeipa.org/page/Testing >> >> It looks like it has missing info on the Build section, specifically I >> don't see reference to

Re: [Freeipa-users] Cross Domain Trust

On (12/01/16 08:25), Zoske, Fabian wrote: >We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far no >differences. > Then please provide sssd logfiles (1.13.3) from client and also log files from sssd on freeipa server (sssd on freeipa server is used indirectly by extop plugin

Re: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN)

Hi Alexander, These are the entries from /var/log/dirsrv/slapd-/access [12/Jan/2016:10:22:13 +] conn=30642 fd=128 slot=128 connection from 172.19.6.16 to 172.20.3.6 [12/Jan/2016:10:22:13 +] conn=30642 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [12/Jan/2016:10:22:13 +]

Re: [Freeipa-users] SSSD Child not responding

Hi Jakub, I changed the DNS server in resolv.conf to a closer IPA server and it seems to be stable now. If it bombs out again I will get more info but right now I don't think we will see anything. I also found this though from yesterday /var/log/sssd/check# cat sssd_watson.local.log.1 (Mon

Re: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN)

Hi Alexander, In fact, I have specified one of the rules as a direct username and can log in to it using that username and password. However, it's just the group membership that isn't working. Kind Regards, Josh Cullum On Tue, Jan 12, 2016 at 10:09 AM CFMS Support wrote:

Re: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN)

Hi Josh, On Tue, 12 Jan 2016, CFMS Support wrote: Brilliant thanks. I still don't seem to be able to see any users, and cannot sign in as a user from one of the groups that I can see. Do you have any ideas about groups, I'm only picking up 8 static groups when Member Attribute is set to

Re: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN)

Hi Alexander, Brilliant thanks. I still don't seem to be able to see any users, and cannot sign in as a user from one of the groups that I can see. Do you have any ideas about groups, I'm only picking up 8 static groups when Member Attribute is set to memberof (Filter is cn= and DN is

Re: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN)

Hi Alexander, I've just had a call with Pulse Secure, and we've worked out the various problems, thanks for your help as that really helped with Pulse Secure. FYI, and for anyone in the future; The User filter should be uid=, The Group filter should be cn= and both member attribute and query

Re: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN)

On Tue, 12 Jan 2016, CFMS Support wrote: Hi Alexander, These are the entries from /var/log/dirsrv/slapd-/access [12/Jan/2016:10:22:13 +] conn=30642 fd=128 slot=128 connection from 172.19.6.16 to 172.20.3.6 [12/Jan/2016:10:22:13 +] conn=30642 op=0 EXT oid="1.3.6.1.4.1.1466.20037"

Re: [Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN)

Hi Alexander, Yes I see that as well actually, and when looking for a specific group I get: [12/Jan/2016:10:30:50 +] conn=30648 fd=114 slot=114 connection from 172.19.6.16 to 172.20.3.6 [12/Jan/2016:10:30:50 +] conn=30648 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"

Re: [Freeipa-users] 4.2 (or 4.3) clients on 4.1.4 server?

Perfect! Thank you! ~J On 1/12/16 4:24 AM, Martin Kosek wrote: On 01/11/2016 10:21 PM, Janelle wrote: Good day, Just wondering if anyone knows of any reason a 4.2 client running on RHEL 7.2 would have any issues talking to 4.1.4 server on RHEL 7.1? The reason I ask is the process of

[Freeipa-users] SSSD Child not responding

Hi all, Over the past couple of months we have been seeing the sssd process eat up 100% cpu and not allowing anyone to log on. Krb5.conf is set for DNS discovery, RHEL 6.6. If we kill the java process it clears up the box and able to log back into it. This is due to IBM java

Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up

Ok. I did that and it ended properly. Debugging was enabled properly. Here are the logs from dc1 where it is refusing the update ? Not sure how to parse these... [12/Jan/2016:23:11:15 +] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 569560240005 into

Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up

Nathan Peters wrote: > (I apologize if this isn’t threading properly, I signed up with another > email address since my primary ISP is having issues right now) > > > > So to recap about the issues in this thread : > https://www.redhat.com/archives/freeipa-users/2016-January/msg00139.html > >

Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up

On 01/12/2016 06:16 PM, Nathan Peters wrote: [12/Jan/2016:23:11:23 +] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation

Re: [Freeipa-users] SSSD Child not responding

On Tue, Jan 12, 2016 at 09:06:36AM -0700, Sean Hogan wrote: > > > Hi all, > >Over the past couple of months we have been seeing the sssd process eat > up 100% cpu and not allowing anyone to log on. Krb5.conf is set for DNS > discovery, RHEL 6.6. If we kill the java process it clears up

Re: [Freeipa-users] Upgrade to FreeIPA 4.2.0 broke Katello/Foreman realm proxy

No, the replication logs are still giving strange output and errors. I started a new thread here with a better title to indicate that this is strictly an IPA replication issue : https://www.redhat.com/archives/freeipa-users/2016-January/msg00139.html > On Mon, Jan 11, 2016 at 03:01:40PM -0800,