The /etc/nsswitch.conf was the culprit. Fortunately there is a
/etc/nsswitch.cof.bak and that did the trick.
Rob, your suspicion was correct the sudoers line was missing.
It actually looks like the ipa-client-automount --uninstall reverts the
nsswitch.conf file to default pre-ipa values.
St
ipa-client-automount --uninstall was(is?) a bit broken in that it tries to
revert back to an older configuration, but it can accidentally revert it to
a state before the ipa-client was installed (as opposed to the state where
automount was installed). Check your nssswitch.conf file and compare it t
Mariusz Stolarczyk wrote:
Need help restoring central sudo rights on ipa server.
How I broke it!!!: I decided to take advantage of the centralized
automount feature with a custom location for a couple mounts. When I ran
the ipa-client-automount --location=server_mounts it appeared to install
co
> >> I have seen https://www.freeipa.org/page/V4/DNS_Location_Mechanism which
> >> looks good but is a proposal from 2013 with no indications that it has
> >> actually been developed. I was also very interested by
> >> https://www.freeipa.org/page/Howto/IPA_locations which would be perfect -
On Fri, Aug 26, 2016 at 08:39:05AM -0400, William Muriithi wrote:
> Morning
>
> I have been struggling with nfsidmap issue for a couple of days and
> wouldn't mind a fresh eyes.
>
> Essentially, I have a FreeIPA that has a trust relationship with AD.
> The AD is on domain example-corp.example.com
Morning
I have been struggling with nfsidmap issue for a couple of days and
wouldn't mind a fresh eyes.
Essentially, I have a FreeIPA that has a trust relationship with AD.
The AD is on domain example-corp.example.com while FreeIPA manages
eng.example.com. The problem is, when I login using AD a
Pavel,
I appreciate that you're busy and thank you for taking time to look at
this. Here is the output:
[root@id-management-1 ~]# ipa sudorule-show
Rule name: all
Rule name: All
Description: Full sudo access for Developer group in office environment
Enabled: TRUE
Command category: all
R
On 08/23/2016 10:25 PM, Z D wrote:
> Hi there, is it possible to have a cert (say from VeriSign) for a IPA host
> and
> use it for httpd (Web GUI), without breaking anything else? I've acquired one
> and added it to nssdb (/etc/httpd/alias).
>
>
> # certutil -L -d /etc/httpd/alias
> Certificat
On 08/25/2016 08:01 PM, Jeff Goddard wrote:
I'm still hoping someone can offer additional help. I see in the apt
term.log these errors when downloading the freeipa-client package. Could
this be the problem?
Hi,
I'm sorry, I somehow overlooked this thread. Can you provide output of
ipa sudorule
Need help restoring central sudo rights on ipa server.
How I broke it!!!: I decided to take advantage of the centralized automount
feature with a custom location for a couple mounts. When I ran the
ipa-client-automount --location=server_mounts it appeared to install correctly
but that didn't a
We are seeing the same problem (correct group membership; matching HBAC
rules retrieved by sssd and rejected by sudo) on a new Ubuntu 16.04
client joining a realm of existing (and working) Ubuntu 15.10 hosts,
despite identical "/etc/sssd/sssd.conf" files.
Master:
root@hades:~# cat /etc/lsb-re
11 matches
Mail list logo