[Freeipa-users] Adjusting nsslapd-cachememsize

2017-03-16 Thread Lachlan Musicman
While going through the logs on the FreeIPA server, I noticed this: WARNING: changelog: entry cache size 2097152 B is less than db size 12804096 B; We recommend to increase the entry cache size nsslapd-cachememsize. I have found a number of documents: What it is:

Re: [Freeipa-users] HBAC not working, freeipa 4.4, sssd 1.15.1

2017-03-16 Thread Lachlan Musicman
Which logs do you want from the server? -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 16 March 2017 at 20:09, Jakub Hrozek wrote: > On Thu, Mar 16, 2017 at 07:56:58PM +1100, Lachlan Musicman wrote: > > Yes. What I

[Freeipa-users] Slow logins on one ipa client- due to SSS_PAM_ACCT_MGMT

2017-03-16 Thread Kilborn, Jim
Greetings, My first post to the forum. We are running centos7 with freeipa. Syncing from AD, with one linux replica. The ipa clients are getting installed by puppet. All the clients are performing fine, except one. I am getting slow ssh logins to one host, as well as slow 'id' and 'who', etc.

[Freeipa-users] Manual Cleanup

2017-03-16 Thread Ian Harding
I've made some progress. But I have one zombie replication agreement to kill, I just don't know the syntax. freeipa-dal.bpt.rocks does not exist. I want all references to it to go away. How would I do that with ldapmodify? Thanks! [root@freeipa-sea slapd-BPT-ROCKS]# ldapsearch -D

Re: [Freeipa-users] replica install seems to hang forever when "--setup-ca" is enabled - any advice?

2017-03-16 Thread Chris Dagdigian
That looks exactly like my issue, thanks! Will monitor that ticket. Much appreciated. Martin Basti wrote: Could it be this? https://pagure.io/freeipa/issue/6766 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to

Re: [Freeipa-users] HBAC not working, freeipa 4.4, sssd 1.15.1

2017-03-16 Thread Jakub Hrozek
On Thu, Mar 16, 2017 at 07:56:58PM +1100, Lachlan Musicman wrote: > Yes. What I do would you like? Current debug levels are at 8 Logs and id output from the server and the client at the same time.. -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] HBAC not working, freeipa 4.4, sssd 1.15.1

2017-03-16 Thread Lachlan Musicman
Yes. What I do would you like? Current debug levels are at 8 L. On 16 Mar. 2017 7:06 pm, "Jakub Hrozek" wrote: > On Thu, Mar 16, 2017 at 11:36:57AM +1100, Lachlan Musicman wrote: > > I'm experiencing issues with HBAC and I think it's a bug in sssd. Not > sure > > if better

Re: [Freeipa-users] replica install seems to hang forever when "--setup-ca" is enabled - any advice?

2017-03-16 Thread Martin Basti
On 16.03.2017 01:34, Fraser Tweedale wrote: > On Wed, Mar 15, 2017 at 06:32:42PM -0400, Chris Dagdigian wrote: >> Any tips for diving into this a bit more to troubleshoot? >> >> For the 1st time I'm setting up an ipa-server 4.4 replica with CA features >> enabled but the replica install seems to

Re: [Freeipa-users] HBAC not working, freeipa 4.4, sssd 1.15.1

2017-03-16 Thread Jakub Hrozek
On Thu, Mar 16, 2017 at 11:36:57AM +1100, Lachlan Musicman wrote: > I'm experiencing issues with HBAC and I think it's a bug in sssd. Not sure > if better to report to here or sssd mailing list. Also sssd in pagure is > bare and I didn't want to sully the blank slate. ( >