and Jakub for your help. Have a
nice weekend.
Dan
> On Apr 28, 2017, at 10:34 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
>
> On Fri, Apr 28, 2017 at 03:28:31PM +0000, Sullivan, Daniel [CRI] wrote:
>> Hi, Sumit,
>>
>> Thank you for taking the time to res
t;
> On Fri, Apr 28, 2017 at 02:54:44PM +0000, Sullivan, Daniel [CRI] wrote:
>> HI,
>>
>> I haven’t posted in a while, I hope everybody is doing well. I have a
>> problem that I am having a difficult time diagnosing. To start, I want to
>> say that we have a pret
HI,
I haven’t posted in a while, I hope everybody is doing well. I have a problem
that I am having a difficult time diagnosing. To start, I want to say that we
have a pretty large IPA environment. It generally works good. Most of our
servers are of the same flavor RHEL6/7, and pull down
Is the chain in mydomain_com_bundle.crt? Have you tried it with the cert only
(disclaimer: I’ve never done this).
Dan
> On Feb 13, 2017, at 4:08 PM, Matt . wrote:
>
> Hi Guys,
>
> I'm trying to install a 3rd party certificate using:
>
>
;> the entire group info?
>>
>> I can see, that even though the cache is refreshed the attribute
>> initgrExpireTimestamp (in the ldb cache) isn't updated.
>> I have been unable to find out exactly what this controls?
>>
>> lastUpdate and dataExpireTimesta
find out exactly what this controls?
lastUpdate and dataExpireTimestamp is updated to the time stamp of when the
refresh ran.
- On Feb 1, 2017, at 2:27 PM, Sullivan, Daniel [CRI]
dsulliv...@bsd.uchicago.edu wrote:
Have you checked to see if the user is expired in the cache, or i
Also, check your ssshd configuration, there might be some restriction in there.
Dan
> On Feb 5, 2017, at 8:21 AM, Sullivan, Daniel [CRI]
> <dsulliv...@bsd.uchicago.edu> wrote:
>
> Did you check /var/log/messages and /var/log/secure? I think I’ve seen
> problems with h
Did you check /var/log/messages and /var/log/secure? I think I’ve seen
problems with hosts.allow/hosts.deny dump output in there.
Dan
On Feb 5, 2017, at 8:17 AM, Rakesh Rajasekharan
> wrote:
Hi,
I am running a freeipa
, at 4:11 PM, pgb205 <pgb...@yahoo.com<mailto:pgb...@yahoo.com>>
wrote:
there are reports from multiple clients being unable to authenticate.
ipactl status shows all services as running.
The problem is fixed when I 'ipactl restart'.
From: "Sull
iding services even
though it claims to do so. would be curious to know what to look at on freeipa
server or how to inrease logging
____________
From: "Sullivan, Daniel [CRI]"
<dsulliv...@bsd.uchicago.edu<mailto:dsulliv...@bsd.uchicago.edu>>
To: pgb205 &l
Alright cool, thank you for getting back to me. I appreciate your input and
expertise.
Dan
> On Feb 1, 2017, at 9:08 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
>
> On Wed, Feb 01, 2017 at 02:35:00PM +0000, Sullivan, Daniel [CRI] wrote:
>> Jakub,
>>
>>
)? Based on my knowledge a user’s groups are evaluated at login so
this should be a non-issue from a security standpoint.
Dan
> On Feb 1, 2017, at 1:55 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
>
> On Tue, Jan 31, 2017 at 08:05:18PM +0000, Sullivan, Daniel [CRI] wrote:
>>
60
>> (Wed Feb 1 09:40:56 2017) [sssd[be[lx.dr.dk]]] [dp_copy_options_ex]
>> (0x0400):
>> Option ldap_enumeration_search_timeout has value 60
>>
>> LDAP seems speedy enough, not timeouts while querying it manually while a
>> client
>> is doing
g it manually while a
> client is doing a user lookup.
>
> - On Jan 30, 2017, at 6:06 PM, Sullivan, Daniel [CRI]
> dsulliv...@bsd.uchicago.edu wrote:
>
>>
>> If the timeout is occurring on the server, I would start by increasing one or
>> both of these
and allowing entry_cache_nowait_percentage to
fill this function, although that seems hacky to me.
Any advisement that could be provided would be greatly appreciated.
Best,
Dan Sullivan
> On Jan 30, 2017, at 10:52 AM, Sullivan, Daniel [CRI]
> <dsulliv...@bsd.uchicago.edu> wrote:
>
I have had to deal with the symptoms you describe, never with 730 groups
though. Based on my experience doing a lookup for a user in an AD trusted
domain is a resource intensive process on the server. I’d first start by
taking a look at your logs to see if the lookup is failing on the server
Hi,
I have another question about sssd performance. I’m having a difficult time
doing a regularly performant ‘ls -l’ operation against /home, a mounted NFS
share of all of our users home directories. There are 667 entries in this
folder, and all of them have IDs that are resolvable via
t Bose <sb...@redhat.com> wrote:
>
> On Wed, Jan 25, 2017 at 10:58:34PM +, Sullivan, Daniel [CRI] wrote:
>> Hi,
>>
>> My apologizes for resurrecting this thread. This issue is still ongoing, at
>> this point we’ve been looking at it for over a week a
reasonable and sane…
And, no, winbind is not configured in nsswitch.
Dan
> On Jan 20, 2017, at 4:48 PM, Lukas Slebodnik <lsleb...@redhat.com> wrote:
>
> On (20/01/17 20:18), Sullivan, Daniel [CRI] wrote:
>> Sorry to clutter people's inboxes. I found another pi
Sorry I didn’t realize you might want all sssd logs… Working on it.
Dan
> On Jan 20, 2017, at 10:27 AM, Sumit Bose <sb...@redhat.com> wrote:
>
> On Fri, Jan 20, 2017 at 03:41:46PM +0000, Sullivan, Daniel [CRI] wrote:
>> Hi,
>>
>> I have some more information on
.com> wrote:
>
> On Fri, Jan 20, 2017 at 03:41:46PM +, Sullivan, Daniel [CRI] wrote:
>> Hi,
>>
>> I have some more information on this issue. I’m tracing it down through the
>> slapd logs and I am continuing to struggle; I was hoping that s
he information
above; I can definitely lookup the user on both domain controllers & both IPA
servers only use themselves for IPA servers. Thank you so much for reading and
for your help.
Dan
> On Jan 19, 2017, at 4:15 PM, Sullivan, Daniel [CRI]
> <dsulliv...@bsd.uchicag
Hi,
I’ve received incredibly good support from this mailing list previously; I am
hoping that somebody can help me succeed in my ongoing efforts. I have spent a
few days on this at this point and I can’t seem to figure it out how to address
this issue. On my DCs I am seeing excessive
23 matches
Mail list logo