On 02/17/2015 05:21 PM, Steven Jones wrote:
***maybe***
c) You might be able to do both winsync and trusts at the same time
then that is simpler provisioning. ie a user gets created in AD and
automatically gets created in IPA ready for you to put in the user
group you want.
I am not
Hi Sumit FreeIPA Users-
Your suggestion on updating the version of sssd worked like a charm.
Consider this issue solved.
Thanks Everyone,
-Andrew
On Mon, Feb 16, 2015 at 12:32 PM, Andrew Egelhofer
aegelho...@rubiconproject.com wrote:
Thank you for the reply Sumit - I will look into
Ok,
So with winsync I will have the 2000+ users in IPA.
Within IPA I have several high risk/impact groups of servers and many low.
For the low risk/impact servers and most desktops they can trust what AD tells
them. For the high risk/impact servers/applications we do not want to reply on
On Wed, 18 Feb 2015, Thomas Raehalme wrote:
Hi!
On Mon, Feb 16, 2015 at 8:44 AM, Alexander Bokovoy aboko...@redhat.com
wrote:
I suspect you've triggered https://fedorahosted.org/freeipa/ticket/4586
and https://fedorahosted.org/freeipa/ticket/4635 -- slapi-nis plugin
configuration does not
sure.
Let me come back on that matter a bit later on next week.
- Mail original -
De: Dmitri Pal d...@redhat.com
À: freeipa-users@redhat.com
Envoyé: Mardi 17 Février 2015 19:39:40
Objet: Re: [Freeipa-users] issues with sudo on RHEL5.8
On 02/17/2015 05:18 AM, Nicolas Zin wrote:
Thanks,
Hi!
On Mon, Feb 16, 2015 at 8:44 AM, Alexander Bokovoy aboko...@redhat.com
wrote:
I suspect you've triggered https://fedorahosted.org/freeipa/ticket/4586
and https://fedorahosted.org/freeipa/ticket/4635 -- slapi-nis plugin
configuration does not limit itself to $SUFFIX and listens to changes
On Tue, 17 Feb 2015, Thomas Raehalme wrote:
Hi!
On Tue, Feb 17, 2015 at 8:43 PM, Thomas Raehalme
thomas.raeha...@codecenter.fi wrote:
Hi!
On Tue, Feb 17, 2015 at 7:38 PM, Rob Crittenden rcrit...@redhat.com
wrote:
Now I only wish we could resolve what's causing the dirsrv process to
hang
Has anyone got any ideas on the below errors I am now receiving?
Thanks in advance,
Les
I will test this out (update to 3.7.19-260) next week as I've got a
few more CA replicas to setup.
I'm still having issues. Different one this time.
As I have previously worked around the
Hi Chris!
On Tue, Feb 17, 2015 at 6:35 PM, Chris Mohler cmoh...@oberlin.edu wrote:
As I wrote earlier we are having some serious problems with IPA right now.
dirsrv seems to hang every 15 minutes or so, but that's another post.
Are you running in a VM? If so check your entropy.
cat
On 02/17/2015 11:26 AM, Thomas Raehalme wrote:
Hi!
As I wrote earlier we are having some serious problems with IPA right
now. dirsrv seems to hang every 15 minutes or so, but that's another post.
It seems that slapd/dirsrv is now only listening on port 389 for LDAP
and socket for LDAPI
Thomas Raehalme wrote:
Hi!
As I wrote earlier we are having some serious problems with IPA right
now. dirsrv seems to hang every 15 minutes or so, but that's another post.
It seems that slapd/dirsrv is now only listening on port 389 for LDAP
and socket for LDAPI requests. Any idea what
Hi!
As I wrote earlier we are having some serious problems with IPA right now.
dirsrv seems to hang every 15 minutes or so, but that's another post.
It seems that slapd/dirsrv is now only listening on port 389 for LDAP and
socket for LDAPI requests. Any idea what could have caused previously
Hi!
On Tue, Feb 17, 2015 at 6:34 PM, Rob Crittenden rcrit...@redhat.com wrote:
If after an upgrade you had no listeners that means that the upgrade
failed and wasn't able to restore the previous state. Look in
/etc/dirsrv/slapd-YOURREALM for dse.ldif.ipa.###. This is the copy
saved
On 02/17/2015 05:18 AM, Nicolas Zin wrote:
Thanks,
that helps!
I mistyped binddn and bindpw
- Mail original -
De: Lukasz Jaworski lukasz.jawor...@allegrogroup.com
À: Nicolas Zin nicolas@savoirfairelinux.com
Cc: freeipa-users@redhat.com
Envoyé: Mardi 17 Février 2015 13:31:20
Objet:
All,
After my education on what IPA/AD trusts can and can't do, I decided to
give the IPA-AD sync option a try. After finally finding what I think is
the proper software to install on the AD DC (389-PassSync-1.1.6-x86_64.exe
from the Fedora site), I believe I have the settings correct, but the
What version of 389-ds-base are you using?
# rpm -q 389-ds-base
Sorry for not specifying. I'm running FreeIPA on CentOS 6.5. Installed via
yum - ipa-server-3.0.0-42.el6.centos.x86_64
--
Manage your subscription for the Freeipa-users mailing list:
Thomas Raehalme wrote:
Hi Chris!
On Tue, Feb 17, 2015 at 6:35 PM, Chris Mohler cmoh...@oberlin.edu
mailto:cmoh...@oberlin.edu wrote:
As I wrote earlier we are having some serious problems with IPA
right now. dirsrv seems to hang every 15 minutes or so, but that's
another
Hi!
On Tue, Feb 17, 2015 at 7:38 PM, Rob Crittenden rcrit...@redhat.com wrote:
Now I only wish we could resolve what's causing the dirsrv process to
hang (wrote about that in another message last Sunday) about 10 minutes
after IPA services were started.
Evidence suggests that the last
I would agree with Rob, entropy is likely not one of your root issues.
It may still do you good to have a bit more as it can cause system
slowdown during SSL generation loads.
It's really up to you how you go about generating entropy.
Here is a link with some suggestions
Hi!
On Tue, Feb 17, 2015 at 8:43 PM, Thomas Raehalme
thomas.raeha...@codecenter.fi wrote:
Hi!
On Tue, Feb 17, 2015 at 7:38 PM, Rob Crittenden rcrit...@redhat.com
wrote:
Now I only wish we could resolve what's causing the dirsrv process to
hang (wrote about that in another message last
On 02/17/2015 12:08 AM, Rob Crittenden wrote:
Steven Jones wrote:
?
[root@xx ipa]# ldapsearch -Y GSSAPI -b cn=CAcert,cn=ipa,cn=etc,$SUFFIX
SASL/GSSAPI authentication started
SASL username:
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base
On Tue, Feb 17, 2015 at 03:52:31AM -0500, Nicolas Zin wrote:
Hi,
With a RHEL7 IDM installation, I try to make sudo working.
On RHEL6 no problem (via sssd)
On RHEL5.8 I don't manage to make it working (credential are good, I manage
to request the schema, see below)
Where can I found more
On 02/17/2015 12:55 PM, Hugh wrote:
All,
After my education on what IPA/AD trusts can and can't do, I decided
to give the IPA-AD sync option a try. After finally finding what I
think is the proper software to install on the AD DC
(389-PassSync-1.1.6-x86_64.exe from the Fedora site), I believe
Hello,
I am currently running an IPA 3.3 server on Centos 7. I have 70 IPA client
machines running Scientific Linux 6.6 and 150 users. User directories are
auto-mounted from a Centos 7 file server.
I have been informed that all computer users on our campus must now
authenticate off of the
On 02/17/2015 01:33 PM, Hugh wrote:
What version of 389-ds-base are you using?
# rpm -q 389-ds-base
Sorry for not specifying. I'm running FreeIPA on CentOS 6.5.
Installed via yum - ipa-server-3.0.0-42.el6.centos.x86_64
Ok, so I'm assuming 389-ds-base is 1.2.11.15-48 or later? I
On Tue, Feb 17, 2015 at 2:46 PM, Rich Megginson rmegg...@redhat.com wrote:
Ok, so I'm assuming 389-ds-base is 1.2.11.15-48 or later? I think we may
need a new version of passsync.
I didn't even know those were installed, but you're spot on. Here are the
versions of *389*:
On 02/17/2015 04:05 PM, David Fitzgerald wrote:
Hello,
I am currently running an IPA 3.3 server on Centos 7. I have 70 IPA
client machines running Scientific Linux 6.6 and 150 users. User
directories are auto-mounted from a Centos 7 file server.
I have been informed that all computer
I have been informed that all computer users on our campus must now
authenticate off of the University's Active Directory server, including all
Linux machines.
dictated by a clueless Windows * no doubt, ***sigh*** Here we are keeping
both separate as AD is so bad security wise, but want
On 02/17/2015 02:03 PM, Hugh wrote:
On Tue, Feb 17, 2015 at 2:46 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
Ok, so I'm assuming 389-ds-base is 1.2.11.15-48 or later? I think
we may need a new version of passsync.
I didn't even know those were
On 02/17/2015 04:34 PM, Steven Jones wrote:
I have been informed that all computer users on our campus must now
authenticate off of the University's Active Directory server,
including all Linux machines.
dictated by a clueless Windows * no doubt, ***sigh*** Here we are
keeping both
Hi,
With a RHEL7 IDM installation, I try to make sudo working.
On RHEL6 no problem (via sssd)
On RHEL5.8 I don't manage to make it working (credential are good, I manage to
request the schema, see below)
Where can I found more logs?
What did I forget?
[root@srv-rhel58-01 ~]# cat
***maybe***
c) You might be able to do both winsync and trusts at the same time then that
is simpler provisioning. ie a user gets created in AD and automatically gets
created in IPA ready for you to put in the user group you want.
I am not sure this is the best solution really.
Trust and
On Mon, Feb 16, 2015 at 8:44 AM, Alexander Bokovoy aboko...@redhat.com
wrote:
I suspect you've triggered https://fedorahosted.org/freeipa/ticket/4586
and https://fedorahosted.org/freeipa/ticket/4635 -- slapi-nis plugin
configuration does not limit itself to $SUFFIX and listens to changes in
Thanks,
that helps!
I mistyped binddn and bindpw
- Mail original -
De: Lukasz Jaworski lukasz.jawor...@allegrogroup.com
À: Nicolas Zin nicolas@savoirfairelinux.com
Cc: freeipa-users@redhat.com
Envoyé: Mardi 17 Février 2015 13:31:20
Objet: Re: [Freeipa-users] issues with sudo on
34 matches
Mail list logo