Re: [Freeipa-users] Wildcards in sudo external hostnames

On Mon, 22 Feb 2016, Prashant Bapat wrote: Sorry not an option. I have couple of 1000s of instances. Aside from switching OS is there any other option? I mean "*" char is allowed in standard sudo implementation. To me it seems like there should not be a host name check on sudo hosts.

Re: [Freeipa-users] sssd went away, failed to restart

On Mon, Feb 22, 2016 at 03:09:51PM +0100, Harald Dunkel wrote: > Hi folks, > > this morning I recognized that the sssd on our mail server > went away (which is fatal). journalctl -u sssd sssd says > > : > Feb 21 18:01:55 srvvm01.example.com sssd[199]: Killing service [example.com], > not

Re: [Freeipa-users] Duplicate sudo rule

I create another rule via web UI and it's fine now...don't remember why the first one was duplicated. Is it safe to delete these entries directly from LDAP ? : ipaUniqueID=faac52c8-d96d-11e5-b61d-00505693334c,cn=sudorules,cn=sudo,dc=xxx,dc=xxx and

[Freeipa-users] sssd went away, failed to restart

Hi folks, this morning I recognized that the sssd on our mail server went away (which is fatal). journalctl -u sssd sssd says : Feb 21 18:01:55 srvvm01.example.com sssd[199]: Killing service [example.com], not responding to pings! Feb 21 18:01:55 srvvm01.example.com sssd[199]: Killing service

Re: [Freeipa-users] IPA 4.2.0 httpd errors

On 02/22/16 01:16, Martin Babinsky wrote: On 02/19/2016 03:12 PM, Daryl Fonseca-Holt wrote: Hello, Doing a bulk load of 150,000+ users to an IPA 4.2.0 server running RedHat Enterprise Linux 7. Running 25 parallel ipa user-add at once, waiting for completion, then starting another 25, and so

Re: [Freeipa-users] Traceback starting pki-cad - ca.subsystem.certreq missing?

On 02/20/2016 05:58 PM, Ian Pilcher wrote: > I am running IPA 3.0.0 on CentOS 6 (32-bit x86), and I am getting a > traceback every time pki-cad starts: > > Traceback (most recent call last): > File "/usr/sbin/pki-server", line 89, in > cli.execute(sys.argv) > File "/usr/sbin/pki-server",

Re: [Freeipa-users] could not get zone keys for secure dynamic update

Hi all, Following http://www.freeipa.org/page/Troubleshooting#DNSSEC_signing_does_not_work  was most usefull, It turned out the package "freeipa-server-dns"was missing. Strange, I am running DNS, but...: I upgraded form Fedora

[Freeipa-users] Duplicate sudo rule

Hello, I've just deployed a new IPA server 4.2 / Centos 7.2 and I create my first sudo rule via web UI but it was duplicate (I don't know why...) Now I have two rules with the same name and I can't delete them : # ipa sudorule-find --all 2 Sudo Rules matched

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

On Feb 22, 2016, at 9:21 AM, Ludwig Krispenz > wrote: The crash is an abort because of a failed assertion in the kerberos code Thread 1 (Thread 0x7fa7d4c88700 (LWP 3125)): #0 0x7fa7e6ace5f7 in raise () from /lib64/libc.so.6 No symbol table

Re: [Freeipa-users] Duplicate sudo rule

On 22.02.2016 15:55, Alexandre Ellert wrote: I create another rule via web UI and it's fine now...don't remember why the first one was duplicated. Is it safe to delete these entries directly from LDAP ? : ipaUniqueID=faac52c8-d96d-11e5-b61d-00505693334c,cn=sudorules,cn=sudo,dc=xxx,dc=xxx and

[Freeipa-users] Smart Card Login on Fedora 23.

Greetings, I have a question about using smart card authentication on Fedora 23. We have worked out a procedure for setting up smart card login on our SL7.2 systems and it seems to be working very well. However, when trying to use the same process on a Fedora 23 system the process starts

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

The crash is an abort because of a failed assertion in the kerberos code Thread 1 (Thread 0x7fa7d4c88700 (LWP 3125)): #0 0x7fa7e6ace5f7 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x7fa7e6acfce8 in abort () from /lib64/libc.so.6 No symbol table info available.

Re: [Freeipa-users] Traceback starting pki-cad - ca.subsystem.certreq missing?

On Sat, Feb 20, 2016 at 5:58 PM, Ian Pilcher wrote: > I am running IPA 3.0.0 on CentOS 6 (32-bit x86), and I am getting a > traceback every time pki-cad starts: > > Traceback (most recent call last): > File "/usr/sbin/pki-server", line 89, in > cli.execute(sys.argv)

Re: [Freeipa-users] could not get zone keys for secure dynamic update

On 22.2.2016 14:02, Winfried de Heiden wrote: > Hi all, > > Following > http://www.freeipa.org/page/Troubleshooting#DNSSEC_signing_does_not_work was > most usefull, It turned out the package "freeipa-server-dns"was missing. > Strange, I am running DNS, but...: > > * I upgraded form Fedora

Re: [Freeipa-users] sssd went away, failed to restart

On 02/22/2016 03:51 PM, Jakub Hrozek wrote: > > Is there anything else in the logs (/var/log/sssd/*) > Only some events after sssd went away: srvvm01:/var/log/sssd# cat sssd.log.1 (Sun Feb 21 18:02:21 2016) [sssd] [monitor_restart_service] (0x0010): Process [nss], definitely stopped!

Re: [Freeipa-users] [freeipa-users] Configuring Automount on Ubuntu Clients

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 22.02.2016, 10:00, Filip Pytloun kirjoitti: > My change was already applied in bind9 (1:9.10.3.dfsg.P2-4) > experimental; urgency=medium > > I don't know if it could be shipped by sssd package as the policy > is for usr.bin.named binary. oh right,

Re: [Freeipa-users] could not get zone keys for secure dynamic update

On 22.2.2016 09:36, Winfried de Heiden wrote: > Hi all, > > I get lot's of messages in my log (journalctl -u named-pkcs11.service -p err > ) > like these: > > Feb 22 09:17:32 ipa.example.com named-pkcs11[8982]: zone example.com/IN > (signed): could not get zone keys for secure dynamic update

Re: [Freeipa-users] [freeipa-users] Configuring Automount on Ubuntu Clients

My change was already applied in bind9 (1:9.10.3.dfsg.P2-4) experimental; urgency=medium I don't know if it could be shipped by sssd package as the policy is for usr.bin.named binary. On 2016/02/22 07:11, Timo Aaltonen wrote: > 14.02.2016, 09:14, Filip Pytloun kirjoitti: > > Hello, > > > > we

Re: [Freeipa-users] Wildcards in sudo external hostnames

Sorry not an option. I have couple of 1000s of instances. Aside from switching OS is there any other option? I mean "*" char is allowed in standard sudo implementation. To me it seems like there should not be a host name check on sudo hosts. On 22 February 2016 at 12:22, Alexander Bokovoy

[Freeipa-users] could not get zone keys for secure dynamic update

Hi all, I get lot's of messages in my log (journalctl -u named-pkcs11.service  -p err ) like these: Feb 22 09:17:32 ipa.example.com named-pkcs11[8982]: zone example.com/IN (signed): could not get zone keys for secure dynamic update Feb