On 08.11.2016 14:57, lejeczek wrote:
hello
I've changed an uid of a.user but system: $ id a.user - still shows
old id.
When is the system supposed to notice that change?
thanks
L.
Hello,
you probably need to erase SSSD cache on client, sss_cache -E if I
remember correctly
Martin
--
I'm running IPA 4.2 in SSO in a highly dynamic AWS EC2 environment. Is
there a way to tell if a host that has joined the domain is still active
using an LDAP query so that I can determine hosts that have been torn down
and no longer exist and remove them from the directory?
I have looked at
Alessandro De Maria wrote:
> Hello Martin,
>
> still no luck unfortunately.
>
> The client is an ubuntu 14.04 server, and I believe it is enrolled already.
>
> The /etc/ipa/ca.pem is correct and already installed, and I even added
> it to the /etc/ssl/certs directory (which is why my curl
I thought /etc/krb5.conf controls which kerberos server the clients talk to.
As a test, I removed /etc/krb5.conf and rebooted the client. After reboot, I
can still log in and "kinit user" .
Removing /etc/krb5.keytab, however would stop user from logging in and sssd to
start.
--
Manage your
On 03/11/16 19:58, Mark Reynolds wrote:
dbscan -f /var/lib/dirsrv/slapd-INSTANCE/db/changelogdb
>results of above scan do not look like that CSN form reported in
>dirsrv's error log, it is:
>..
>=116156
>=116157
>=116158
>..
That doesn't look quite right, Just to confirm you should be doing
On 08/11/2016 13:57, lejeczek wrote:
I've changed an uid of a.user but system: $ id a.user - still shows
old id.
When is the system supposed to notice that change?
You might want to force the cache to expire early. Try:
sss_cache -U
or
sss_cache -u
(I'm afraid I don't know what
On 11/08/2016 05:13 PM, Ask Stack wrote:
I thought /etc/krb5.conf controls which kerberos server the clients talk
to.
As a test, I removed /etc/krb5.conf and rebooted the client. After
reboot, I can still log in and "kinit user" .
Removing /etc/krb5.keytab, however would stop user from logging
hi everyone
when I look at my domain I see something which seems
inconsistent to me (eg. work5 is not part of the domain, was
--uninstalled)
Do these record need fixing?
I'm asking becuase one of the servers, despite the fact the
ipa dns related toolkit(on that server) shows zone &
records,
Thank you Rob and Martin,
the correct place on Ubuntu seems to be:
/etc/pki/nssdb/
This directory does not seem to be initialised by the *ipa-client-install*
tool.
Now my script still doesn't work, but offer brand new errors :)
Thank you
On 8 November 2016 at 14:55, Rob Crittenden
On 08.11.2016 19:41, lejeczek wrote:
hi everyone
when I look at my domain I see something which seems inconsistent to
me (eg. work5 is not part of the domain, was --uninstalled)
Do these record need fixing?
I'm asking becuase one of the servers, despite the fact the ipa dns
related
I will try to your solutions.
Thanks!
--
祝:
工作顺利!生活愉快!
--
长沙研发中心 郑磊
电话:18684703229
邮箱:zheng...@kylinos.cn
公司:天津麒麟信息技术有限公司
地址:湖南长沙市开福区三一大道工美大厦十四楼
-- Original --
From: "Lukas Slebodnik";
Yes, the problem is solved after I added the httpd_run_ipa boolean to the
selinux-policy on Ubuntu.
Thank you!
--
祝:
工作顺利!生活愉快!
--
长沙研发中心 郑磊
电话:18684703229
邮箱:zheng...@kylinos.cn
公司:天津麒麟信息技术有限公司
地址:湖南长沙市开福区三一大道工美大厦十四楼
--
hi everyone
I have a three servers which seemingly!? work but all three log:
attrlist_replace - attr_replace (nsslapd-referral,
ldap://swir.xx.xx
and swir.xx.xx is the server which ipa-replica-prepared and
on it I see:
attrlist_replace - attr_replace (nsslapd-referral,
ldap://whale.xx.xx
On 7.11.2016 17:45, Raul Dias wrote:
> You are right,
>
> This might be more a Fedora issue than FreeIPA. I am hoping that someone else
> is also using DHCP with LDAP (specially with FreeIPA).
>
> I am using the IPA-dhcp plugin: https://github.com/jefferyharrell/IPA-dhcp
>
> ldapsearch -x shows
On 8.11.2016 15:19, lejeczek wrote:
> hi everyone
>
> I have a three servers which seemingly!? work but all three log:
>
> attrlist_replace - attr_replace (nsslapd-referral, ldap://swir.xx.xx
>
> and swir.xx.xx is the server which ipa-replica-prepared and on it I see:
>
> attrlist_replace -
On 11/07/2016 09:11 PM, James Harrison wrote:
Hello
Sorry didn't explain. The ipa is the default domain, but I also want to
use the Windows domain to authenticate, but I want the OS to detect what
realm to use in the ssh command.
Thanks
On Mon, 7 Nov, 2016 at 11:48, Martin Basti
On 11/07/2016 04:45 PM, Alessandro De Maria wrote:
Hi Martin,
I tried from the host I am executing the script from, and I get:
certutil -L -d /etc/httpd/alias/
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
certificate/key database is in an old, unsupported format.
From the FreeIPA
Hello Martin,
still no luck unfortunately.
The client is an ubuntu 14.04 server, and I believe it is enrolled already.
The /etc/ipa/ca.pem is correct and already installed, and I even added it
to the /etc/ssl/certs directory (which is why my curl command in the first
email does not complain)
2016-11-08 16:33 GMT+08:00 郑磊 :
> Hello everyone,
> I have been setting up freeipa(its version is 4.3.1) on Ubuntu. Selinux is
> enable, and its mode is permissive. I met a problem at configuring the httpd
> process, but the process won't be interrupted. The configuration
Command returns the result:
root@ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/setsebool -P
httpd_can_network_connect=on httpd_run_ipa=on httpd_manage_ipa=on
Cannot set persistent booleans without managed policy.
root@ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/getsebool httpd_run_ipa
Error getting active
Hello everyone,
I have been setting up freeipa(its version is 4.3.1) on Ubuntu. Selinux is
enable, and its mode is permissive. I met a problem at configuring the httpd
process, but the process won't be interrupted. The configuration information
is as follows:
Configuring the web interface
Hi,
I can configrm that UPN issue is fixed in RHEL 7.3. That is great, thank you a
lot.
It looks like solution came with sssd 1.14.x right ? Anybody knows if there are
plans to implement it into RHEL 6.x (ipa-client) ? Currently my ipa-clients on
RHEL 6.8 (sssd 1.13.3.-22) are not able to
On (08/11/16 16:57), 郑磊 wrote:
>Command returns the result:
>root@ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/setsebool -P
>httpd_can_network_connect=on httpd_run_ipa=on httpd_manage_ipa=on
>Cannot set persistent booleans without managed policy.
>
>root@ipaserver:/tmp/freeipa-4.3.1#
hello
I've changed an uid of a.user but system: $ id a.user -
still shows old id.
When is the system supposed to notice that change?
thanks
L.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for
24 matches
Mail list logo