Hi all,
This is a question more about bind-dyndb-ldap rather than freeipa, but I
understand it's written/maintained by the freeipa project and so this might
be the most appropriate place to ask. I have setup bind-dyndb-ldap to read
some zones from openldap, with multiple nameservers acting as
It worked! Thanks so much for your help.
On 2/8/17, 12:20 PM, "Alexander Bokovoy" wrote:
On ke, 08 helmi 2017, Armaan Esfahani wrote:
>I have found the following.
>
>[08/Feb/2017:11:14:38 -0500] sidgen_task_thread - [file ipa_sidgen_task.c,
line 194]:
On ke, 08 helmi 2017, Armaan Esfahani wrote:
I have found the following.
[08/Feb/2017:11:14:38 -0500] sidgen_task_thread - [file ipa_sidgen_task.c, line
194]: Sidgen task starts ...
[08/Feb/2017:11:14:38 -0500] find_sid_for_ldap_entry - [file
ipa_sidgen_common.c, line 522]: Cannot convert
Hey Jeff, that is also happening here, however only with users created after
the ipa-adtrust-install. For example, the admin user fails to ever be
authenticated despite numerous password resets, yet if I were to create a new
account and reset it’s password it works fine.
From: Jeff
I had this same issue and the value was only added after a password change.
Jeff
On Wed, Feb 8, 2017 at 11:10 AM, Alexander Bokovoy
wrote:
> On ke, 08 helmi 2017, Armaan Esfahani wrote:
>
>> I’ve been having issues with some of my IPA seemingly not getting SID’s
>> after
I have found the following.
[08/Feb/2017:11:14:38 -0500] sidgen_task_thread - [file ipa_sidgen_task.c, line
194]: Sidgen task starts ...
[08/Feb/2017:11:14:38 -0500] find_sid_for_ldap_entry - [file
ipa_sidgen_common.c, line 522]: Cannot convert Posix ID [755400050] into an
unused SID.
On ke, 08 helmi 2017, Armaan Esfahani wrote:
I’ve been having issues with some of my IPA seemingly not getting SID’s
after the install, even after running with the –add-sids modifier. I
was wondering where the SID values are located so that I can take a
look at what’s happening/
In the user
I’ve been having issues with some of my IPA seemingly not getting SID’s after
the install, even after running with the –add-sids modifier. I was wondering
where the SID values are located so that I can take a look at what’s happening/
--
Armaan Esfahani
Advanced Open Systems
m:(470)
Le 08/02/2017 à 13:00, Pavel Březina a écrit :
On 02/08/2017 11:59 AM, Nathanaël Blanchet wrote:
Hello,
on latest IPA, when adding a command to a rule or a sudo option for
example, the change is not active on the user session.
For example, after removing !authenticate option, I still can
Cache is verified valid by looking at the cache files /var/lib/sss/db/ ldb
files.
Also, if I lookup the user on the IPA server I get a fast response.
Looking up the user on a client which have a valid cache return the user within
a few ms or secs.
Invalidating the cache on the client with
Are you actually logging in or or just doing a lookup on a user? I remember
reading somewhere that groups are always re-evaluated at the point of login,
regardless of what is in the cache. I am not sure if this is accurate or the
implications of whether or not it is on the client, server or
On Wed, Feb 08, 2017 at 12:44:07PM +0100, Troels Hansen wrote:
> Hi,
>
> Have you tried setting ldap_user_principal to something nonexisting? For
> example:
>
> ldap_user_principal = nosuchattr
>
> and inherit this to the AD domain with:
>
> subdomain_inherit = ldap_user_principal
>
> Both
On 02/08/2017 11:59 AM, Nathanaël Blanchet wrote:
Hello,
on latest IPA, when adding a command to a rule or a sudo option for
example, the change is not active on the user session.
For example, after removing !authenticate option, I still can execute
sudo commands without password.
I tried to
Hi,
Have you tried setting ldap_user_principal to something nonexisting? For
example:
ldap_user_principal = nosuchattr
and inherit this to the AD domain with:
subdomain_inherit = ldap_user_principal
Both in the domain section of sssd.
- On Feb 8, 2017, at 12:17 PM, Jan Karásek
Hi, thank you for help.
I am running RHEL 7.3 on IPA serveres and with RHEL 7.3 clients it works really
nice.
Trouble is on RHEL 6 machines. I have tried to add
krb5_use_enterprise_principal = true into domain section of sssd.conf on RHEL 6
IPA clients but problem still persists. Is there
Hello,
on latest IPA, when adding a command to a rule or a sudo option for
example, the change is not active on the user session.
For example, after removing !authenticate option, I still can execute
sudo commands without password.
I tried to logout and relogin, but nothing changes, but on a
On Wed, Feb 08, 2017 at 09:59:52AM +0100, Kees Bakker wrote:
> Hi,
>
> This is a follow-up on the problem I had with
> klist: Invalid UID in persistent keyring name while getting default ccache
> (See "How to enable krb5_child log" earlier this month.)
>
> The situation is that we have local
Hi,
This is a follow-up on the problem I had with
klist: Invalid UID in persistent keyring name while getting default ccache
(See "How to enable krb5_child log" earlier this month.)
The situation is that we have local users with the same name that exist in IPA,
but the UIDs are different. We
On Fri, Feb 03, 2017 at 12:59:26PM -0800, spammewo...@cox.net wrote:
>
> Sumit Bose wrote:
> > On Fri, Feb 03, 2017 at 09:33:13AM +0100, Sumit Bose wrote:
> > On Thu, Feb 02, 2017 at 11:03:28AM -0800, spammewo...@cox.net wrote:
> > > I am running an IPA server (4.4.0) on
On Mon, Feb 06, 2017 at 01:56:06PM +, Tommy Nikjoo wrote:
> Hi,
>
> I'm having some issues with 2FA PAM config's on Ubuntu clients.
> Currently, I'm guessing that the PAM module doesn't know how to talk to
> the 2FA protocol. Is anyone able to give an in site into how to get
> this working
20 matches
Mail list logo