[Freeipa-users] sig11

hi All, Nov 11 08:56:15 ipa31 kernel: [324701.614162] traps: ns-slapd[1333] general protection ip:7f438b682731 sp:7f43637fb9a8 error:0 in libc-2.17.so[7f438b5fc000+1b6000] Nov 11 08:56:15 ipa31 systemd[1]: dirsrv@CXN.service: main process exited, code=killed, status=11/SEGV Nov 11 08:56:15 ipa31

Re: [Freeipa-users] ipa cli AttributeError: KerbTransport instance has no attribute '_conn'

On 11/08/2013 03:00 PM, Jonathan Underwood wrote: On 8 November 2013 13:46, Dmitri Pal d...@redhat.com wrote: On 11/08/2013 08:17 AM, Jonathan Underwood wrote: Sooo I think that means the problem lies with apache and NSS, right? Or in the negotiated authentication. Is there anything in

Re: [Freeipa-users] sig11

On 11/11/2013 09:37 AM, Alexander Bokovoy wrote: On Mon, 11 Nov 2013, Tamas Papp wrote: hi All, Nov 11 08:56:15 ipa31 kernel: [324701.614162] traps: ns-slapd[1333] general protection ip:7f438b682731 sp:7f43637fb9a8 error:0 in libc-2.17.so[7f438b5fc000+1b6000] Nov 11 08:56:15 ipa31

Re: [Freeipa-users] Access differentiation in group policy

Normally, when you want to limit the groups that the membership can be applied to, one can use the targetfilter component of the relevant ACI. We did this for example for Modify Group Membership so that junior admins with this permission cannot add themselves to the main admins group: # ipa

Re: [Freeipa-users] reboot required after ipa-client-install?

On Fri, Nov 08, 2013 at 02:42:21PM -0600, Dean Hunter wrote: On Thu, 2013-11-07 at 22:17 -0500, Dmitri Pal wrote: On 11/07/2013 06:20 PM, Dean Hunter wrote: On Thu, 2013-11-07 at 17:41 -0500, Dmitri Pal wrote: On 11/07/2013 12:59 PM, Dean Hunter wrote: On Thu,

[Freeipa-users] Winsync question

Hi, I have configured my IPA server to do a UNI sync fromWindows. When i change some attribute on a synced user in IPA, for example the initials attribute, my understanding from the manuals is that when the next sync operation occurs my changes should be owerwritten? however it does not? can

Re: [Freeipa-users] Access differentiation in group policy

Thanks a lot! We will try to work it out. -Original Message- From: Martin Kosek [mailto:mko...@redhat.com] Sent: Monday, November 11, 2013 12:52 PM To: Исаев Виталий Анатольевич; Rob Crittenden; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Access differentiation in group policy

Re: [Freeipa-users] Winsync question

On 11/11/2013 03:42 PM, gflwqs gflwqs wrote: Hi, I have configured my IPA server to do a UNI sync fromWindows. When i change some attribute on a synced user in IPA, for example the initials attribute, my understanding from the manuals is that when the next sync operation occurs my changes

[Freeipa-users] passync questions?

Hi, I have setup the winsync and passsync service according to the docs, but having problems with passsync. Scenario: When i change password in IPA which does not meet the password policy defined in AD the password does not get synced over to AD, however it get set on the IPA side? Question:

Re: [Freeipa-users] passync questions?

On 11/11/2013 08:42 AM, gflwqs gflwqs wrote: Hi, I have setup the winsync and passsync service according to the docs, but having problems with passsync. Scenario: When i change password in IPA which does not meet the password policy defined in AD the password does not get synced over to AD,

Re: [Freeipa-users] reboot required after ipa-client-install?

On Mon, 2013-11-11 at 10:51 +0100, Jakub Hrozek wrote: On Fri, Nov 08, 2013 at 02:42:21PM -0600, Dean Hunter wrote: On Thu, 2013-11-07 at 22:17 -0500, Dmitri Pal wrote: On 11/07/2013 06:20 PM, Dean Hunter wrote: On Thu, 2013-11-07 at 17:41 -0500, Dmitri Pal wrote: On

Re: [Freeipa-users] reboot required after ipa-client-install?

On 11/11/2013 01:50 PM, Dean Hunter wrote: [root@test mailto:root@test ~]# rpm -q glibc glibc-2.18-11.fc20.x86_64 [root@test mailto:root@test ~]# https://bugzilla.redhat.com/show_bug.cgi?id=867473 indicates the problem was fixed in Fedora 18. But the problem still occurs for both Fedora 19

Re: [Freeipa-users] reboot required after ipa-client-install?

On Mon, 2013-11-11 at 13:57 -0500, Dmitri Pal wrote: On 11/11/2013 01:50 PM, Dean Hunter wrote: [root@test ~]# rpm -q glibc glibc-2.18-11.fc20.x86_64 [root@test ~]# https://bugzilla.redhat.com/show_bug.cgi?id=867473 indicates the problem was fixed in Fedora 18. But the

[Freeipa-users] Remove Host Permission Not Working

Hi, I've been working on getting Foreman and my FreeIPA instance completely integrated: https://bitbin.de/blog/2013/11/foreman-freeipa-integration-guide/ But I have an issue, I have a user that has limited roles for Host Enrollment, including Add Host and Remove Host permissions. Remove

Re: [Freeipa-users] reboot required after ipa-client-install?

On Mon, 2013-11-11 at 13:07 -0600, Dean Hunter wrote: On Mon, 2013-11-11 at 13:57 -0500, Dmitri Pal wrote: On 11/11/2013 01:50 PM, Dean Hunter wrote: [root@test ~]# rpm -q glibc glibc-2.18-11.fc20.x86_64 [root@test ~]#

Re: [Freeipa-users] reboot required after ipa-client-install?

On Mon, 2013-11-11 at 16:21 -0600, Dean Hunter wrote: On Mon, 2013-11-11 at 13:07 -0600, Dean Hunter wrote: On Mon, 2013-11-11 at 13:57 -0500, Dmitri Pal wrote: On 11/11/2013 01:50 PM, Dean Hunter wrote: [root@test ~]# rpm -q glibc glibc-2.18-11.fc20.x86_64 [root@test ~]#

Re: [Freeipa-users] reboot required after ipa-client-install?

On 11/11/2013 06:22 PM, Simo Sorce wrote: On Mon, 2013-11-11 at 16:21 -0600, Dean Hunter wrote: On Mon, 2013-11-11 at 13:07 -0600, Dean Hunter wrote: On Mon, 2013-11-11 at 13:57 -0500, Dmitri Pal wrote: On 11/11/2013 01:50 PM, Dean Hunter wrote: [root@test ~]# rpm -q glibc

[Freeipa-users] Starting with host based access control and your existing users and hosts

In FreeIPA installations that already have some users and hosts in them, the setup might be using host based access control (HBAC) without admins realizing it because by default there is a catchall allow_all rule there. When you then want to start tweaking the setup, the allow_all rule needs to