[Freeipa-users] Cannot start freeipa after reboot of server

2016-02-05 Thread Fujisan
Hello, I have a big problem here I have rebooted my freeipa server and noticed that no login screen appeared after the reboot making it impossible to log in, even through an ssh session from my desktop. I also rebooted the replica and got the same problem. I rebooted again the replica in rescue

Re: [Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape

2016-02-05 Thread Rob Crittenden
Timothy Geier wrote: Greetings all, For the record,this is a CentOS 7.2 box with all current patches. (ipa-server-4.2.0-15.el7.centos.3.x86_64, etc.) The situation is that pki-tomcatd on the lone CA server in our IPA cluster refuses to start cleanly. The issues started earlier this week

Re: [Freeipa-users] Sudo privilege inheritance in FreeIPA (3.0.x branch)

2016-02-05 Thread Jakub Hrozek
On Thu, Feb 04, 2016 at 11:39:07AM -0700, sysadmin ofdoom wrote: > Note: sudo rule "testSudo" fails when using user group. But succeeds > when using a directly defined user. > sudo rule "sudo-1" fails when user defined directly, but hosts are > defined with host group. > > The

Re: [Freeipa-users] [freeipa-users] Configuring Automount on Ubuntu Clients

2016-02-05 Thread Rob Crittenden
Jon wrote: Hello, How do I configure automount for Ubuntu 14.04 clients? My procedure on CentOS has been: install free-ipa client, run ipa-client-install (auto configures with dns discovery), run ipa-client-automount. However, when I run this on the ubuntu client, I receive the following

Re: [Freeipa-users] OS migration from Fedora to CentOS?

2016-02-05 Thread Petr Vobornik
On 02/04/2016 06:14 PM, Christophe TREFOIS wrote: Hi all, We are currently running a 3-replica (all are setup with the —setup-ca flag) cluster on Fedora 21, with FreeIPA 4.1.4. We would like to slowly upgrade to the new version and move away from Fedora to CentOS 7.2. We were thinking of

Re: [Freeipa-users] [freeipa-users] How to manage Linux attributes for AD users (e.g. how do I set a shell for an AD User)

2016-02-05 Thread Jakub Hrozek
On Thu, Feb 04, 2016 at 01:57:20PM -0600, Jon wrote: > Hi Josh, > > I think that's exactly the problem though, how does one set POSIX > attributes in AD from Linux guests? > > The RedHat documentation has a big warning that the Microsoft IDMU has been > deprecated. IIRC the UI is, the schema is

Re: [Freeipa-users] IPA-AD Login

2016-02-05 Thread Alan P
Thanks jhrozek, I have already seen it and applied to my IPA server, but it didn't have any significant impact, at least for AD users. In krb5kdc log, when I try to login with an IPA user in Windows, I can see the next: Feb 05 17:52:12 master.ipa.ad.example.com krb5kdc[14081](info): AS_REQ (6