On (18/02/16 18:41), Rakesh Rajasekharan wrote:
>I set up freeipa on our environment and its works perfectly for most of the
>hosts.. but on few I am getting a permission denied.
>
>[root@ipa-client-1c :~] ssh tempuser@localhost
>tempuser@localhost's password:
>Permission denied, please try again.
Hi,
I'm using FreeIPA 4.1.4 with nss-pam-ldapd and the compat schema.
I'm thinking of moving sudo rules to IPA and with *ou=sudoers* and
sudo-ldap this works.
In our setup we have lot of rules with wildcard matching for sudo
hostnames. For ex webserver*, dbserver* etc.
In the IPA UI, when I try
The permission for /etc/krb5.conf was already set to 644. So, that aspect
looks fine..
I think it might be something to do with the pam settings.
here is my sssd.conf
[root@ipa-client :/etc/sssd] cat sssd.con
[domain/xyz.com]
krb5_auth_timeout = 30
cache_credentials = True
krb5_store_password_i
Thanks for the quick reply.
FWIW, I'm on CentOS 7, but I haven't yet tried to apply your test sssd
packages.
I don't seem to have the "ldbadd" command on my client, either.
Also, I tried running `sudo ipa-adtrust-install --add-sids -A pioto`, and I
see more in the logs now.
But, I don't seem to
Hello everyone.
I send you this mail because I have sometimes a problem when using ipa
passwd to generate a One Time Password and then using kpasswd to set a
strong random password using a password policy.
When I perform the ipa passwd command and just after the kpasswd command, I
got an error me
On Thu, Feb 18, 2016 at 11:26:58AM +0100, Sumit Bose wrote:
> On Tue, Feb 16, 2016 at 04:23:10PM +, Mike Kelly wrote:
> > >> Thanks. Here's what is hopefully the relevant lines:
> > >
> > > I'm sorry, but these logs only capture how the original entry was
> > searched, not the overrides. Can y
David Kupka wrote:
> On 17/02/16 10:47, Matt . wrote:
>> Hi David,
>>
>> I have tested your way out and it seems to be OK.
>>
>> The reason why I need this was is so I can perform a stop and
>> ipa-backup before I start my backup to my backupserver. (pre-command).
>>
>> If I use ipa-backup directly
On 02/18/2016 02:11 PM, Rakesh Rajasekharan wrote:
> I set up freeipa on our environment and its works perfectly for most of the
> hosts.. but on few I am getting a permission denied.
>
> [root@ipa-client-1c :~] ssh tempuser@localhost
> tempuser@localhost's password:
> Permission denied, please tr
I set up freeipa on our environment and its works perfectly for most of the
hosts.. but on few I am getting a permission denied.
[root@ipa-client-1c :~] ssh tempuser@localhost
tempuser@localhost's password:
Permission denied, please try again.
tempuser@localhost's password:
I checked the hbac,
I have an AWS instance running Centos 6.7 correctly configured for freeipa but
I needed to make a backup machine which would remain live.
I created a clone of the machine and changed the host name and the settings in
/etc/hosts. When I tried to run ipa-client-install it told me to run the
unins
On Tue, Feb 16, 2016 at 04:23:10PM +, Mike Kelly wrote:
> >> Thanks. Here's what is hopefully the relevant lines:
> >
> > I'm sorry, but these logs only capture how the original entry was
> searched, not the overrides. Can you capture the full logs since the sssd
> startup? Also please make su
Sorry for self-replying.
I should have mentioned that we already went through:
http://www.freeipa.org/page/Troubleshooting#Service_does_not_start
But it turned out that a simple
ipactl stop
ipactl start
helped.
Surprisingly, the service does not start correctly at boot time, but
starting it t
Dear all,
we run a pair of IPA servers:
a master running on FC 21 and a slave running on CentOS release 7.2.1511.
krb5kdc: Server error - while fetching master key K/M for realm
PLEIADES.UNI-WUPPERTAL.DE
To handle CVE-2015-7547, we upgraded both systems (with a simple "yum
update"). The master
On 17/02/16 10:47, Matt . wrote:
Hi David,
I have tested your way out and it seems to be OK.
The reason why I need this was is so I can perform a stop and
ipa-backup before I start my backup to my backupserver. (pre-command).
If I use ipa-backup directly it errors between the stop of ipa and t
14 matches
Mail list logo