On (19/02/16 16:04), Jakub Hrozek wrote:
>On Fri, Feb 19, 2016 at 03:27:50PM +0100, Harald Dunkel wrote:
>> Hi Lukas,
>>
>> I found an ubuntu manpage saying sss_ssh_knownhostsproxy is
>> an experimental feature.
>> Would you suggest to drop it
>> in ipa-client-install?
>
>It's not experimental (a
On Fri, Feb 19, 2016 at 09:10:19PM +0530, Prashant Bapat wrote:
> Not using SSSD because Amazon Linux does not support samba libraries
> required to compile it.
Time to file a request against Amazon I guess :-)
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.co
Not using SSSD because Amazon Linux does not support samba libraries
required to compile it.
On 19 February 2016 at 14:28, Jakub Hrozek wrote:
> On Fri, Feb 19, 2016 at 11:27:16AM +0530, Prashant Bapat wrote:
> > Hi,
> >
> > I'm using FreeIPA 4.1.4 with nss-pam-ldapd and the compat schema.
>
> W
On Fri, Feb 19, 2016 at 03:27:50PM +0100, Harald Dunkel wrote:
> Hi Lukas,
>
> I found an ubuntu manpage saying sss_ssh_knownhostsproxy is
> an experimental feature.
> Would you suggest to drop it
> in ipa-client-install?
It's not experimental (at least upstream) for several years.. What sssd
ve
Hi Lukas,
I found an ubuntu manpage saying sss_ssh_knownhostsproxy is
an experimental feature. Would you suggest to drop it
in ipa-client-install?
IMHO this is a pretty annoying bug. I rely upon a port
redirection for ssh on IPv4. For IPv6 there is no
redirection, but the port is blocked in the p
Hello,
Doing a bulk load of 150,000+ users to an IPA 4.2.0 server running
RedHat Enterprise Linux 7.
Running 25 parallel ipa user-add at once, waiting for completion, then
starting another 25, and so on.
The httpd error_log is filling with many of these messages (457,189 in
four days):
[
On 19.02.2016 14:57, Geselle Stijn wrote:
That seems to fail:
[root@ipa ~]# dig @192.168.1.1 . SOA
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 <<>> @192.168.1.1 . SOA ; (1 server
found) ;; global options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44900 ;; flags: q
That seems to fail:
[root@ipa ~]# dig @192.168.1.1 . SOA
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 <<>> @192.168.1.1 . SOA ; (1 server
found) ;; global options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44900 ;; flags: qr rd ra;
QUERY: 1, ANSWER: 0, AUTHORITY: 0, A
On (19/02/16 14:03), Harald Dunkel wrote:
>Hi folks,
>
>is it just me, or does sss_ssh_knownhostsproxy break
>
> ssh -4 host.example.com
>
>?
>
>host.example.com has A and entries in DNS, of course.
>If I comment out the line in ssh_config
>
># ProxyCommand /usr/bin/sss_ssh_knownhostspro
On Fri, Feb 19, 2016 at 12:12:42PM +, Mike Kelly wrote:
> Ahha! I seem to have gotten somewhere now!
>
> I just re-applied the view to my host, restarted sssd and cleared its
yes, that's what I meant earlier with the missing view entry in the
cache. SSSD tries to figure out if a view name cha
Hi folks,
is it just me, or does sss_ssh_knownhostsproxy break
ssh -4 host.example.com
?
host.example.com has A and entries in DNS, of course.
If I comment out the line in ssh_config
# ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
then I get the expected IPv4 connection.
On 19.2.2016 13:50, Geselle Stijn wrote:
> Hello fellow FreeIPA users,
>
> I'm trying to setup FreeIPA in a lab environment (VirtualBox):
>
>
> - ad.example.com (Windows Server 2008 R2) - 192.168.1.1
>
> - ipa.example.com (CentOS 7.2) - 192.168.1.2
> Both machines can ping eac
On Fri, 19 Feb 2016, Vladimir Kondratyev wrote:
Hi
I installed latest ipa-server-4.2.0-15.el7_2.6.x86_64 with slapi-nis
plugin on RHEL7.2 than installed and configured
ipa-server-trust-ad-4.2.0-15.el7_2.6.x86_64 with compat-schema option
and than successfully established one-way trust with Win20
Hello fellow FreeIPA users,
I'm trying to setup FreeIPA in a lab environment (VirtualBox):
- ad.example.com (Windows Server 2008 R2) - 192.168.1.1
- ipa.example.com (CentOS 7.2) - 192.168.1.2
Both machines can ping each other, DNS resolving works:
[root@ipa ~] nslookup ad
Ser
Hi
I installed latest ipa-server-4.2.0-15.el7_2.6.x86_64 with slapi-nis plugin on
RHEL7.2 than installed and configured
ipa-server-trust-ad-4.2.0-15.el7_2.6.x86_64 with compat-schema option and than
successfully established one-way trust with Win2008R2 domain (named ad.dlink)
After that foll
Thanks.
Ok, one final concern, though, I guess I didn't resolve the issues with
sudo...
[root@data ~]# sudo -l -U pioto
User pioto is not allowed to run sudo on data.
But, huh, after running these few commands, now I can?
[root@data ~]# id pioto
uid=1001(pioto) gid=1001(pioto)
groups=1001(pioto
On Fri, 19 Feb 2016, Mike Kelly wrote:
Ahha! I seem to have gotten somewhere now!
I just re-applied the view to my host, restarted sssd and cleared its
cache, and it's now picking up my overridden UID and GID! (I had to
manually add an entry for the overridden GID to /etc/group, because FreeIPA
Ahha! I seem to have gotten somewhere now!
I just re-applied the view to my host, restarted sssd and cleared its
cache, and it's now picking up my overridden UID and GID! (I had to
manually add an entry for the overridden GID to /etc/group, because FreeIPA
won't let me override the private user gr
>>Actually, it should be 1777
> sh$ ls -ld /tmp/
> drwxrwxrwt. 11 root root 260 Feb 19 10:27 /tmp/
^
> This is important.>
yes, I have now corrected them... Thanks...
On Fri, Feb 19, 2016 at 2:59 PM, Lukas Slebodnik
wrote:
> On (19/02/16 14:54), Rakesh Rajasekharan wrote:
> >>
On 02/18/2016 04:46 PM, bahan w wrote:
Hello everyone.
I send you this mail because I have sometimes a problem when using ipa
passwd to generate a One Time Password and then using kpasswd to set a
strong random password using a password policy.
When I perform the ipa passwd command and just aft
On (19/02/16 14:54), Rakesh Rajasekharan wrote:
>>
>>This usually mean critical error in sssd.
>> Please provide log files (sssd_$domain.log and krb5_child.log)
>
>I found this in my sssd-$domain.log
>
> [krb5_auth_prepare_ccache_name] (0x1000): No ccache fil
>
>This usually mean critical error in sssd.
> Please provide log files (sssd_$domain.log and krb5_child.log)
I found this in my sssd-$domain.log
[krb5_auth_prepare_ccache_name] (0x1000): No ccache file for user
[tempuser] found
so searching around I foun
Hi guys,
As I'm using burp for backup I get the feeling it fails obt eh
ipa-backup proces itself when runned as a pre_script. I think it waits
for some exitcode or already gets it before the real backup of IPA has
been finished.
I'm checking this out as burp also outputs messages as errors becaus
On Fri, Feb 19, 2016 at 11:27:16AM +0530, Prashant Bapat wrote:
> Hi,
>
> I'm using FreeIPA 4.1.4 with nss-pam-ldapd and the compat schema.
Why not sssd?
>
> I'm thinking of moving sudo rules to IPA and with *ou=sudoers* and
> sudo-ldap this works.
>
> In our setup we have lot of rules with wi
On 02/19/2016 06:33 AM, Chris Addie wrote:
> I have two separate networks each with their own FreeIPA server(s) and I
> would like for users from network A to be able to be able to access services
> in network B, but not the other way around. The documentation for ipa
> trust-add seems to imply thi
I have two separate networks each with their own FreeIPA server(s) and I
would like for users from network A to be able to be able to access services
in network B, but not the other way around. The documentation for ipa
trust-add seems to imply this is not possibly however as “Only trusts to
Active
26 matches
Mail list logo