Re: [Freeipa-users] In webgui, ID Views slow, to crashingly slow

On 09/20/2016 12:17 AM, Simpson Lachlan wrote: -Original Message- On 09/19/2016 03:12 AM, Lachlan Musicman wrote: Hi Sometimes when I visit the ID Views page in the webgui, it is crushingly slow, and often it times out. Centos 7, ipa --version VERSION: 4.2.0, API_VERSION: 2.156 Is

[Freeipa-users] sssd.conf - the server and host-client relationship

Hola, What is the relationship between the IPA server, host-clients and the sssd.conf? >From what I can tell, sssd.conf is edited/changed by the ipa-client-install process on the host-client. What level of similarity does there need to be between the two sssd.confs? My server's sssd.conf has a

Re: [Freeipa-users] HBAC doesn't work issues

(redface) It seems to be working. Thanks -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 20 September 2016 at 09:57, Lachlan Musicman wrote: > We have one "allow all" sudo rule (anyone, any host, any command). > >

Re: [Freeipa-users] HBAC doesn't work issues

We have one "allow all" sudo rule (anyone, any host, any command). Matching Defaults entries for root on this host: requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG

Re: [Freeipa-users] bind crashes on rndc reload

On Monday, September 19, 2016 2:16:55 PM CDT Petr Spacek wrote: > On 12.9.2016 11:55, Anthony Joseph Messina wrote: > > On Monday, September 12, 2016 10:31:10 AM CDT Jochen Demmer wrote: > >> Hi, > >> > >> I have a major issue with my setup: > >> Fedora 24 > >> freeipa-common-4.3.2-2.fc24.noarch

Re: [Freeipa-users] In webgui, ID Views slow, to crashingly slow

> -Original Message- > > On 09/19/2016 03:12 AM, Lachlan Musicman wrote: > > Hi > > > > Sometimes when I visit the ID Views page in the webgui, it is > > crushingly slow, and often it times out. > > > > Centos 7, ipa --version > > VERSION: 4.2.0, API_VERSION: 2.156 > > > > Is there a

Re: [Freeipa-users] Fwd: Re: Increase ListenBacklog for httpd

Rakesh Rajasekharan writes: > On Mon, Sep 12, 2016 at 10:13 AM, Rakesh Rajasekharan > > > wrote: > > sorry I guess I did not put the question correctly > > I wanted to know .. like we

Re: [Freeipa-users] certificates not renewing CA_UNREACHEABLE

Natxo Asenjo wrote: hi, On Fri, Sep 16, 2016 at 4:22 PM, Rob Crittenden > wrote: The 3 certs you list are the ones that are renewed via the IPA API (as opposed to the subsystem certs renewed directly by dogtag). I think the failures

Re: [Freeipa-users] CA: Cannot add Centos7.2 replica to Centos6.8 ipa server

On 09/16/2016 06:39 PM, Petr Vobornik wrote: On 09/14/2016 07:26 PM, Giorgos Kafataridis wrote: On 09/13/2016 10:36 PM, Endi Sukma Dewata wrote: On 9/12/2016 9:35 PM, Endi Sukma Dewata wrote: On 9/9/2016 2:46 PM, Georgios Kafataridis wrote: I've tried that but still the same result.

Re: [Freeipa-users] bind crashes on rndc reload

On 12.9.2016 11:55, Anthony Joseph Messina wrote: > On Monday, September 12, 2016 10:31:10 AM CDT Jochen Demmer wrote: >> Hi, >> >> I have a major issue with my setup: >> Fedora 24 >> freeipa-common-4.3.2-2.fc24.noarch >> freeipa-admintools-4.3.2-2.fc24.noarch >>

Re: [Freeipa-users] Want to extend schema for ipahost

Thank You Flo This helped!!! Best regards,Deepak > Subject: Re: [Freeipa-users] Want to extend schema for ipahost > To: deepak_di...@hotmail.com; freeipa-users@redhat.com > From: f...@redhat.com > Date: Mon, 19 Sep 2016 13:41:00 +0200 > > On 09/19/2016 01:31 PM, Deepak Dimri wrote: > > Hi All, >

Re: [Freeipa-users] Want to extend schema for ipahost

On 19.09.2016 13:41, Florence Blanc-Renaud wrote: On 09/19/2016 01:31 PM, Deepak Dimri wrote: Hi All, I want to add couple of custom attribute to IPA Host. I have already added custom attributes and objectclass "AWSInstanceDetails" to my schema succesfully but when i am trying to modify

Re: [Freeipa-users] User gecos in IPA-AD trust

On Mon, Sep 19, 2016 at 01:47:22PM +0200, Troels Hansen wrote: > Hi, i'm having some problems setting user's gecos in AD trust environment. > > No matter what I change ldap_user_gecos to its not changes on AD users. > > I guess its because I can only set it on the IPA domain, in SSSD config,

[Freeipa-users] User gecos in IPA-AD trust

Hi, i'm having some problems setting user's gecos in AD trust environment. No matter what I change ldap_user_gecos to its not changes on AD users. I guess its because I can only set it on the IPA domain, in SSSD config, and it can't be added to the subdomain_inherit ? -- Med venlig

Re: [Freeipa-users] Want to extend schema for ipahost

On 09/19/2016 01:31 PM, Deepak Dimri wrote: Hi All, I want to add couple of custom attribute to IPA Host. I have already added custom attributes and objectclass "AWSInstanceDetails" to my schema succesfully but when i am trying to modify existing host to include the new objectclass i am getting

Re: [Freeipa-users] 3rd party Cert install now IPA total broken

On 09/16/2016 03:06 PM, Günther J. Niederwimmer wrote: Hello, Freeipa 4.3.1 I have now install a 3rd Party Certificat from Startcom now my IPA is total broken? I make this ipa-cacert-manage -p '' -n STARTCOM-ROOT -t C,, install root.crt ipa-certupdate ipa-server-certinstall

Re: [Freeipa-users] how to revert ipa-adtrust-install...

thanks a lot! On 19/09/16 08:49, Martin Babinsky wrote: ipaConfigString: enabledService -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] HBAC doesn't work issues

On (19/09/16 16:43), Lachlan Musicman wrote: >I must have made an error again: > >- ipa hbactest gives seemingly correct answer on both server and client >- user can't actually use sudo on client? > >Centos 7, freeipa 4.2.o/2.156; sssd 1.14.1 from COPR > >>From the server: > >[root@vmdv-linuxidm1

Re: [Freeipa-users] In webgui, ID Views slow, to crashingly slow

On 09/19/2016 03:12 AM, Lachlan Musicman wrote: Hi Sometimes when I visit the ID Views page in the webgui, it is crushingly slow, and often it times out. Centos 7, ipa --version VERSION: 4.2.0, API_VERSION: 2.156 Is there a reason, can I do something to fix this? cheers L. -- The most

Re: [Freeipa-users] how to revert ipa-adtrust-install...

On 09/19/2016 09:49 AM, Martin Babinsky wrote: On 09/17/2016 12:43 PM, lejeczek wrote: On 15/09/16 22:37, Rob Crittenden wrote: What do you mean control? If you don't want ipactl to manage the smb service, look for an entry in cn=masters,cn=ipa,cn=etc,dc=example,dc=com and delete it if you

Re: [Freeipa-users] ipa trust-add using password

> If you add 'log level = 50' to /usr/share/ipa/smb.conf.empty, then > /var/log/httpd/error_log will contain detailed debug information from > IPA attempts to talk to AD DCs. > > -- > / Alexander Bokovoy Hi Alexander I added the log level, and had the domain admin try to create the trust, and

[Freeipa-users] HBAC doesn't work issues

I must have made an error again: - ipa hbactest gives seemingly correct answer on both server and client - user can't actually use sudo on client? Centos 7, freeipa 4.2.o/2.156; sssd 1.14.1 from COPR >From the server: [root@vmdv-linuxidm1 ~]# ipa hbactest --user=lsimp...@petermac.org.au