Hi,
I have a trusted AD domain that I am enumerating object via IPA. I wanted to
know if i should be able to manipulate the uidNumber and gidNumber stored in
the default ID view via by using the ldapmodify command, for example, for this
DN (not local):
Hi,
I have a trusted AD domain that I am enumerating object via IPA. I wanted to
know if i should be able to manipulate the uidNumber and gidNumber stored in
the default ID view via by using the ldapmodify command, for example, for this
DN (not local):
Thank you.
Dan
> On Apr 27, 2016, at 3:00 PM, Alexander Bokovoy <aboko...@redhat.com> wrote:
>
> On Wed, 27 Apr 2016, Sullivan, Daniel [AAA] wrote:
>> Hi,
>>
>> I have a trusted AD domain that I am enumerating object via IPA. I
>> wanted to know if i sho
results, running into some
issues but interested in yours and the groups opinion on the viability of this).
I appreciate your help.
Best,
Dan
> On Apr 28, 2016, at 11:29 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
>
> On Wed, Apr 27, 2016 at 06:58:35PM +0000, Sullivan, Daniel [AA
t 2:22 AM, Jakub Hrozek
<jhro...@redhat.com<mailto:jhro...@redhat.com>> wrote:
On Thu, Apr 28, 2016 at 06:31:20PM +, Sullivan, Daniel [AAA] wrote:
Jakub,
Thank you for your reply. I did not know that the compat tree was
populated from sssd; Do you have any experience and or recom
Hi,
I am experiencing an HBAC issue that is proving to be very difficult to
diagnose. It appears very closely related to the issue described in this
thread
(https://lists.fedorahosted.org/archives/list/sssd-us...@lists.fedorahosted.org/thread/DTX4LP5VI2AHANMT4QFXERCN7US2TCUB/),
except that
Hi,
I wanted to follow up on this thread in case others are experiencing this
problem. Installing SSSD 1.14 from the copr repository seems to have
completely eliminated the HBAC issue on all systems that were exhibiting the
problem as previously described.
van, Daniel [AAA]
> <dsulliv...@bsd.uchicago.edu> wrote:
>
> Jakub, Justin,
>
> Thank you both very much for taking the time to continue helping me resolve
> this issue. I apologize for not replying right away; I’ve been dealing with
> a production issue for most of t
wrote:
>>> On Tue, 12 Jul 2016, Sullivan, Daniel [AAA] wrote:
>>>> Justin,
>>>>
>>>> I really appreciate you taking the time to respond to me. This problem
>>>> is driving me crazy and I will certainly take any help I can get. My
>&
Jakub, Justin,
Thank you both very much for taking the time to continue helping me resolve
this issue. I apologize for not replying right away; I’ve been dealing with a
production issue for most of the morning.
An invocation of ‘id
arting
sssd works, but only if individual AD domain members are added to the external
group - not AD domain groups.
Cheers
L.
--
The most dangerous phrase in the language is, "We've always done it this way."
- Grace Hopper
On 13 July 2016 at 08:07, Sullivan, Daniel [AAA]
<ds
Lukas,
Also, I would be interested to have high-level knowledge of known regressions
you describe so that we can more quickly identify that we are being impacted by
a known issue as we move forward with testing and evaluation of our IPA
implementation, particularly if they are missing from the
your thoughts.
Best,
Dan
On Jul 15, 2016, at 6:13 AM, Lukas Slebodnik
<lsleb...@redhat.com<mailto:lsleb...@redhat.com>> wrote:
On (14/07/16 21:23), Sullivan, Daniel [AAA] wrote:
Justin,
Thank you for taking the time to reply to me; I really appreciate your
willingness to help.
Upg
>
> On Mon, Jul 18, 2016 at 11:56:24AM +, Sullivan, Daniel [AAA] wrote:
>> Hi, Jakub,
>>
>> In line with your performance tuning document referenced prior in this
>> thread, I’ve actually already implemented the three configuration changes
>> you specified
Would a DNS view (bind) work?
http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch10_06.htm
Also, depending on what you are using for NAT, some devices will mangle the
reply payload of A record lookups as they traverse NAT to avoid haripinning (a
packet going out and then back in the same
>
2) ldapsearch -x -b dc=ipa,dc=cri,dc=uchicago,dc=edu
Based on that you should be able to tune your LDAP parameters for SSSD.
Out of curousity is there any reason you are not using the IPA provider instead
of LDAP (in SSSD)?
Dan
On Jul 16, 2016, at 9:38 PM, Sullivan, Daniel [AAA]
&l
Have you tried different settings for ldap_schema (should be easy to test)?
http://linux.die.net/man/5/sssd-ldap
Dan
On Jul 16, 2016, at 4:19 PM, Peter Pakos
> wrote:
Hi,
I'm about to move our FreeIPA platform into production on Monday but I've just
t 7:12 AM, Jakub Hrozek
<jhro...@redhat.com<mailto:jhro...@redhat.com>> wrote:
On Fri, Jul 15, 2016 at 12:00:56PM +, Sullivan, Daniel [AAA] wrote:
Lukas,
Thank you for your reply and inquiry.
First, to answer your question; yes, we have been using the
default_domain_suffix f
),788609341(ic),788646237(adm shpt ocr
visitors),788609544(adm-trackittech),788671562(ocr-ocrepic),788652940(dma
management)
Dan
On Jul 15, 2016, at 8:22 AM, Sullivan, Daniel [AAA]
<dsulliv...@bsd.uchicago.edu<mailto:dsulliv...@bsd.uchicago.edu>> wrote:
Jakub,
Sure, no problem
om>> wrote:
On Fri, Jul 15, 2016 at 01:22:07PM +, Sullivan, Daniel [AAA] wrote:
Jakub,
Sure, no problem, I am happy to provide the output that you are requesting.
Thank you for taking the time to help me.
To answer your question, no record is returned (not missing groups). For
examp
unable to lookup this user. I will report
back if I find anything meaningful. In the meantime I would appreciate any
advisement that could be provided.
Thank you for replying to me.
Best,
Dan Sullivan
On Jul 18, 2016, at 3:19 AM, Jakub Hrozek
<jhro...@redhat.com<mailto:jhro...@redhat
6 at 06:30:22PM +0000, Sullivan, Daniel [AAA] wrote:
>> Hi,
>>
>> I feel like I’ve been warned at least twice that sssd 1.14 has some known
>> regressions that make it unstable. We’re in the process of rolling it out
>> to our production environment (we can’t use 1.
Hi,
I feel like I’ve been warned at least twice that sssd 1.14 has some known
regressions that make it unstable. We’re in the process of rolling it out to
our production environment (we can’t use 1.13 due to another issue); so far it
seems pretty stable, although if possible I’d like any
be happy to provide any feedback on
identified issues.
Dan
> On Aug 25, 2016, at 3:27 PM, Lukas Slebodnik <lsleb...@redhat.com> wrote:
>
> On (25/08/16 18:30), Sullivan, Daniel [AAA] wrote:
>> Hi,
>>
>> I feel like I’ve been warned at least twice that sssd 1.
24 matches
Mail list logo