[Freeipa-users] Re: Failure to login on 2/3 of servers after RHEL7.4 upgrade

On Tue, Sep 5, 2017 at 2:57 PM, Jakub Hrozek via FreeIPA-users wrote: > OK, so it's SSSD telling libkrb5 to talk to auth.astro. Since in your > sssd.conf, auth.astro is listed in addition to the 'local' IPA server, I > would check the sssd logs if sssd can

[Freeipa-users] Re: Which one?

On Tue, Sep 05, 2017 at 11:16:03AM -0500, Kat via FreeIPA-users wrote: > Hi all, > > Looking to proxy some applications with a reverse proxy. Want to ingrate > with IPA to do auth on the front end of the proxy so it passes kerberos > tickets to the back-end applications. Any suggestions on which

[Freeipa-users] Failure to login on 2/3 of servers after RHEL7.4 upgrade

Running a clone of RHEL (Springdale Linux), and recently upgraded to 7.4 and all its ensuing surprises. Todays is strange because it affects one of three servers. If a user tries to login to the web UI on 2/3 of the servers, they get the same error listed in this ticket:

[Freeipa-users] Re: freeipa sudo expiration

On Fri, Sep 01, 2017 at 03:02:34PM -0600, Scott Lucas via FreeIPA-users wrote: > Hi, > > I have a global password policy set for unlimited on expiration date, > however a user who has no issues logging in as himself, got a password > expiration notice when he recently used sudo. I can't seem to

[Freeipa-users] Re: Failure to login on 2/3 of servers after RHEL7.4 upgrade

Steve, What version of IPA are you running? Is SELinux in permissive mode? What are the permissions on: /var/lib/ipa-client/pki/kdc-ca-bundle.pem and /var/kerberos/krb5kdc/kdc.crt ? could you share your /etc/sssd/sssd.conf ? On Tue, Sep 5, 2017 at 2:42 PM, Steve Huston via FreeIPA-users <

[Freeipa-users] Re: Failure to login on 2/3 of servers after RHEL7.4 upgrade

On Tue, Sep 5, 2017 at 1:57 PM, Felipe Barreto Volpone wrote: > What version of IPA are you running? ipa-server-4.5.0-21.el7.x86_64 > Is SELinux in permissive mode? Not normally, but I set it to permissive and ran 'ipactl restart' with no change. > What are the

[Freeipa-users] Re: Failure to login on 2/3 of servers after RHEL7.4 upgrade

- is there a filed called kdcinfo.YOURDOMAIN in /var/lib/sss/pubconf/ ? What does it contain? - can you show your krb5.conf? - can you strace the kinit? On Tue, Sep 05, 2017 at 02:32:28PM -0400, Steve Huston via FreeIPA-users wrote: > I ran it on the machine 'ipa.astro.princeton.edu'. I would

[Freeipa-users] Re: Failure to login on 2/3 of servers after RHEL7.4 upgrade

On Tue, Sep 5, 2017 at 2:43 PM, Jakub Hrozek via FreeIPA-users wrote: > - is there a filed called kdcinfo.YOURDOMAIN in /var/lib/sss/pubconf/ ? > What does it contain? There is, and it contains '128.112.24.29' with no EOL (the IP address for

[Freeipa-users] Re: Failure to login on 2/3 of servers after RHEL7.4 upgrade

On Tue, Sep 05, 2017 at 02:48:59PM -0400, Steve Huston via FreeIPA-users wrote: > On Tue, Sep 5, 2017 at 2:43 PM, Jakub Hrozek via FreeIPA-users > wrote: > > - is there a filed called kdcinfo.YOURDOMAIN in /var/lib/sss/pubconf/ ? > > What does it contain? >

[Freeipa-users] Re: Adding new attribute in the user add dialog

Hi Pavel, Thank you very much for the pointer. I'm able to achieve what I was looking for. Below is the JS I ended up using. Thanks again. --Prashant define([ 'freeipa/phases', 'freeipa/user'], function(phases, user_mod) { // helper function function get_item(array,

[Freeipa-users] Find IPA user or computer account from windows

Is it possible to find an IPA user or computer account from a windows (AD) machine [trust between ipa and ad domain is set up]? If I try that, all i get is a message that no object can be found. Regards, Ronald ___ FreeIPA-users mailing list --

[Freeipa-users] Re: Unable to create an Active Directory Trust

I've checked on the windows part. And nothing is mentioned overthere. Even with adsiedit I can't find any trace of it. Regards, Daniel -Original Message- From: Alexander Bokovoy [mailto:aboko...@redhat.com] Sent: Thursday 31 August 2017 16:44 To: FreeIPA users list

[Freeipa-users] freeipa sudo expiration

Hi, I have a global password policy set for unlimited on expiration date, however a user who has no issues logging in as himself, got a password expiration notice when he recently used sudo. I can't seem to find anything pertaining to sudo rights expiring in the freeipa gui, is there somewhere