[Freeipa-users] AD overwrite not persistence

Hi, we use an Active Directory (Server 2012) and a FreeIPA 4.5.4 installation. FreeIPA runs under Centos 7, sssd version is sssd-1.16.0-19.el7.x86_64. Between AD and FreeIPA we have set up a one-way trust. For some AD users, we have set up a uid override under "Default Trust View" in FreeIPA.

[Freeipa-users] Re: kpasswd: Preauthentication failed getting initial ticket

On ke, 04 heinä 2018, lune voo via FreeIPA-users wrote: I will try to reproduce the problem interactively in python. I meant in shell, to rule out any issues outside your python code. Lune Le mer. 4 juil. 2018 à 07:20, Alexander Bokovoy a écrit : On ke, 04 heinä 2018, lune voo wrote:

[Freeipa-users] AD user shown id command but visible for ldapsearch

Hi, On a test FreeIPA environment (4.5.0-22), a user is shown using the id command, so ID Override is working as well. id x...@accmsnet.railb.be uid=8028(x...@accmsnet.railb.be) gid=4030(ucc) groups=4030(ucc),702800513(domain us...@accmsnet.railb.be ),131849(ad_users) However this particular

[Freeipa-users] Re: kpasswd: Preauthentication failed getting initial ticket

Hello Alexander. Thanks for the answer. Otp stands for one time password. In fact in order to set a password for a user, I do first a ipa passwd using ipa python library. The otp is good normally. And the kpasswd password should be good also except if ipa kdc dont like some special characters

[Freeipa-users] AIX 7.x with sudo, netgroups, LDAP and Kerberos

I have currently been assisting an AIX colleague to use IPA as authentication/authz provider for AIX systems. That way we are moving to a common platform We have found some examples on the web (AIX 5.x, AIX 6); information here and there - but for the moment we still have a few issues. The

[Freeipa-users] Re: AD user shown id command but visible for ldapsearch

On ke, 04 heinä 2018, Pieter Baele via FreeIPA-users wrote: Hi, On a test FreeIPA environment (4.5.0-22), a user is shown using the id command, so ID Override is working as well. id x...@accmsnet.railb.be uid=8028(x...@accmsnet.railb.be) gid=4030(ucc) groups=4030(ucc),702800513(domain

[Freeipa-users] Re: kpasswd: Preauthentication failed getting initial ticket

On ke, 04 heinä 2018, lune voo wrote: Hello Alexander. Thanks for the answer. Otp stands for one time password. In fact in order to set a password for a user, I do first a ipa passwd using ipa python library. So, your code is equivalent to kinit admin ipa passwd test-user kpasswd test-user

[Freeipa-users] Re: kpasswd: Preauthentication failed getting initial ticket

I will try to reproduce the problem interactively in python. Lune Le mer. 4 juil. 2018 à 07:20, Alexander Bokovoy a écrit : > On ke, 04 heinä 2018, lune voo wrote: > >Hello Alexander. > > > >Thanks for the answer. > > > >Otp stands for one time password. > > > >In fact in order to set a

[Freeipa-users] Re: AD overwrite not persistence

On ti, 03 heinä 2018, Michael Gusek via FreeIPA-users wrote: Hi Alexander, its SSSD, we check it with id -u u...@example.com. Then you need to gather logs from SSSD on IPA master. Basically, add debug_level = 9 in domain and nss sections to /etc/sssd/sssd.conf and restart sssd. Logs will be

[Freeipa-users] admin account getting locked

Somehow, the admin account is permanently locked just a simple reproduction sh-4.2# kinit admin kinit: Client's credentials have been revoked while getting initial credentials sh-4.2# kdestroy -A sh-4.2# kinit Password for @bla-bla sh-4.2# ipa user-unlock admin

[Freeipa-users] Re: AD overwrite not persistence

Ok, i've activated logging for all sections, i'm missed section nss. I will upload log files next time if i run in trouble. Michael Am 03.07.2018 um 15:49 schrieb Alexander Bokovoy: > On ti, 03 heinä 2018, Michael Gusek via FreeIPA-users wrote: >> Hi Alexander, >> >> its SSSD, we check it with

[Freeipa-users] Re: admin account getting locked

On ti, 03 heinä 2018, skrawczenko--- via FreeIPA-users wrote: Somehow, the admin account is permanently locked just a simple reproduction sh-4.2# kinit admin kinit: Client's credentials have been revoked while getting initial credentials sh-4.2# kdestroy -A sh-4.2# kinit Password for

[Freeipa-users] Re: AD overwrite not persistence

Hi Alexander, its SSSD, we check it with id -u u...@example.com. Michael Am 03.07.2018 um 14:57 schrieb Alexander Bokovoy via FreeIPA-users: > On ti, 03 heinä 2018, Michael Gusek via FreeIPA-users wrote: >> Hi, >> >> we use an Active Directory (Server 2012) and a FreeIPA 4.5.4 >> installation.

[Freeipa-users] Re: AD overwrite not persistence

On ti, 03 heinä 2018, Michael Gusek via FreeIPA-users wrote: Ok, i've activated logging for all sections, i'm missed section nss. I will upload log files next time if i run in trouble. Please don't post it public as it would contain quite a number of details about your deployment. -- /

[Freeipa-users] kpasswd: Preauthentication failed getting initial ticket

Hello ! I contact you because I encounter a problem when I use kpasswd using python popen function. I use freeipa 3.0 and python 2.6.6. Here is what I do in python : input_process = otp + '\n' + password + '\n' + password cmd = 'kpasswd %s' % user_login cmd_and_args = shlex.split(cmd) p =

[Freeipa-users] Re: kpasswd: Preauthentication failed getting initial ticket

On ti, 03 heinä 2018, lune voo via FreeIPA-users wrote: Hello ! I contact you because I encounter a problem when I use kpasswd using python popen function. I use freeipa 3.0 and python 2.6.6. Here is what I do in python : input_process = otp + '\n' + password + '\n' + password Here you