[Freeipa-users] Re: AD trust setup woes

2017-09-27 Thread Igor Sever via FreeIPA-users
There is IPA provider, but no sssd_pac module. [service_startup_handler] (0x0010): Could not exec /usr/lib/sssd/sssd_pac --debug-to-files, reason: No such file or directory ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscr

[Freeipa-users] Re: AD trust setup woes

2017-08-01 Thread Igor Sever via FreeIPA-users
I have the same error. I established two-way trust with AD which went fine. Authentication with Kerberos to AD is working. Since I have one test FreeIPA which is working correctly (relatively) I compared logs and pinpointed problem to strange LDAP search which is FreeIPA sending to DC: (&(sAMAcco

[Freeipa-users] Re: AD trust setup woes

2017-08-02 Thread Igor Sever via FreeIPA-users
There is no gidNumber attribute on AD group objects. If I want to apply posix attributes directly in AD, then I don't need FreeIPA, do I... https://blogs.technet.microsoft.com/activedirectoryua/2016/02/09/identity-management-for-unix-idmu-is-deprecated-in-windows-server/ It is obvious that FreeIPA

[Freeipa-users] Re: AD trust setup woes

2017-08-02 Thread Igor Sever via FreeIPA-users
I didn’t specify any ID range. This was all done automagically by setup. I read a lot of documentation, and I can’t remember that ever been mentioned. We indeed had NIS at some point, but this is not supported any more by MS, and FreeIPA should not just presume that we have gidNumber on all acco

[Freeipa-users] Re: AD trust setup woes

2017-09-10 Thread Igor Sever via FreeIPA-users
It looks like my problems with AD trust on server side went away when I upgraded to FreeIPA 4.5 using Centos 7.4 packages, but unfortunately this is only half of the way. I have alot of SLES servers 11 and 12, but it looks like SSSD that comes with SLES is not fully featured as RHEL or Centos.

[Freeipa-users] Re: AD trust setup woes

2017-09-10 Thread Igor Sever via FreeIPA-users
sssd-krb5-common-1.11.5.1-14.1.x86_64 sssd-32bit-1.11.5.1-28.1.x86_64 sssd-ad-1.11.5.1-14.1.x86_64 sssd-ipa-1.11.5.1-14.1.x86_64 python-sssd-config-1.11.5.1-14.1.x86_64 sssd-1.11.5.1-14.1.x86_64 sssd-tools-1.11.5.1-14.1.x86_64 sssd-krb5-1.11.5.1-14.1.x86_64 sssd-ldap-1.11.5.1-14.1.x86_64 ipa-client

[Freeipa-users] Re: AD trust setup woes

2017-09-11 Thread Igor Sever via FreeIPA-users
Can I use FreeIPA as Kerberos and LDAP provider (not as IPA) and still use policies somehow? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: AD trust setup woes

2017-09-11 Thread Igor Sever via FreeIPA-users
Unfortunately, I cannot upgrade systems and packages as I want because of legacy applications. Is there somewhere information how would I approach to configure SSSD to use FreeIPA as Kerberos and LDAP provider and for policies to work? I can only find where access is enforced with LDAP filter in