Hi all,
I am still exploring my default setup, and have noticed that while the
"admin" user is a part of the admins and trust admins group, neither the
user nor those groups have any roles defined on them that I can see.
Where is this special username getting its permissions from?
Thanks for
Ah I see now. Adding --raw to the end of the privilege-show CLI command
shows me that the admins group is a member of that privilege.
Thank you!
On Thu, Oct 10, 2019 at 10:36 AM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wrote:
> > Hi all,
> >
> > I am still
Hi all,
I am in the beginning stages of researching moving from NIS to FreeIPA. I
am running through the workshop on the FreeIPA github, and am having
difficulty understanding the difference between categories and groups.
For example, I have one HBAC rule that came pre-defined on my FreeIPA
That makes sense. Thank you!
On Wed, Oct 9, 2019 at 1:02 PM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wrote:
> > Hi all,
> >
> > I am in the beginning stages of researching moving from NIS to FreeIPA.
> > I am running through the workshop on the Fr
.*
> dns_discovery_domain =
> autofs_provider = ipa
> ipa_automount_location = default
> [sssd]
> services = nss, sudo, pam, autofs, ssh
> domains =
> [nss]
> homedir_substring = /home
> [pam]
> [sudo]
> [autofs]
> [ssh]
> [pac]
> [ifp]
> [secret
ing in the two servers due to one being seen from
autodiscovery, and the other being manually defined.
Thanks for the insight!
On Wed, Jan 29, 2020 at 11:34 AM Florence Blanc-Renaud
wrote:
> On 1/29/20 3:54 PM, Russell Jones via FreeIPA-users wrote:
> > Hi Rob,
> >
> > Thanks for
Hi all,
I have ran into a bit of a surprise (for me anyway). After adding a second
NIC to my FreeIPA server in order to provide IPA services for the same
realm to a second network, I am unable to join clients to it and am getting
the following error:
2020-01-29T19:15:55Z DEBUG stderr=
I have followed this documentation for enabling an automount to show up for
a NIS client that is bound to FreeIPA, and it worked as expected and the
NIS client can see the automount:
put.txt
Enter LDAP Password:
[root@freeipa4 ~]# grep -i "cn=config" output.txt
ipaPermTarget: cn=*,cn=automember rebuild membership,cn=tasks,cn=config
ipaPermLocation: cn=tasks,cn=config
[root@freeipa4 ~]#
On Thu, Feb 6, 2020 at 1:30 PM Rob Crittenden wrote:
> Russell Jones via FreeI
membership,cn=tasks,cn=config
> ipaPermLocation: cn=tasks,cn=config
> [root@freeipa4 ~]#
>
> On Thu, Feb 6, 2020 at 1:30 PM Rob Crittenden wrote:
>
>> Russell Jones via FreeIPA-users wrote:
>> > I have followed this documentation for enabling an automount to show up
Thanks! I just found an answer, enumeration isn't enabled in SSSD by
default. Turning this option on allows finger to match the extra fields
properly.
https://access.redhat.com/solutions/730033
On Thu, Jan 30, 2020 at 12:20 PM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wr
Thanks! We want to auth with password though. Just found in the docs where
it says NIS auth requires the hash to be set to crypt, so we are abandoning
this idea.
On Thu, Feb 6, 2020, 4:00 PM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wrote:
> > I have a client bound t
utomember rebuild membership,cn=tasks,cn=config
>> ipaPermLocation: cn=tasks,cn=config
>> [root@freeipa4 ~]#
>>
>> On Thu, Feb 6, 2020 at 1:30 PM Rob Crittenden
>> wrote:
>>
>>> Russell Jones via FreeIPA-users wrote:
>>> > I h
I have a client bound to FreeIPA using NIS, however when doing a "ypcat
passwd" the password fields are an asterisk (*) instead of a password hash.
The NIS integration docs are a bit sparse - am I missing something to allow
NIS clients to authenticate against FreeIPA as an actual NIS client? Is
I'm running "ipa-client-install --force-join --no-nisdomain -U", and it
auto discovers my freeipa servers, but places both _srv_ and the first
server under the "ipa_server" line. This results in the first server being
listed twice when running "sssctl domain-status".
Is this expected behavior? Is
Use a bash script to do so. ipa-server-install . -p ${PASSWD}
On Thu, Mar 25, 2021 at 4:49 AM Dominik Vogt via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> We want to generate the initial passwords at random. Is there a
> non-interactive method of telling
Hi all,
I have a replica that, while offline due to maintenance, some certificates
appear to have been auto renewed. Upon bringing the node back online the
ipa-healthcheck script showed several errors that were fixed by
re-initializing the replica.
However, the following errors were not fixed by
2, 2021 at 4:03 PM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wrote:
> > Hi all,
> >
> > I have a replica that, while offline due to maintenance, some
> > certificates appear to have been auto renewed. Upon bringing the node
> > back online the ipa-
Hi all,
I am not sure what to do with these below errors. Are they related to my
failed replica that I rebuilt and resynced, and as a result can be ignored?
All the current certificates seem to be healthy.
Thanks for the insight!
WARNING:
Thank you!
It resolved itself before I got a chance to try resubmitting the ID's. :-)
On Mon, Sep 13, 2021 at 9:17 AM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wrote:
> > Hi all,
> >
> > I am not sure what to do with these below errors. Are they related to
ng and non-working server to see
> if they match.
>
> rob
>
> >
> > On Thu, Sep 2, 2021 at 4:03 PM Rob Crittenden > <mailto:rcrit...@redhat.com>> wrote:
> >
> > Russell Jones via FreeIPA-users wrote:
> > > Hi all,
> > &
t="cn=meTofreeipa.us.ep.corp.local" (freeipa:389) -
Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid
credentials) ()"
On Fri, Jan 28, 2022 at 9:23 AM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wrote:
> > Thanks,
> >
> > I ended up finding the i
Hi all,
I have a setup of 4 FreeIPA servers, version 4.6.5, all on CentOS 7.
I've discovered that #4 is not syncing a new "video" group I created, while
the other 3 all have the group.
When looking at dirsrv error log, I am seeing the following after running
an ipactl stop / ipactl start:
Florence Blanc-Renaud
wrote:
> Hi,
> you can find troubleshooting tips in
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/trouble-gen-replication
>
> HTH,
> flo
>
> On Thu, Jan 27, 2022 at 6
Hi all,
I am very confused on why I am not able to enumerate the group members on a
centos 8 machine with the above command, but I can on a centos 7 machine.
[root@centos8-1 log]# getent group -s sss video
video:x:39:
[root@centos7-n11 log]# getent group -s sss video
video:*:39:
Both are
u, Jan 27, 2022 at 04:06:19PM -0600 schrieb Russell Jones via
> FreeIPA-users:
> > Hi all,
> >
> > I am very confused on why I am not able to enumerate the group members
> on a
> > centos 8 machine with the above command, but I can on a centos 7 machine.
> >
> &
26 matches
Mail list logo
