You can get authentication failure if the user's home is on a NFS which is
failing to re-mount.
The stale NFS handle usually means the NFS server changed fsid of the exported
volume after its reboot.
This usually happens if you are exporting a LVM partition via NFS.
The workaround is to specify
Hi all,
Some days ago i've said on freeipa IRC channel that the documentation on
freeipa + apache + SNI (located here
http://freeipa.org/page/Apache_SNI_With_Kerberos) was wrong.
I've set up a apache server with SNI and tested sso with mit kerberos on
windows 7 64bits + firefox . On my
Steven Jones wrote:
I just setup a winsync agreement expect its wiped any IPA user that also
exists in AD.
Is this expected? if so how do I stop it doing that?
The 389-ds winsync plugin is deleting entries that appear to be out of
scope,
https://fedorahosted.org/freeipa/ticket/2927
rob
Hello all,
It is difficult for newcomers to cope with all this 389DS/FreeIPA stuff, after
reading the project documentation and several mail messages in the archives I
still have some unanswered questions so I would be very grateful if list
members could answer the following doubts.
I need
Hello Everyone,
I work at a small university and I deployed freeIPA on my Linux network over
the summer break with no (known) problems, and everything worked as expected.
However, now that the semester has started and the Linux system is under a much
higher load, I am noticing that my client
Hi,
I opened a request a while ago for Automount cross-location support.
https://bugzilla.redhat.com/show_bug.cgi?id=768177
https://fedorahosted.org/freeipa/ticket/1699#
I see from the comments that it's uncertain how this can be implemented.
Could the Virtual Views in 389-ds be used to
Sorry, the parameter mentioned below has already been implemented :-)
On 09/13/2012 04:12 PM, Ondrej Valousek wrote:
I guess the easiest implementation would be using pre-defined variable in
automount map names.
The variable would be then defined by an automount process using the -D
Ondrej Valousek wrote:
Sorry, the parameter mentioned below has already been implemented :-)
He wants to be able to share a common set of maps between locations
rather than having to duplicate them across each location.
We're limited by the LDAP clients at this point because they just query
Hi,
That still only supports one automount location. Currently, a map has to be
redefined in every
automount location if the same map is to be used for several locations.
My request is to be able to share maps between the automount locations, as well
as having the per
location maps available
On 09/13/2012 07:01 AM, mailing lists wrote:
Hello all,
It is difficult for newcomers to cope with all this 389DS/FreeIPA stuff,
after reading the project documentation and several mail messages in the
archives I still have some unanswered questions so I would be very grateful if
list
Hi,
why are legit users including those in the admin group out of scope?
and how do I put legit users in scope?
and why doesnt the winsync doc section at least comment (obviously) that I have
to change scopes? kind of bad news when I lose all my users...
regards
Steven Jones
Technical
Hi,
Do you not think that maybe the winsync feature shouldnt then be disabled until
its fix makes it to RHEL6 production tree?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: Rich
On 09/13/2012 02:39 PM, Steven Jones wrote:
Hi,
why are legit users including those in the admin group out of scope?
They are out of scope of the winsync agreement.
Let's say you have in AD
cn=Users,dc=example,dc=com
cn=Adminusers,dc=example,dc=com
and in IPA
On 09/13/2012 02:53 PM, Steven Jones wrote:
Hi,
Do you not think that maybe the winsync feature shouldnt then be disabled until
its fix makes it to RHEL6 production tree?
will be fixed in RHEL 6.4 - not sure what you mean by RHEL6 production
tree
regards
Steven Jones
Technical
On 09/13/2012 03:18 PM, Steven Jones wrote:
with win-subtree
can i specify more than one cn?
for instance,
--win-subtree cn=Staff,$SUFFIX,cn=admins,$SUFFIX
or can I say, cn=$SUFFIX
?
no
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4
Hi,
So I have 6.3 and just lost all my IPA users. So anyone on 6.2/6.3 until they
upgrade after December's 6.4 could lose all their IPA users if they do a
winsync agreement and dont twig to that option being essential if they dont
have a std AD. Not only that my admins are in a separate OU,
On 09/13/2012 05:11 PM, Steven Jones wrote:
Hi,
So I have 6.3 and just lost all my IPA users.
In production or in a test environment?
So anyone on 6.2/6.3 until they upgrade after December's 6.4 could lose all
their IPA users if they do a winsync agreement and dont twig to that option
being
On 09/13/2012 09:54 AM, David Fitzgerald wrote:
Hello Everyone,
I work at a small university and I deployed freeIPA on my Linux
network over the summer break with no (known) problems, and
everything worked as expected. However, now that the semester has
started and the Linux system is
18 matches
Mail list logo