Re: [Freeipa-users] Password failing for sudo-ldap authentication only from one host

2012-09-27 Thread David Sastre
On Wed, Sep 26, 2012 at 11:08 PM, David Sastre Medina d.sastre.med...@gmail.com wrote: On Wed, Sep 26, 2012 at 03:06:40PM -0400, Rob Crittenden wrote: David Sastre wrote: [big snip] Does sssd work on this machine otherwise? getent passwd foo, you can log into the console as the user,

[Freeipa-users] FreeIPA 3 rc1 sslget error

2012-09-27 Thread Pieter Baele
Hi, Two problems with FreeIPA 3 on an updated fedora 17 (updates-testing enabled) 1) dependency error for libsss_sudo Error: Package: sudo-1.8.3p1-7.fc17.x86_64 (@updates) Requires: libsss_sudo.so.0(EXPORTED)(64bit) Removing: libsss_sudo-1.8.4-14.fc17.x86_64 (@updates)

Re: [Freeipa-users] Password failing for sudo-ldap authentication only from one host

2012-09-27 Thread Jakub Hrozek
On Thu, Sep 27, 2012 at 08:18:21AM +0200, David Sastre wrote: On Wed, Sep 26, 2012 at 11:08 PM, David Sastre Medina d.sastre.med...@gmail.com wrote: On Wed, Sep 26, 2012 at 03:06:40PM -0400, Rob Crittenden wrote: David Sastre wrote: [big snip] Does sssd work on this machine

Re: [Freeipa-users] FreeIPA 3 rc1 sslget error

2012-09-27 Thread Jakub Hrozek
On Thu, Sep 27, 2012 at 09:56:02AM +0200, Pieter Baele wrote: Hi, Two problems with FreeIPA 3 on an updated fedora 17 (updates-testing enabled) 1) dependency error for libsss_sudo Error: Package: sudo-1.8.3p1-7.fc17.x86_64 (@updates) Requires:

Re: [Freeipa-users] FreeIPA 3 rc1 sslget error

2012-09-27 Thread Alexander Bokovoy
On Thu, 27 Sep 2012, Pieter Baele wrote: 2) some error on RA agent certificate issuing [16/20]: issuing RA agent certificate Unexpected error - see /var/log/ipaserver-install.log for details: CalledProcessError: Command '/usr/bin/sslget -v -n ipa-ca-agent -p -d /tmp/tmp-1ItZiZ -r

Re: [Freeipa-users] Easy deployment

2012-09-27 Thread Dmitri Pal
On 09/25/2012 04:18 PM, Sigbjorn Lie wrote: On 09/25/2012 12:17 AM, James James wrote: Hi guys, we are planning to install 150 freeipa clients and I was wondering if there is a way to easily install (from kickstart) nfsv4 client. I can add host with # ipa host-add --password=secret But

Re: [Freeipa-users] winsync agreement wipes IPA users

2012-09-27 Thread Rich Megginson
On 09/25/2012 09:46 PM, Rob Crittenden wrote: Steven Jones wrote: Hi, I dont have a ldapmodify command for changing something in AD. I have increased the only scope I/we know about which is the return of objects from a search inside the AD gui but that might be specific to that view tool.

Re: [Freeipa-users] winsync agreement transferred users not going into ipausers and existing users dropped from all their groups

2012-09-27 Thread Rich Megginson
On 09/26/2012 03:17 PM, Steven Jones wrote: Is this expected? Ticket #2324 AD Users synced to IPA server are not added to ipausers group https://fedorahosted.org/freeipa/ticket/2324 By existing users do you mean existing users in IPA? Are these users synced with entries in AD? regards

Re: [Freeipa-users] Easy deployment

2012-09-27 Thread James James
Not yet but can you give me some clues ? 2012/9/27 Dmitri Pal d...@redhat.com On 09/25/2012 04:18 PM, Sigbjorn Lie wrote: On 09/25/2012 12:17 AM, James James wrote: Hi guys, we are planning to install 150 freeipa clients and I was wondering if there is a way to easily install (from

Re: [Freeipa-users] clients very slow

2012-09-27 Thread David Fitzgerald
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dmitri Pal Sent: Thursday, September 13, 2012 6:50 PM To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] clients very slow On 09/13/2012 09:54 AM, David Fitzgerald wrote: Hello Everyone, I

Re: [Freeipa-users] winsync agreement wipes IPA users

2012-09-27 Thread Steven Jones
Its also a forest wide setting :/ regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones

Re: [Freeipa-users] Problem with webui: kerberos ticket no longer valid

2012-09-27 Thread David Sastre Medina
On Mon, Sep 10, 2012 at 08:59:18AM -0400, Dmitri Pal wrote: On 08/24/2012 06:31 AM, David Sastre wrote: On Fri, Aug 24, 2012 at 12:06 PM, Ondrej Valousek wrote: try running 'kinit -R'? Nope. It fails even after kdestroy and kinit a-new. Was this issue ever resolved? Just for the record:

Re: [Freeipa-users] winsync agreement transferred users not going into ipausers and existing users dropped from all their groups

2012-09-27 Thread Steven Jones
Hi, Yes existing IPA usersall users that are in AD lose ipausers AND any IPA user groups they were assigned to in IPA before the winsync takes place. So to be clear (I hope), After the winsync any IPA user NOT in AD stays in ipausers and their assigned IPA groups and works normally.

Re: [Freeipa-users] winsync agreement transferred users not going into ipausers and existing users dropped from all their groups

2012-09-27 Thread Rich Megginson
On 09/27/2012 02:57 PM, Steven Jones wrote: Hi, Yes existing IPA usersall users that are in AD lose ipausers AND any IPA user groups they were assigned to in IPA before the winsync takes place. So to be clear (I hope), After the winsync any IPA user NOT in AD stays in ipausers and their