On Wed, Feb 19, 2014 at 12:17:59AM +0200, Genadi Postrilko wrote:
After i restarted SSSD nothing changed - still cannot login via ssh/su.
I have increased debug level to 6:
https://gist.github.com/anonymous/9081367
(krb5_child was empty)
The LDAP extented operation which should fetch the user
Dear all:
I created a account of operator and added roles of user admin with reset
/modify passwor priviges.
but when he login , the reset password button is grey ?
Any permission i should assign more...
Now can only add this operator to admin group so all full access right.
thks
Barry
On 19.2.2014 10:37, barry...@gmail.com wrote:
Dear all:
I created a account of operator and added roles of user admin with reset
/modify passwor priviges.
but when he login , the reset password button is grey ?
Any permission i should assign more...
Now can only add this operator to admin
On Tue, Feb 04, 2014 at 04:11:12AM +, Les Stott wrote:
If I access the host host1 and remove allow_all from its defined HBAC rules
in the web ui, jane can still access host1 via ssh (actually tested login).
I can see you've found the solution already but I'd like to go back to
this part.
Hi Pavel,
sdainard-admin is a Windows domain user, part of an external group
'ad_admins_external' which is a member of 'ad_admins', an ipa posix group.
'admins' groups is the built-in ipa admin group.
ipa group-show admins
Group name: admins
Description: Account administrators group
GID:
Hi Martin,
Thanks for your previous answer.
And how can I export a list of DNS entries using ldapsearch?
Regards,
Suhail.
DevOps BSkyB.
From: Martin Kosek [mko...@redhat.com]
Sent: 22 January 2014 13:30
To: Choudhury, Suhail; freeipa-users@redhat.com
Similarly to users, you just use the right container:
$ kinit admin
$ ldapsearch -h `hostname` -Y GSSAPI -b 'cn=dns,dc=example,dc=com'
There are plenty of resources online how to work with ldapsearch, ldapmodify
and resulting LDIFs that could help get you started.
Martin
On 02/19/2014 04:33
When I added a windows 7 client (let's call it
windows.lan.domain.com), I had to go manually enter the domain (in
System Properties-Computer Name/Domain Changes-DNS Suffix and
netbios computer name) even though ipconfig would report it properly.
Otherwise, it would show in the kdc log file
Guys
Any word on this? New logs are attached to the email. I am still not able to
add clients using the replica. Let me know if you need any other information
and thanks for you help.
Shreeraj
Change
On Wed, 19 Feb 2014, Mauricio Tavares wrote:
When I added a windows 7 client (let's call it
windows.lan.domain.com), I had to go manually enter the domain (in
System Properties-Computer Name/Domain Changes-DNS Suffix and
netbios computer name) even though ipconfig would report it properly.
On Wed, 2014-02-19 at 20:34 +0200, Alexander Bokovoy wrote:
On Wed, 19 Feb 2014, Mauricio Tavares wrote:
When I added a windows 7 client (let's call it
windows.lan.domain.com), I had to go manually enter the domain (in
System Properties-Computer Name/Domain Changes-DNS Suffix and
On 19.2.2014 19:44, Simo Sorce wrote:
On Wed, 2014-02-19 at 20:34 +0200, Alexander Bokovoy wrote:
On Wed, 19 Feb 2014, Mauricio Tavares wrote:
When I added a windows 7 client (let's call it
windows.lan.domain.com), I had to go manually enter the domain (in
System Properties-Computer
On Wed, Feb 19, 2014 at 2:02 PM, Petr Spacek pspa...@redhat.com wrote:
On 19.2.2014 19:44, Simo Sorce wrote:
On Wed, 2014-02-19 at 20:34 +0200, Alexander Bokovoy wrote:
On Wed, 19 Feb 2014, Mauricio Tavares wrote:
When I added a windows 7 client (let's call it
On 19.2.2014 20:10, Mauricio Tavares wrote:
On Wed, Feb 19, 2014 at 2:02 PM, Petr Spacek pspa...@redhat.com wrote:
On 19.2.2014 19:44, Simo Sorce wrote:
On Wed, 2014-02-19 at 20:34 +0200, Alexander Bokovoy wrote:
On Wed, 19 Feb 2014, Mauricio Tavares wrote:
When I added a windows 7
Everything seems to be going well for all the 17 of 17 steps and then this
[15/17]: configure clone certificate renewals
[16/17]: configure Server-Cert certificate renewal
[17/17]: Configure HTTP to proxy connections
Done configuring certificate server (pki-cad).
Restarting the directory and
Shree wrote:
1) I have got a step furthur. My replica is not running CA Service. To
achieve this I had to remove the existing cert with this command
pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca -force
Now the replica looks like this
skarulkar@ldap2 tmp]$ sudo ipactl status
Choudhury, Suhail wrote:
Hi Martin,
Thanks for your previous answer.
And how can I export a list of DNS entries using ldapsearch?
He included the basics in his previous answer:
$ kinit admin
$ ldapsearch -h `hostname` -Y GSSAPI -b
'cn=users,cn=accounts,dc=example,dc=com'
You can append
Here are a couple of things
[skarulkar@ldap2 ~]$ rpm -q ipa-client
ipa-client-3.0.0-26.el6_4.4.x86_64
and my /etc/krb5.conf looks like ..
===
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc =
root@test500 ~]# rpm -q ipa-client
ipa-client-2.2.0-16.el6.x86_64
[root@test500 ~]#
Shreeraj
Change is the only Constant !
On Wednesday, February 19, 2014 1:17 PM, Rob Crittenden
Shree wrote:
root@test500 ~]# rpm -q ipa-client
ipa-client-2.2.0-16.el6.x86_64
[root@test500 ~]#
You'll definitely want to update to 2.2.0-17, that fixes CVE-2012-5484
Unfortunately our logging around discovery was rather horrible in 2.2.x
so it is difficult to know exactly what is going on.
Hello,
I want to summarize our position regarding joining Windows systems into IPA.
1) If you already have AD we recommend using this system with AD and
using trusts between AD and IPA.
2) If you do not have AD then use Samba 4 instead of it. It would be
great when Samba 4 grows capability to
Rob
You were right. After upgrading the client to the
ipa-client-3.0.0-37.el6.x86_64 version I started seeing a warning during the
client install that went something like
=
Autodiscovery of servers for failover cannot work with this configuration.
If you proceed with the
22 matches
Mail list logo