Re: [Freeipa-users] Sudo Rule Command Line Option Arguments (Solved)

2014-03-13 Thread Rashard . Kelly
The command had not been added into the sudocmd database. member sudo command: /usr/bin/yum --disableexcludes=all localinstall example*: no such entry I think this error should point to someone checking to make sure the sudo command had been created, something along the lines of no sudocmd

Re: [Freeipa-users] Migration mode

2014-03-13 Thread Jitse Klomp
2014-03-11 16:15 GMT+01:00 Jitse Klomp jitsekl...@gmail.com: On 03/11/2014 03:06 PM, Sumit Bose wrote: On Mon, Mar 10, 2014 at 11:09:48PM +0100, Jitse Klomp wrote: On 10-03-14 22:06, Sumit Bose wrote: Thank you. Maybe there is a change in return codes between MIT Kerberos 1.10 (Centos 6)

Re: [Freeipa-users] Sudo Rule Command Line Option Arguments (Solved)

2014-03-13 Thread Rob Crittenden
rashard.ke...@sita.aero wrote: The command had not been added into the sudocmd database. member sudo command: /usr/bin/yum --disableexcludes=all localinstall example*: no such entry I think this error should point to someone checking to make sure the sudo command had been created,

Re: [Freeipa-users] Mountain Lion GUI Login (Expired passwords / Mavericks too)

2014-03-13 Thread Robert Story
On Thu, 13 Mar 2014 14:08:29 + Jason wrote: JW Now if I create a new user in IPA. It will require a password change on JW logon. JW JW When I logon on the Mac with this new user. The password box wiggles JW and a box appears underneath it. Reset your password. Saying I need JW to set a new

[Freeipa-users] Mountain Lion GUI Login (Expired passwords / Mavericks too)

2014-03-13 Thread Jason Woods
Hi all, This has been raised previously, here: https://www.redhat.com/archives/freeipa-users/2013-August/msg00043.html I'm experiencing the same issue and I will summarise. Mac OS X (Mavericks in my case, but it was the same before I upgraded it from Mountain Lion.) Using RHEL 6.5 and ipa

Re: [Freeipa-users] Sudo Rule Command Line Option Arguments (Solved)

2014-03-13 Thread Rashard . Kelly
I would be happy to open a ticket, where do I go to do that? Thank You, Rashard Kelly From: Rob Crittenden rcrit...@redhat.com To: rashard.ke...@sita.aero, freeipa-users@redhat.com Date: 03/13/2014 09:52 AM Subject:Re: [Freeipa-users] Sudo Rule Command Line Option Arguments

Re: [Freeipa-users] Sudo Rule Command Line Option Arguments (Solved)

2014-03-13 Thread Petr Spacek
On 13.3.2014 15:59, rashard.ke...@sita.aero wrote: I would be happy to open a ticket, where do I go to do that? https://fedorahosted.org/freeipa/newticket You need an Fedora account to open a new ticket: https://admin.fedoraproject.org/accounts/user/new Petr^2 Spacek From: Rob Crittenden

Re: [Freeipa-users] Migration mode

2014-03-13 Thread Lukas Slebodnik
On (13/03/14 14:51), Jitse Klomp wrote: 2014-03-11 16:15 GMT+01:00 Jitse Klomp jitsekl...@gmail.com: On 03/11/2014 03:06 PM, Sumit Bose wrote: On Mon, Mar 10, 2014 at 11:09:48PM +0100, Jitse Klomp wrote: On 10-03-14 22:06, Sumit Bose wrote: Thank you. Maybe there is a change in return

[Freeipa-users] quick question

2014-03-13 Thread Todd Maugh
does IDM work with AD 2012 or only 2008 -Todd ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] quick question

2014-03-13 Thread Rich Megginson
On 03/13/2014 11:02 AM, Todd Maugh wrote: does IDM work with AD 2012 or only 2008 Are you talking about trusts? Not sure. Winsync? The PassSync password sync agent? I think so, with RHEL 6.5, or perhaps it is RHEL6.6. -Todd ___ Freeipa-users

Re: [Freeipa-users] quick question

2014-03-13 Thread Alexander Bokovoy
On Thu, 13 Mar 2014, Rich Megginson wrote: On 03/13/2014 11:02 AM, Todd Maugh wrote: does IDM work with AD 2012 or only 2008 Are you talking about trusts? Not sure. Winsync? The PassSync password sync agent? I think so, with RHEL 6.5, or perhaps it is RHEL6.6. Trusts work with 2008,

Re: [Freeipa-users] quick question

2014-03-13 Thread Todd Maugh
Yes for trusts rhel6.5 with AD 2012 for winsync and password sync From: Rich Megginson [mailto:rmegg...@redhat.com] Sent: Thursday, March 13, 2014 10:16 AM To: Todd Maugh; freeipa-users@redhat.com Subject: Re: [Freeipa-users] quick question On 03/13/2014 11:02 AM, Todd Maugh wrote: does IDM work

Re: [Freeipa-users] quick question

2014-03-13 Thread Alexander Bokovoy
Todd, On Thu, 13 Mar 2014, Todd Maugh wrote: Yes for trusts rhel6.5 with AD 2012 for winsync and password sync You are mixing two different things. - winsync/password sync is not trusts. AD accounts are physically cloned to IdM on each change at AD side. When logging to IdM with AD

Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

2014-03-13 Thread Todd Maugh
Ok I got the credentials error worked out, my ad admin had the IDMadmin account in the wrong OU but now i get this Added CA certificate ADC13-ELS.CA.cer to certificate database for idm-master-els.ops.boingo.com ipa: INFO: AD Suffix is: DC=BWINC,DC=local The user for the Windows PassSync

Re: [Freeipa-users] Mountain Lion GUI Login (Expired passwords / Mavericks too)

2014-03-13 Thread Davis Goodman
--Davis GoodmanDirecteur Informatique| IT Manager5605 Avenue de Gaspé, Suite 408 |Montréal,QCH2T 2A4Tél: +1 (514) 360-3253 x104 Cell: +1 (514) 994-7360 On Mar 13, 2014, at 10:29 , Robert Story rst...@tislabs.com wrote:On Thu, 13 Mar 2014 14:08:29 + Jason wrote:JW Now if I create a new user

Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

2014-03-13 Thread Rich Megginson
On 03/13/2014 12:01 PM, Todd Maugh wrote: Ok I got the credentials error worked out, my ad admin had the IDMadmin account in the wrong OU but now i get this Added CA certificate ADC13-ELS.CA.cer to certificate database for idm-master-els.ops.boingo.com ipa: INFO: AD Suffix is:

Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

2014-03-13 Thread Todd Maugh
ok so I ran that and Get this output [r...@idm-master-els.ops.boingo.com cacerts]$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ -h adc13-els.bwinc.local -D cn=idmadmin,cn=Users,dc=bwinc,dc=local -w XX -s base -b cn=Users,dc=bwinc,dc=local dn:

Re: [Freeipa-users] Mountain Lion GUI Login (Expired passwords / Mavericks too)

2014-03-13 Thread Jason Woods
Hi I don't have OS X, but every time I create a new test user on linux and log in to test it, I get bit by the fact that the passwd change always asks for the existing password first, before asking for the new password. So I have to enter the original password once to login, once to make

Re: [Freeipa-users] Migration mode

2014-03-13 Thread Jitse Klomp
2014-03-13 18:00 GMT+01:00 Lukas Slebodnik lsleb...@redhat.com: On (13/03/14 14:51), Jitse Klomp wrote: 2014-03-11 16:15 GMT+01:00 Jitse Klomp jitsekl...@gmail.com: On 03/11/2014 03:06 PM, Sumit Bose wrote: On Mon, Mar 10, 2014 at 11:09:48PM +0100, Jitse Klomp wrote: On 10-03-14

Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

2014-03-13 Thread Rich Megginson
On 03/13/2014 12:29 PM, Todd Maugh wrote: ok so I ran that and Get this output Ok. Next, take a look at /var/log/dirsrv/slapd-OPS-BOINGO-COM/errors [r...@idm-master-els.ops.boingo.com cacerts]$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ -h

Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

2014-03-13 Thread Todd Maugh
Ok the error I see repeated in the log is [13/Mar/2014:18:41:21 +] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:43:11 +] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0

Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

2014-03-13 Thread Rich Megginson
On 03/13/2014 12:50 PM, Todd Maugh wrote: Ok the error I see repeated in the log is [13/Mar/2014:18:41:21 +] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:43:11 +] slapi_ldap_bind - Error: could not send startTLS

Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

2014-03-13 Thread Todd Maugh
I believe they are. so here is the out put of the log. it was showing those errors, I deleted the wynsync agreement and then restarted ipa and then readded the winsync and the errors returned. could this be a cert issue? [13/Mar/2014:19:48:20 +] slapi_ldap_bind - Error: could not send

Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

2014-03-13 Thread Rich Megginson
On 03/13/2014 01:58 PM, Todd Maugh wrote: I believe they are. so here is the out put of the log. it was showing those errors, I deleted the wynsync agreement and then restarted ipa and then readded the winsync and the errors returned. could this be a cert issue? [13/Mar/2014:19:48:20 +]

Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

2014-03-13 Thread Todd Maugh
thank you Rich for all your help as I am inclined to think its a cert issue as well so I ran the new command, and there are some lines that stick out to me in reference to the cert: [r...@idm-master-els.ops.boingo.com ~]$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -d 1

Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

2014-03-13 Thread Todd Maugh
I'm curious if the ldap.conf is wrong: heres what it looks like #File modified by ipa-client-install URI ldaps://idm-master-els.ops.boingo.com BASE dc=ops,dc=boingo,dc=com TLS_CACERT /etc/openldap/cacerts/ TLS_REQCERT allow From: Todd Maugh Sent: Thursday, March

[Freeipa-users] Password sync woes

2014-03-13 Thread Todd Maugh
Sorry Guys me again. So I have my winsync agreement up and I know have my password sync setup the cert has been imported SSL is configured properly, but when I go to change a password in AD I see this error in passsync.log LDAP error in QueryUsername 32: No such object any

Re: [Freeipa-users] Password sync woes

2014-03-13 Thread Rich Megginson
On 03/13/2014 05:18 PM, Todd Maugh wrote: Sorry Guys me again. So I have my winsync agreement up and I know have my password sync setup the cert has been imported SSL is configured properly, but when I go to change a password in AD I see this error in passsync.log LDAP error in