On Tue, Apr 08, 2014 at 05:22:46PM -0700, Shree wrote:
> Not sure if anyone read my last reply I was still not having any luck.
> Anyways I found the file which was causing it to contact the old IP address
> just a few minutes ago. Though I would share with you in case someone else
> may need it
On 04/08/2014 10:42 PM, Lukas Slebodnik wrote:
> On (08/04/14 13:34), Nathan Broadbent wrote:
>>>
>>> man sssd-sudo says:
>>> CONFIGURING SSSD TO FETCH SUDO RULES
>>> All configuration that is needed on SSSD side is
>>> to extend the list of services with "sudo" in [sssd] section of
>>> sssd.co
On Tue, Apr 08, 2014 at 08:27:01AM +0300, Alexander Bokovoy wrote:
> On Fri, 04 Apr 2014, Alexander Bokovoy wrote:
> >>tevent: Destroying timer event 0x7facb82e9d30
> >>"dcerpc_connect_timeout_handler"
> >^^ stopped just short of authenticating to smbd prior to ask it for
> >informational policy ab
On Tue, 08 Apr 2014, Sumit Bose wrote:
On Tue, Apr 08, 2014 at 08:27:01AM +0300, Alexander Bokovoy wrote:
On Fri, 04 Apr 2014, Alexander Bokovoy wrote:
>>tevent: Destroying timer event 0x7facb82e9d30
>>"dcerpc_connect_timeout_handler"
>^^ stopped just short of authenticating to smbd prior to ask
On Sun, 30 Mar 2014, Dmitri Pal wrote:
On 03/30/2014 03:14 PM, Nordgren, Bryce L -FS wrote:
I think it does not really differ from what I described, conceptually.
It is, however, requiring much more work than what I described.
FreeIPA has flat LDAP DIT. Adding support for separate OUs is in its
On 04/08/2014 09:34 AM, Alexander Bokovoy wrote:
On Sun, 30 Mar 2014, Dmitri Pal wrote:
On 03/30/2014 03:14 PM, Nordgren, Bryce L -FS wrote:
I think it does not really differ from what I described, conceptually.
It is, however, requiring much more work than what I described.
FreeIPA has flat L
On 04/08/2014 03:32 AM, Alexander Bokovoy wrote:
On Tue, 08 Apr 2014, Sumit Bose wrote:
On Tue, Apr 08, 2014 at 08:27:01AM +0300, Alexander Bokovoy wrote:
On Fri, 04 Apr 2014, Alexander Bokovoy wrote:
>>tevent: Destroying timer event 0x7facb82e9d30
>>"dcerpc_connect_timeout_handler"
>^^ stopped
I'm having the exact same issue as
http://www.redhat.com/archives/freeipa-users/2013-October/msg9.html
I upgraded from RHEL-6.3 to RHEL-6.5, and now FreeIPA won't start due to
kadmind not starting.
The kadmind.log contains an extremely unhelpful:
Apr 08 11:31:20 i-31f62969 kadmind[20850](Error
Sorry for the delayed reply. This is "other duties as assigned" and the day job
got in the way. :) However, the computer is busy running fits to data for the
next day or so. My electronic master is thus distracted.
> >> Wow!
> >> First of all thanks for a nice pictures and sharing your ideas.
>
Figured it out.
Somehow during the upgrade process, the default_realm changed to one of
our other domains we use. I'm guessing some RPM postinstall script
pulled the domain out of sssd.conf as that's the only place on the box
where that domain is mentioned. We don't touch krb5.conf with any sort
of
Patrick Hemmer wrote:
Figured it out.
Somehow during the upgrade process, the default_realm changed to one of
our other domains we use. I'm guessing some RPM postinstall script
pulled the domain out of sssd.conf as that's the only place on the box
where that domain is mentioned. We don't touch kr
This is what the non-functional version looked like:
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = CLOUD.COM
dns_lookup_realm = false
dns_l
I know I'm missing something simple. But I just can't get this ipa client
to accept any sudo rules.
-sh-4.1$ sudo -l
[sudo] password for test...@domain.com:
User test...@domain.com is not allowed to run sudo on cypress.
-sh-4.1$ id
uid=11659(test...@domain.com) gid=11659(test...@domain.com)
group
Have you installed libsss_sudo?
Try to follow the instruction here:
https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html
and
http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
2014-04-08 22:17 GMT+03:00 Mark Gardner :
> I know I'm missing something simple. B
>
> I know I'm missing something simple. But I just can't get this ipa
>> client to accept any sudo rules.
>>
>>
I rand into the same issue. It's not documented anywhere, but you need to
enable the 'sudo' service in /etc/sssd/sssd.conf
You need to change:
[sssd]
services = nss, pam, ssh
to:
[ss
On (08/04/14 12:52), Nathan Broadbent wrote:
>>
>> I know I'm missing something simple. But I just can't get this ipa
>>> client to accept any sudo rules.
>>>
>>>
>I rand into the same issue. It's not documented anywhere, but you need to
>enable the 'sudo' service in /etc/sssd/sssd.conf
>
>You ne
On (08/04/14 13:34), Nathan Broadbent wrote:
>>
>> man sssd-sudo says:
>> CONFIGURING SSSD TO FETCH SUDO RULES
>> All configuration that is needed on SSSD side is
>> to extend the list of services with "sudo" in [sssd] section of
>> sssd.conf(5).
>>
>> ^^
>
> man sssd-sudo says:
> CONFIGURING SSSD TO FETCH SUDO RULES
> All configuration that is needed on SSSD side is
> to extend the list of services with "sudo" in [sssd] section of
> sssd.conf(5).
>
>
> I would say it i
I'm sure that I'm doing this very wrong, but I'm wondering if anyone
can offer any solutions.
I currently have a relatively small domain that's used internally.
Let's say fandingo.org. This domain covers various class C networks on
192.168.0.0/16. Currently, there's an Active Directory server that
On Tue, 2014-04-08 at 16:42 -0500, Justin Brown wrote:
> I'm sure that I'm doing this very wrong, but I'm wondering if anyone
> can offer any solutions.
>
> I currently have a relatively small domain that's used internally.
> Let's say fandingo.org. This domain covers various class C networks on
>
On 04/08/2014 12:50 PM, Nordgren, Bryce L -FS wrote:
Sorry for the delayed reply. This is "other duties as assigned" and the day job
got in the way. :) However, the computer is busy running fits to data for the next day or
so. My electronic master is thus distracted.
Wow!
First of all thanks
Not sure if anyone read my last reply I was still not having any luck. Anyways
I found the file which was causing it to contact the old IP address just a few
minutes ago. Though I would share with you in case someone else may need it. I
started going through the directory listed in the krb5.conf
22 matches
Mail list logo