Hi All,
Running ipa-3.0.0-42.el6 and sssd-1.11.6-30.el6_6.3.x86_64
So, by default, when you create a user in freeipa, That user will be set to
have a primary group that is hidden and not a POSIX group.
This means that when the user logs in to a host, they will see something like...
id: cannot
On 12/07/15 10:05, Sina Owolabi wrote:
Hi
I have several dns zones defined in IPA. I noticed recently that the
zone files are empty. I find this odd because I created them like the
example below.
Is it possible to force clients to auto-update reverse zones?
Thanks in advance!
How I created all
For reference:
I could not make the sudo rules on ubuntu 12.04, I tried many many things.
Worked like a charm on ubuntu 14.04: as simple as adding sudo to services
in [sssd] section of nsssd.conf.
On Fri, Jul 10, 2015 at 5:18 PM, Lukas Slebodnik
wrote:
> On (10/07/15 16:19), Karl Forner wrote:
Good morning,
I was wondering, I install my servers with the self-signed certs. Now my
management wants me to use official certificates. Is there an
easy/recommended way to swap out all the certificates on all the
servers? Especially with 16 servers, just trying to figure out if this
is somet
We have 3 freeipa-replicas. Centos 7.1.1503, ipa-server 4.1.0-18, and
389-ds 1.3.3.1-16.
Recently, the ns-slapd process on one of our replicas started showing higher
than normal CPU usage. ns-slapd is pegged at high CPU usage more or less
constantly.
Seems very similar to this thread:
https://ww
can you get a pstack of the slapd process along with a top -H to find th
ethread with high cpu usage
Ludwig
On 07/13/2015 04:46 PM, Andrew E. Bruno wrote:
We have 3 freeipa-replicas. Centos 7.1.1503, ipa-server 4.1.0-18, and
389-ds 1.3.3.1-16.
Recently, the ns-slapd process on one of our repl
On 8.7.2015 20:46, Karl Forner wrote:
> I forgot my main use case: I have name-based reverse proxies (SNI) for some
> web apps/services , that are accessible both from the internal and external
> network.
> They must be accessed with the exact same name/url, otherwise the dispatch
> can not work.
>
On 07/13/2015 05:05 PM, Andrew E. Bruno wrote:
On Mon, Jul 13, 2015 at 04:58:46PM +0200, Ludwig Krispenz wrote:
can you get a pstack of the slapd process along with a top -H to find th
ethread with high cpu usage
Attached is the full stacktrace of the running ns-slapd proccess. top -H
shows th
On (13/07/15 14:49), Karl Forner wrote:
>For reference:
>I could not make the sudo rules on ubuntu 12.04, I tried many many things.
>
Ahh,
Default version of sssd in ubuntu 12.04 is 1.8.2
http://packages.ubuntu.com/precise/sssd
it's better to use newer version which contains fixes for sudo.
I would
On Mon, Jul 13, 2015 at 05:29:13PM +0200, Ludwig Krispenz wrote:
>
> On 07/13/2015 05:05 PM, Andrew E. Bruno wrote:
> >On Mon, Jul 13, 2015 at 04:58:46PM +0200, Ludwig Krispenz wrote:
> >>can you get a pstack of the slapd process along with a top -H to find th
> >>ethread with high cpu usage
> >At
Hi Martin
Yes all my sssd configs are set ipa_dyndns_update = True
I didn't have --allow-sync-ptr=TRUE in all the forward zones so I set them.
I've tried to set it in the very first zone (setup during
installation) but dnszone-mod complains:
# ipa dnszone-mod mydom.com --allow-sync-ptr=TRUE --dyn
2 FreeIPA 4.1.4 servers running on CentOS 7.
dc1 has a sync agreement to a windows server.
It has been running fine since June 5 when I re-initialized a sync
agreement that had somehow uninitialized itself. Original issue report
here :
https://www.redhat.com/archives/freeipa-users/2015-June/msg0
I added the external groups to map my Domain Admins AD group like the
freeipa documentation suggests:
# ipa group-add --desc='ad_domain admins external map' ad_admins_external
--external
# ipa group-add --desc='ad_domain admins' ad_admins
# ipa group-add-member ad_admins_external --external 'ad_ne
On 07/13/2015 07:07 PM, nat...@nathanpeters.com wrote:
2 FreeIPA 4.1.4 servers running on CentOS 7.
dc1 has a sync agreement to a windows server.
It has been running fine since June 5 when I re-initialized a sync
agreement that had somehow uninitialized itself. Original issue report
here :
htt
On Mon, 13 Jul 2015, Angelo Pantano wrote:
I added the external groups to map my Domain Admins AD group like the
freeipa documentation suggests:
# ipa group-add --desc='ad_domain admins external map' ad_admins_external
--external
# ipa group-add --desc='ad_domain admins' ad_admins
# ipa group-ad
On Mon, 13 Jul 2015, Angelo Pantano wrote:
I have the same entry there, my question is that I don't understand why it
doesn't it give me any visibility of the AD users mapped in that group, I
mean I just see that entry, but what's that supposed to do? It doesn't
really change anything with or wit
16 matches
Mail list logo