Hi Matt
When we originally integrated FreeIPA and Samba we were on 3.x for both
products.
We are now on 4.x for both. The FreeIPA server was a new setup, with users
and hosts migrated across (not replicated). We then ran the scripts in the
techslave article.
I will look back and see If I can fin
Hi Matt
Thankfully I saved the output from those ldapmodify commands (against
FreeIPA 4.1) and was able to find it again!
In our case sambagrouptype also seems to have already been present, so that
should not hurt.
[root@xxx-ldap2 samba]# ldapmodify -Y GSSAPI < dn: cn=ipaconfig,cn=etc,dc=my,dc=s
Have you considered clock skew? It is probably not the cause here, but is
worth eliminating "just in case". A difference as small as 5 minutes
between the clocks of the client and server can cause problems with
authentication.
Chris
From: Martin Kosek
To: "Matt ." , Janelle
On Fri, Jul 31, 2015 at 09:19:30AM +0700, Dewangga Bachrul Alam wrote:
> Hello!
>
> Sorry for making you confused.
>
> The main problem is the cache on ipa server/client. How long the cache
> remain active and refresh with correct policy/rules.
See man sssd-sudo for explanation of the sudo looku
Hi Chris,
Thanks for that verification!
It seems that:
/usr/share/ipa/ui/group.js
Is not there on IPA.4.1, also there is no .js at all on the whole system.
Any idea there ?
Thanks again!
Matt
2015-08-03 9:53 GMT+02:00 Christopher Lamb :
> Hi Matt
>
> Thankfully I saved the output from those
In my previous reply, I ment "no group.js at all" .
2015-08-03 12:17 GMT+02:00 Matt . :
> Hi Chris,
>
> Thanks for that verification!
>
> It seems that:
>
> /usr/share/ipa/ui/group.js
>
> Is not there on IPA.4.1, also there is no .js at all on the whole system.
>
> Any idea there ?
>
> Thanks aga
HI Matt
It looks like I skipped that step ... (And as we already had samba groups
in place, did not need to make new ones via the WebUI).
However a quick google trawled up this old thread that has a possible
answer from Peter. (I have not tested it yet myself).
https://www.redhat.com/archives/fr
Hi,
OK, I have a Samba Group Type now in my groups details list and also
in the groups settings tab.
I'm not 100% how this is managed. I have Grouptype 4, in the groups
overview it's still empty. But how to manage this between samba and
ipa ? What should be the reference between the group(names)
Hi Matt
It sounds like you now have prepared FreeIPA for Samba
I assume you have already configured Samba to authenticate via FreeIPA
(changes to the [global] section of your smb.conf file, secrets.tdb etc.
Next you need to add your samba groups to FreeIPA. (i.e FreeIPA groups,
with SambaGroupTy
On 07/16/2015 09:58 AM, Alexander Bokovoy wrote:
Hello!
FreeIPA team has recently released 4.2.0 version[1] which adds a number
of features community members were asking for:
- User certificates
- Vault to store user secrets
- One-way trust to Active Directory
- User life-cycle
Dear all,
is the sssd shipped with CentOS6 known to be unstable? In our cluster
approx. 4-5 nodes out of about 200 are dying on a daily basis:
[root@wn113 ~]# /etc/init.d/sssd status
sssd dead but subsys locked
[root@wn113 ~]# /etc/init.d/sssd stop
[root@wn113 ~]# /etc/init.d/sssd start
Starting
just realized that it's probably not an instablity, but some process is
killing sssd:
[root@wn113 sssd]# zcat sssd.log-20150804.gz
(Mon Aug 3 20:30:55 2015) [sssd] [mt_svc_sigkill] (0x0010):
[pleiades.uni-wuppertal.de][5957] is not responding to SIGTERM. Sending
SIGKILL.
(Mon Aug 3 20:31:31 2015
On (04/08/15 07:56), Torsten Harenberg wrote:
>just realized that it's probably not an instablity, but some process is
>killing sssd:
>
>[root@wn113 sssd]# zcat sssd.log-20150804.gz
>(Mon Aug 3 20:30:55 2015) [sssd] [mt_svc_sigkill] (0x0010):
>[pleiades.uni-wuppertal.de][5957] is not responding to
13 matches
Mail list logo