Re: [Freeipa-users] Adding SAN to default self-signed cert?

2015-08-05 Thread Fraser Tweedale
On Tue, Aug 04, 2015 at 08:01:13AM -0700, Janelle wrote: Trying to figure this out: ipa host-add haproxy.example.com ipa service-add HTTP/haproxy.example@example.com ipa service-add LDAP/haproxy.example@example.com ipa-getcert request -d /tmp -n haproxy-cert -K

Re: [Freeipa-users] FreeIPA user ID differs

2015-08-05 Thread Lukas Slebodnik
On (04/08/15 07:11), Janelle wrote: I too have seen this same unique bug. My guess is, you have compatibility mode enabled AND you used the GUI to manipulate the group memberships. I have found this to be buggy. Using CLI based commands did not have the same results. However, once the 2 trees -

Re: [Freeipa-users] IdM Password Expiration

2015-08-05 Thread David Kupka
On 04/08/15 17:01, Robert Locke wrote: Hey folks, I have been using the following to adjust the Password Expiration of accounts in IdM/IPA: echo $ADMIN_PASS | kinit admin echo -e dn: uid=rheluseri,cn=users,cn=accounts,dc=example,dc=com\nchangetype: modify \nreplace:

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

2015-08-05 Thread Matt .
Hi Chris. Yes, Apache Studio did that but I was not sure why it complained it was already there. I'm still getting: IPA Error 4205: ObjectclassViolation missing attribute sambaGroupType required by object class sambaGroupMapping When adding a user. I also see class as fielname under my Last

Re: [Freeipa-users] FreeIPA and sudo Defaults

2015-08-05 Thread Pavel Březina
On 08/04/2015 11:57 AM, Innes, Duncan wrote: Hi folks, Struggling with creating a sudo rule in IPA that will allow my foreman-proxy to run specific commands. When I put the following into /etc/sudoers.d/foreman: [root@puppet01 ~]# cat /etc/sudoers.d/foreman foreman-proxy ALL = NOPASSWD:

Re: [Freeipa-users] FreeIPA user ID differs

2015-08-05 Thread Markus.Moj
Hi Christopher, how to update the compat tree accordingly? Our developers edited the values in FreeIPA but don´t see the nis id´s and therefore can´t edit them. -Ursprüngliche Nachricht- Von: Christopher Lamb [mailto:christopher.l...@ch.ibm.com] Gesendet: Dienstag, 4. August 2015 11:27

Re: [Freeipa-users] FreeIPA user ID differs

2015-08-05 Thread Loris Santamaria
Hi, the compat tree is generated dynamically based on the cn=accounts tree and from information retrieved by server-mode SSSD. If the compat tree gets out of sync, a restart of the ipa server and SSSD should fix it. Best regards El mié, 05-08-2015 a las 12:14 +, markus@mc.ingenico.com

Re: [Freeipa-users] FreeIPA user ID differs

2015-08-05 Thread Christopher Lamb
Check also that the compat tree plugin is enabled, and enable it if not: ipa-compat-manage status ipa-compat-manage enable ipactl restart Cheers, Chris From: Loris Santamaria lo...@lgs.com.ve To: freeipa-users@redhat.com Date: 05.08.2015 14:26 Subject:Re: [Freeipa-users]

Re: [Freeipa-users] FreeIPA user ID differs

2015-08-05 Thread Markus.Moj
Hi Christopher, Hi Loris, The plugin is enabled ipa-compat-manage status Plugin Enabled When I request the id of a posix user on the freeipa server then I receive the output I expact with correct uid, gid and groups. But on a connected host, with freeipa client tools, I receive the old

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

2015-08-05 Thread Youenn PIOLET
Hi guys, Thank you so much your previous answers. I realised my SID were stored in ipaNTsecurityidentifier, thanks to ipa-adtrust-install --add-sids I found an other way to configure smb here: http://freeipa-users.redhat.narkive.com/ez2uKpFS/authenticate-samba-3-or-4-with-freeipa It works

Re: [Freeipa-users] FreeIPA user ID differs

2015-08-05 Thread Rob Crittenden
markus@mc.ingenico.com wrote: Hi Christopher, Hi Loris, The plugin is enabled ipa-compat-manage status Plugin Enabled When I request the id of a posix user on the freeipa server then I receive the output I expact with correct uid, gid and groups. But on a connected host, with freeipa

Re: [Freeipa-users] FreeIPA user ID differs

2015-08-05 Thread Markus.Moj
Hey, I´ve wiped sss_cache before I tried again and restarted the service. Nevertheless the problem still persists. Beyond the problem is only located on one FreeIPA host. Other hosts have received the updates or see the correct values. -Ursprüngliche Nachricht- Von: Rob Crittenden

Re: [Freeipa-users] FreeIPA user ID differs

2015-08-05 Thread Lukas Slebodnik
On (05/08/15 13:02), markus@mc.ingenico.com wrote: Hey, I´ve wiped sss_cache before I tried again and restarted the service. sss_cache just invalidate cache. It does not wipe out it. It means that sssd must not return value from cache but it shoudl refresh it from LDAP server Nevertheless

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

2015-08-05 Thread Christopher Lamb
Hi Youenn Good news that you have got an integration working Now you have got it going, and the solution is fresh in your mind, how about adding a How-to page on this solution to the FreeIPA wiki? Chris From: Youenn PIOLET piole...@gmail.com To: Matt . yamakasi@gmail.com Cc:

Re: [Freeipa-users] IdM Password Expiration

2015-08-05 Thread Robert Locke
On Wed, 2015-08-05 at 10:31 +0200, David Kupka wrote: On 04/08/15 17:01, Robert Locke wrote: Hey folks, I have been using the following to adjust the Password Expiration of accounts in IdM/IPA: echo $ADMIN_PASS | kinit admin echo -e dn:

[Freeipa-users] Change default email format

2015-08-05 Thread Justean
Good morning, I was wondering if there is a way to change the way freeipa builds a user's email address by default. Currently it takes the username and appends the domain name but I would like it to take the form firstname.lastn...@domainname.com Thank you. Sipazzo -- Manage your subscription

[Freeipa-users] AD trust established but users can't login

2015-08-05 Thread andrei.brajnicov
Hello. My mission is to install an FreeIPA instance as subdomain of AD, and to allow AD users to login to some Linux servers. I Installed and configured it, but i meet a problem, AD users are not allowed to login to FreeIPA . A piece of everything: AD = adexample.com ( 2008R2 ) IPA

Re: [Freeipa-users] AD trust established but users can't login

2015-08-05 Thread Jakub Hrozek
On Wed, Aug 05, 2015 at 04:42:51PM +0300, andrei.brajnicov wrote: I don't know if these information is sufficient. But I hope that someone will help me to troubleshoot the problem. Are you able to: getent passwd ku...@adexample.com on the server? If not, can you enable debugging in all

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

2015-08-05 Thread Matt .
Hi, This sounds great to me too, but a howto would help to make it more clear about what you have done here. The thread confuses me a little bit. Can you paste your commands so we can test out too and report back ? Thanks! Matt 2015-08-05 15:18 GMT+02:00 Christopher Lamb

Re: [Freeipa-users] Change default email format

2015-08-05 Thread Alexander Bokovoy
On Mon, 03 Aug 2015, Justean wrote: Good morning, I was wondering if there is a way to change the way freeipa builds a user's email address by default. Currently it takes the username and appends the domain name but I would like it to take the form firstname.lastn...@domainname.com It is not

Re: [Freeipa-users] Change default email format

2015-08-05 Thread Alexander Bokovoy
On Wed, 05 Aug 2015, Alexander Bokovoy wrote: On Mon, 03 Aug 2015, Justean wrote: Good morning, I was wondering if there is a way to change the way freeipa builds a user's email address by default. Currently it takes the username and appends the domain name but I would like it to take the form

Re: [Freeipa-users] Change default email format

2015-08-05 Thread Justean
Wow, thank you so much for such a complete explanation. I appreciate the effort. I am out for the next day or so but will try and implement this as soon as I can.Thank you again and I will let you know the results. From: Alexander Bokovoy aboko...@redhat.com To: Justean juste...@yahoo.com

Re: [Freeipa-users] sssd (CentOS6) known to be unstable?

2015-08-05 Thread Torsten Harenberg
Thanks for the hints and the pointers. We found that this (Thu Aug 6 03:30:01 2015) [sssd[nss]] [id_callback] (0x0010): The Monitor returned an error [org.freedesktop.DBus.Error.NoReply] and this always happens when there are jobs with heavy disc IO and the nodes (see plot attached from this

Re: [Freeipa-users] sssd (CentOS6) known to be unstable?

2015-08-05 Thread Torsten Harenberg
Am 06.08.15 um 07:37 schrieb Torsten Harenberg: (see plot attached forgot the attachment -- Dr. Torsten Harenberg harenb...@physik.uni-wuppertal.de Bergische Universitaet FB C -

[Freeipa-users] Problem with replica, again...

2015-08-05 Thread Alexander Frolushkin
Hello! In the middle of July, one of our 19 replicas hangs, and it was noticed only yesterday. All affords to re-initialize it failed - right after start of dirsrv it hangs with the same message in log: [06/Aug/2015:10:30:39 +0600] DSRetroclPlugin - replog: an error occured while adding change