Hello!
Should I reboot the machine after changing sudo.conf file?
On 08/12/2015 09:26 PM, Jakub Hrozek wrote:
> On Wed, Aug 12, 2015 at 07:44:15PM +0700, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> On 08/12/2015 07:36 PM, Jakub Hrozek wrote:
>>> On Wed, Aug 12, 2015 at 07:30:52PM +0700, Dewangga
On Thu, Aug 13, 2015 at 03:01:40PM +0700, Dewangga Bachrul Alam wrote:
> Hello!
>
> Should I reboot the machine after changing sudo.conf file?
No, it's read by sudo on every invocation. There is no sudo deamon or
such.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.
Hello!
I've been discovered something about pwd_expiration on freeipa 4.1.4,
I got a line from sssd_DOMAIN.log :
... snip ...
(Thu Aug 13 12:25:39 2015) [sssd[be[mydomain.co.id]]]
[confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1
... snip ...
$ ipa pwpolicy-find
Group: global
Hi Matt
- CentOS : Did you copy ipasam.so and change your smb.conf
accordingly? sambaSamAccount
is not needed anymore that way.
- Default IPA Way : won't work if your Windows is not part of a domain
controller. DOMAIN\username may work for some users using Windows 7 - not 8
nor 10 (it did for me b
Hello!
On 08/13/2015 03:09 PM, Jakub Hrozek wrote:
> On Thu, Aug 13, 2015 at 03:01:40PM +0700, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> Should I reboot the machine after changing sudo.conf file?
>
> No, it's read by sudo on every invocation. There is no sudo deamon or
> such.
>
Yes, I found
On (13/08/15 15:39), Dewangga Bachrul Alam wrote:
>Hello!
>
>I've been discovered something about pwd_expiration on freeipa 4.1.4,
>I got a line from sssd_DOMAIN.log :
>
>... snip ...
>(Thu Aug 13 12:25:39 2015) [sssd[be[mydomain.co.id]]]
>[confdb_get_domain_internal] (0x1000): pwd_expiration_warni
Hi Youenn,
OK thanks! this takes me a little but futher now and I see some good
stuff in my logging.
I'm testing on a Windows 10 Machine which is not member of an AD or
so, so that might be my issue for now ?
When testing on the samba box itself as my user I get:
[myusername@smb-01 ~]$ smbclie
In the logs, there is lots of warnings concerning pki tomcat server :
Aug 13 09:51:56 lead.bioinf.local systemd[1]: Started The Apache HTTP
Server.
Aug 13 09:51:56 lead.bioinf.local systemd[1]: Starting
system-pki\x2dtomcatd.slice.
Aug 13 09:51:56 lead.bioinf.local systemd[1]: Created slice
syste
On Thu, Aug 13, 2015 at 12:12:03PM +0200, seli irithyl wrote:
> In the logs, there is lots of warnings concerning pki tomcat server :
>
> Aug 13 09:51:56 lead.bioinf.local systemd[1]: Started The Apache HTTP
> Server.
> Aug 13 09:51:56 lead.bioinf.local systemd[1]: Starting
> system-pki\x2dtomcat
Hi,
I might have found somthing which I already seen in the logs.
I did a smbpasswd my username on the samba server, it connects to ldap
very well. I give my new password and get the following:
smbldap_search_ext: base => [dc=my,dc=domain], filter =>
[(&(objectClass=ipaNTGroupAttrs)(|(ipaNTSecur
After some more investigation, I feel the problem I described can be
considered off topic, sorry about that. Initially I had the impression it
could have been more freeIPA-related.
It is sometimes difficult to tell whether the issue would show up
regardless of using freeIPA or not.
Should anyone b
Here's the sssd_domain log part during an ssh
(Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [be_get_account_info]
(0x0200): Got request for [0x3][1][name=test]
(Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [be_req_set_domain]
(0x0400): Changing request domain from [bioinf.local] to [bi
On Thu, 13 Aug 2015, Roberto Cornacchia wrote:
After some more investigation, I feel the problem I described can be
considered off topic, sorry about that. Initially I had the impression it
could have been more freeIPA-related.
It is sometimes difficult to tell whether the issue would show up
reg
Hello,
I've installed freeIPA 4.1.0 under CentOS 7 and I need to restric
authentication to one or more time ranges but I failed to find such a
configuration...
TIA
--
Marcelo
"¿No será acaso que esta vida moderna está teniendo más de moderna que de
vida?" (Mafalda)
--
Manage your subscription
On 13/08/15 17:01, Marcelo Roccasalva wrote:
Hello,
I've installed freeIPA 4.1.0 under CentOS 7 and I need to restric
authentication to one or more time ranges but I failed to find such a
configuration...
TIA
Hello,
you're probably looking for "Time-Based Account Policies". This is
curren
Dewangga Bachrul Alam wrote:
I've tried both of them (web ui & CLI), still no luck.
Screenshoot attached, the password expired not follow the global_policy.
I've create another new user, it was same with user `subhan`. The
password expired not follow global_policy.
http://www.freeipa.org/page
Hi,
I am working to setup a IPA Env in our Infra.
1 . I would like to how IPA handles failover if Master Node goes down. Is
sssd manage it?
2. While the Master Node is down, can I register a client to replica server
i.e. via AutoDiscovery as IPA does.
3. What if my Master Node does not came up
Hi,
So I still have been unable to find the problem with blank screens for
users when they login to the gui and can not manage anything other than
OTP. Out of the box, vanilla install of FreeOTP on RHEL 7.x and using
IPA 4.1.4, a user logs in, you see ALL the fields for a split second,
befor
AHA!!!
The problem is found, but the solution eludes me.
Any user "migrated" in compat mode has the problem. NEW users do not.
Thoughts? Ideas? troubleshooting? What do I need to make visible for
users to edit their settings?
~J
On 8/13/15 9:58 AM, Janelle wrote:
Hi,
So I still have been
Hi,
I'm having an issue re-adding a client to freeipa (same hostname). When I
removed the client from the domain I uninstalled freeipa on the client (using
ipa-client-install --uninstall), removed the keytab, and ran ipa host-del FQDN
on the the freeipa master. Everything has been rebooted. I c
reverse DNS lookup stopped working after I broke some replication
agreements (perhaps unrelated, but worth mentioning). Regular A
records resolve fine.
The records can be seen in LDAP (using ldapsearch with GSSAPI after
kinit -t /etc/named.keytab):
the zone:
# 0.63.10.in-addr.arpa., dns, ipa.exam
Nguyen, Alicia wrote:
Hi,
I'm having an issue re-adding a client to freeipa (same hostname). When I removed the
client from the domain I uninstalled freeipa on the client (using ipa-client-install
--uninstall), removed the keytab, and ran ipa host-del FQDN on the the freeipa master.
Everythin
Hi Seli,
In /etc/sssd/sssd.conf add below:
selinux_provider=none
to the domain section. Then restart sssd.
-- john
2015-08-13 16:23 GMT+02:00 seli irithyl :
> Here's the sssd_domain log part during an ssh
>
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [be_get_account_info]
> (0x0
Hi,
I'm currently trying to configure automount for home directories with
Kerberized NFSv4.
I'm struggling with two issues that may or may not be related:
1) Can't read my home directory. I have to type kinit manually first on
each integrated client for this to work. I think it is related to the
Where are you trying to create the home directories ? Is your NFS server
the same as the IPA server ? You can only create home directories on the
NFS home server unless the nfs-client sees the export option
"no_root_squash". That is not recommended though.
On Thu, Aug 13, 2015 at 9:49 AM, Youenn P
25 matches
Mail list logo
