Re: [Freeipa-users] rhel 6.7 upgrade - sssd/sudo

2015-10-01 Thread Andy Thompson
> On 09/30/2015 09:04 PM, Andy Thompson wrote: > >> On Wed, Sep 30, 2015 at 12:17:22PM +, Andy Thompson wrote: > On 09/21/2015 10:42 PM, Andy Thompson wrote: > >> On Mon, Sep 21, 2015 at 07:39:01PM +, Andy Thompson wrote: > -Original Message- > From:

Re: [Freeipa-users] Trust Issues W/ Logins on Windows Desktops

2015-10-01 Thread Arnold, Paul C CTR USARMY PEO STRI (US)
In a similar vein, is anyone aware of a (safe) automated work-around that can periodically map users into localized Windows accounts? I am conceptualizing some sort of powershell script involving a query to 389DS, but automating any form of account management that way sounds moderately

[Freeipa-users] [FreeIPA] SUDO fails with system error

2015-10-01 Thread Markus.Moj
Dear @all, I´ve an issue with two, Oracle Linux based, clients and my freeipa server. I can authenticate on any on the enrolled machines but the two oracle server aren´t able to access sudo and I don´t know why. Here are a few thing I´ve already figured out. Both machines are enrolled

Re: [Freeipa-users] rhel 6.7 upgrade - sssd/sudo

2015-10-01 Thread Pavel Březina
On 09/30/2015 09:04 PM, Andy Thompson wrote: On Wed, Sep 30, 2015 at 12:17:22PM +, Andy Thompson wrote: On 09/21/2015 10:42 PM, Andy Thompson wrote: On Mon, Sep 21, 2015 at 07:39:01PM +, Andy Thompson wrote: -Original Message- From: Jakub Hrozek [mailto:jhro...@redhat.com]

[Freeipa-users] User removed from IPA but still present in LDAP, so cannot him again in IPA web UI

2015-10-01 Thread Fujisan
Hello, I want to add user 'user1' with the freeipa web UI. It is not present in the list of users in the web UI but when I click "add", it says 'user with name "user1" already exists'. ldapsearch shows 'user1' is there: --- $

Re: [Freeipa-users] User removed from IPA but still present in LDAP, so cannot him again in IPA web UI

2015-10-01 Thread Alexander Bokovoy
On Thu, 01 Oct 2015, Fujisan wrote: Hello, I want to add user 'user1' with the freeipa web UI. It is not present in the list of users in the web UI but when I click "add", it says 'user with name "user1" already exists'. ldapsearch shows 'user1' is there:

Re: [Freeipa-users] [FreeIPA] SUDO fails with system error

2015-10-01 Thread Jakub Hrozek
On Thu, Oct 01, 2015 at 12:14:34PM +, markus@mc.ingenico.com wrote: > Dear @all, > > > > I´ve an issue with two, Oracle Linux based, clients and my freeipa server. I > can authenticate on any on the enrolled machines but the two oracle server > aren´t able to access sudo and I don´t

Re: [Freeipa-users] Sudo entry not found by sssd in the cache db

2015-10-01 Thread Molnár Domokos
"Pavel Březina" írta: >On 09/15/2015 09:10 AM, Molnár Domokos wrote: >> >> "Molnár Domokos" írta: >> >> On 09/14/2015 03:08 PM, Pavel Březina wrote: >>> On 09/11/2015 02:40 PM, Molnár Domokos wrote: Full log attached. "Molnár

Re: [Freeipa-users] ipa upgrade failed

2015-10-01 Thread Martin Basti
On 10/01/2015 05:03 PM, Andrew E. Bruno wrote: Running CentOS 7.1.1503. Upgrading via yum update from: ipa-server.x86_64 0:4.1.0-18.el7.centos.3 --to-- ipa-server.x86_64 0:4.1.0-18.el7.centos.4 We have 3 replicates. Upgrading the first replicate (first-master) went fine.

Re: [Freeipa-users] NFS Automount Domain Homedirs

2015-10-01 Thread Alexander Bokovoy
On Wed, 30 Sep 2015, Sadettin Albasan wrote: Here is a list of installed sssd packages: sssd-client-1.12.4-47.el6.x86_64 sssd-common-1.12.4-47.el6.x86_64 sssd-ad-1.12.4-47.el6.x86_64 sssd-1.12.4-47.el6.x86_64 python-sssdconfig-1.12.4-47.el6.noarch sssd-krb5-common-1.12.4-47.el6.x86_64

[Freeipa-users] FreeIPA 3.3 performance issues with many hosts

2015-10-01 Thread Dominik Korittki
Hello folks, I am running two FreeIPA Servers with around 100 users and around 15.000 hosts, which are used by users to login via ssh. The FreeIPA servers (which are Centos 7.0) ran good for a while, but as more and more hosts got migrated to serve as FreeIPA hosts, it started to get slow and

[Freeipa-users] ipa upgrade failed

2015-10-01 Thread Andrew E. Bruno
Running CentOS 7.1.1503. Upgrading via yum update from: ipa-server.x86_64 0:4.1.0-18.el7.centos.3 --to-- ipa-server.x86_64 0:4.1.0-18.el7.centos.4 We have 3 replicates. Upgrading the first replicate (first-master) went fine. Upgrading the second replicate failed. Got the following

Re: [Freeipa-users] HBAC

2015-10-01 Thread Simo Sorce
On 30/09/15 21:22, TomK wrote: On 9/30/2015 8:12 AM, Martin Kosek wrote: On 09/30/2015 07:50 AM, Alexander Bokovoy wrote: On Tue, 29 Sep 2015, TomK wrote: Hey Guy's, (Sending this again as I didn't have this email included in the freeipa-users mailing list so not sure if the other message

Re: [Freeipa-users] ipa upgrade failed

2015-10-01 Thread Andrew E. Bruno
On Thu, Oct 01, 2015 at 05:09:23PM +0200, Martin Basti wrote: > > > On 10/01/2015 05:03 PM, Andrew E. Bruno wrote: > >Running CentOS 7.1.1503. > > > >Upgrading via yum update from: > > > > ipa-server.x86_64 0:4.1.0-18.el7.centos.3 > > > > --to-- > > > > ipa-server.x86_64

Re: [Freeipa-users] User removed from IPA but still present in LDAP, so cannot him again in IPA web UI

2015-10-01 Thread Fujisan
I get this: - $ ldapsearch -D cn=directory\ manager -W -b cn=accounts,dc=mydomain '(uid=user1*)' Enter LDAP Password: # extended LDIF # # LDAPv3 # base

Re: [Freeipa-users] ipa upgrade failed

2015-10-01 Thread Martin Basti
On 10/01/2015 05:28 PM, Andrew E. Bruno wrote: On Thu, Oct 01, 2015 at 05:09:23PM +0200, Martin Basti wrote: On 10/01/2015 05:03 PM, Andrew E. Bruno wrote: Running CentOS 7.1.1503. Upgrading via yum update from: ipa-server.x86_64 0:4.1.0-18.el7.centos.3 --to-- ipa-server.x86_64

Re: [Freeipa-users] Trust Issues W/ Logins on Windows Desktops

2015-10-01 Thread Simo Sorce
On 01/10/15 03:15, Petr Spacek wrote: On 30.9.2015 20:36, Matt Wells wrote: Hi all, I hoped I may glean some brilliance from the group. I have a Freeipa Server sitting atop a Fedora 21 server. The initial plan was to replicate users+passwords with Windows 2012R2 server but following some of

Re: [Freeipa-users] ipa upgrade failed

2015-10-01 Thread Andrew E. Bruno
On Thu, Oct 01, 2015 at 05:40:34PM +0200, Martin Basti wrote: > > > On 10/01/2015 05:28 PM, Andrew E. Bruno wrote: > >On Thu, Oct 01, 2015 at 05:09:23PM +0200, Martin Basti wrote: > >> > >>On 10/01/2015 05:03 PM, Andrew E. Bruno wrote: > >>>Running CentOS 7.1.1503. > >>> > >>>Upgrading via yum

Re: [Freeipa-users] FreeIPA 3.3 performance issues with many hosts

2015-10-01 Thread Rob Crittenden
Dominik Korittki wrote: > Hello folks, > > I am running two FreeIPA Servers with around 100 users and around 15.000 > hosts, which are used by users to login via ssh. The FreeIPA servers > (which are Centos 7.0) ran good for a while, but as more and more hosts > got migrated to serve as FreeIPA

Re: [Freeipa-users] FreeIPA 3.3 performance issues with many hosts

2015-10-01 Thread Rich Megginson
On 10/01/2015 01:52 PM, Rob Crittenden wrote: Dominik Korittki wrote: Hello folks, I am running two FreeIPA Servers with around 100 users and around 15.000 hosts, which are used by users to login via ssh. The FreeIPA servers (which are Centos 7.0) ran good for a while, but as more and more

Re: [Freeipa-users] Trust Issues W/ Logins on Windows Desktops

2015-10-01 Thread Petr Spacek
On 30.9.2015 20:36, Matt Wells wrote: > Hi all, I hoped I may glean some brilliance from the group. > I have a Freeipa Server sitting atop a Fedora 21 server. The initial plan > was to replicate users+passwords with Windows 2012R2 server but following > some of the information in the other posts

[Freeipa-users] FreeIPA install

2015-10-01 Thread Andrew Meyer
I just created a new FreeIPA setup at my home and i'm getting the following: [Thu Oct 01 14:02:10.082255 2015] [core:notice] [pid 18792] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Thu Oct 01 14:02:14.742680 2015] [:error] [pid 18795] ipa: INFO: *** PROCESS START *** [Thu Oct 01

Re: [Freeipa-users] HBAC

2015-10-01 Thread TomK
On 10/1/2015 12:04 PM, Simo Sorce wrote: On 30/09/15 21:22, TomK wrote: On 9/30/2015 8:12 AM, Martin Kosek wrote: On 09/30/2015 07:50 AM, Alexander Bokovoy wrote: On Tue, 29 Sep 2015, TomK wrote: Hey Guy's, (Sending this again as I didn't have this email included in the freeipa-users