[Freeipa-users] guidance and strategies for supporting production use including dev/test IPA systems?

2016-11-09 Thread Chris Dagdigian
Thanks to support from folks on this list I have a 3-node multi-site replicating FreeIPA system supporting a number of 1-way trusts to various AD Forests. Testing has gone well and it's clear that this "POC" will soon transition to production. Because of the importance of this system to our

Re: [Freeipa-users] SRV (mixed?) records

2016-11-09 Thread lejeczek
On 09/11/16 12:43, Martin Basti wrote: On 09.11.2016 12:15, lejeczek wrote: On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was

Re: [Freeipa-users] SRV (mixed?) records

2016-11-09 Thread Martin Basti
On 09.11.2016 14:11, lejeczek wrote: On 09/11/16 12:43, Martin Basti wrote: On 09.11.2016 12:15, lejeczek wrote: On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see something which seems inconsistent to me (eg.

[Freeipa-users] IDM server doesn't boot after update to RHEL 7.3

2016-11-09 Thread Prasun Gera
It looks like something is messed up in the systemd configuration after 7.3. My system doesn't boot at all. The boot screen would display the message: "Failed to register match for Disconnected message: Connection timed out". After some trial and error, I've managed to boot it. Here's what works

Re: [Freeipa-users] system to pick up pa user-mod --uid change - how long?

2016-11-09 Thread Lukas Slebodnik
On (08/11/16 15:09), Brian Candler wrote: >On 08/11/2016 13:57, lejeczek wrote: >> I've changed an uid of a.user but system: $ id a.user - still shows old >> id. >> When is the system supposed to notice that change? > >You might want to force the cache to expire early. Try: > >sss_cache -U >

Re: [Freeipa-users] SRV (mixed?) records

2016-11-09 Thread lejeczek
On 09/11/16 13:48, Martin Basti wrote: On 09.11.2016 14:11, lejeczek wrote: On 09/11/16 12:43, Martin Basti wrote: On 09.11.2016 12:15, lejeczek wrote: On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see

Re: [Freeipa-users] SRV (mixed?) records

2016-11-09 Thread Martin Basti
On 09.11.2016 15:33, lejeczek wrote: On 09/11/16 13:48, Martin Basti wrote: On 09.11.2016 14:11, lejeczek wrote: On 09/11/16 12:43, Martin Basti wrote: On 09.11.2016 12:15, lejeczek wrote: On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone

Re: [Freeipa-users] SRV (mixed?) records

2016-11-09 Thread Martin Basti
On 09.11.2016 12:15, lejeczek wrote: On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was --uninstalled) Do these record need fixing? I'm

Re: [Freeipa-users] Package naming conflicts with update to RHEL 7.3

2016-11-09 Thread Prasun Gera
Thanks Martin. That bug report is private. I take it that it's not very serious ? On Mon, Nov 7, 2016 at 3:12 AM, Martin Babinsky wrote: > On 11/07/2016 01:31 AM, Prasun Gera wrote: > >> Getting this in yum check all after update to 7.3 >> >> ipa-client-4.4.0-12.el7.x86_64

Re: [Freeipa-users] What is the use of /etc/krb5.conf?

2016-11-09 Thread Ask Stack
Thanks Martin, and I always forget I can man a conf file. On Tuesday, November 8, 2016 12:09 PM, Martin Babinsky wrote: On 11/08/2016 05:13 PM, Ask Stack wrote: > I thought /etc/krb5.conf controls which kerberos server the clients talk > to. > > As a test, I

Re: [Freeipa-users] SRV (mixed?) records

2016-11-09 Thread lejeczek
On 09/11/16 14:35, Martin Basti wrote: On 09.11.2016 15:33, lejeczek wrote: On 09/11/16 13:48, Martin Basti wrote: On 09.11.2016 14:11, lejeczek wrote: On 09/11/16 12:43, Martin Basti wrote: On 09.11.2016 12:15, lejeczek wrote: On 08/11/16 19:37, Martin Basti wrote: On

Re: [Freeipa-users] Setting "preserve" as default action when deleting in webUI

2016-11-09 Thread Sébastien Julliot
Hello Pavel, Yes I did. "PRESERVE.JS WAS EXECUTED" is printed in my browser's console, and yet "delete" ("supprimer", in French) is still the default. (as you can see in linked image) Le 31/10/2016 à 16:18, Pavel Vomacka a écrit : > Hello Sebastien, > > I tried your plugin and it works

Re: [Freeipa-users] FreeIPA + DHCP-LDAP - Fedora 24 - broken

2016-11-09 Thread Raul Dias
Do you mean that dhcpd on Ubuntu is configured against the very same FreeIPA server? yes. Testing both on VMs with a private network. Are you sure that dhcpd is using the same credentials to BIND to LDAP? There might be an access control issue if different hosts use different credentials or

[Freeipa-users] bind-dyndb-ldap and replication requirements

2016-11-09 Thread Brendan Kearney
i am asking this for a friend who is trying to figure out how to get bind-dyndb-ldap working against openldap on ubuntu. she does not have replication between two or more ldap instances, and needs to figure out the minimum requirements for bind-dyndb-ldap. i have been trying to help her, but

Re: [Freeipa-users] SRV (mixed?) records

2016-11-09 Thread lejeczek
On 08/11/16 19:37, Martin Basti wrote: On 08.11.2016 19:41, lejeczek wrote: hi everyone when I look at my domain I see something which seems inconsistent to me (eg. work5 is not part of the domain, was --uninstalled) Do these record need fixing? I'm asking becuase one of the servers,

Re: [Freeipa-users] SRV (mixed?) records

2016-11-09 Thread Petr Spacek
On 9.11.2016 16:57, lejeczek wrote: > > > On 09/11/16 14:35, Martin Basti wrote: >> >> >> On 09.11.2016 15:33, lejeczek wrote: >>> >>> >>> On 09/11/16 13:48, Martin Basti wrote: On 09.11.2016 14:11, lejeczek wrote: > > > On 09/11/16 12:43, Martin Basti wrote: >>

Re: [Freeipa-users] bind-dyndb-ldap and replication requirements

2016-11-09 Thread Petr Spacek
On 10.11.2016 06:43, David Kupka wrote: > On 10/11/16 01:14, Brendan Kearney wrote: >> i am asking this for a friend who is trying to figure out how to get >> bind-dyndb-ldap working against openldap on ubuntu. she does not have >> replication between two or more ldap instances, and needs to

Re: [Freeipa-users] bind-dyndb-ldap and replication requirements

2016-11-09 Thread David Kupka
On 10/11/16 01:14, Brendan Kearney wrote: i am asking this for a friend who is trying to figure out how to get bind-dyndb-ldap working against openldap on ubuntu. she does not have replication between two or more ldap instances, and needs to figure out the minimum requirements for

[Freeipa-users] sssd failed with 'ldap_sasl_bind failed (-2)[Local error]'

2016-11-09 Thread Matrix
Hi, I have installed sssd in a RHEL5 client. ipa-client/sssd version: ipa-client-2.1.3-7.el5 sssd-client-1.5.1-71.el5 sssd-1.5.1-71.el5 sssd failed to get ipa user info with 'ldap_sasl_bind failed (-2)[Local error]'. (Thu Nov 10 05:52:45 2016) [sssd[be[stg.example.net]]] [sasl_bind_send]