Re: [Freeipa-users] ipactl services running, but auth not working

What exactly are you seeing to determine that the server is actually failing? Is it not possible that sssd (the client) is timing out? Will 389ds service an LDAP request, i.e. can you run ldapsearch -D "cn=Directory Manager" -w -s base -b "cn=config" "(objectclass=*)” What exactly are you

Re: [Freeipa-users] Smart Card login into an Active Directory User

Sumit Bose wrote: > On Fri, Feb 03, 2017 at 09:33:13AM +0100, Sumit Bose wrote: > On Thu, Feb 02, 2017 at 11:03:28AM -0800, spammewo...@cox.net wrote: > > I am running an IPA server (4.4.0) on RHEL 7.3 which is integrated with a > > Windows Active Directory server. I

Re: [Freeipa-users] ipactl services running, but auth not working

My problem is with the server itself seemingly not providing services even though it claims to do so. would be curious to know what to look at on freeipa server or how to inrease logging From: "Sullivan, Daniel [CRI]" To: pgb205 Cc:

[Freeipa-users] Wrong principal in request in NFS mount

So I have two test machines that I set up because of this same problem on my secure offline network. One of the test machines is a server that has FreeIPA and NFS running on it, the other test machine is a client that mounts two NFS shares from the server using krb5i sec. Upon initial

Re: [Freeipa-users] ipactl services running, but auth not working

there are reports from multiple clients being unable to authenticate. ipactl status shows all services as running.The problem is fixed when I 'ipactl restart'. From: "Sullivan, Daniel [CRI]" To: pgb205 Cc: Freeipa-users

Re: [Freeipa-users] How to enable krb5_child log

On Fri, Feb 03, 2017 at 09:45:34AM +0100, Kees Bakker wrote: > On 02-02-17 17:32, Jakub Hrozek wrote: > > On Thu, Feb 02, 2017 at 05:19:07PM +0100, Kees Bakker wrote: > >> Hi > >> > >> Sorry, I did search wherever I could but I couldn't find it. > >> How do I enable krb5_child debug log? I'm on an

Re: [Freeipa-users] Smart Card login into an Active Directory User

On Thu, Feb 02, 2017 at 11:03:28AM -0800, spammewo...@cox.net wrote: > I am running an IPA server (4.4.0) on RHEL 7.3 which is integrated with a > Windows Active Directory server. I am trying to configure the IPA server to > allow the Active Directory Users to log into Gnome with a CAC smart

Re: [Freeipa-users] How to enable krb5_child log

On 02-02-17 17:32, Jakub Hrozek wrote: > On Thu, Feb 02, 2017 at 05:19:07PM +0100, Kees Bakker wrote: >> Hi >> >> Sorry, I did search wherever I could but I couldn't find it. >> How do I enable krb5_child debug log? I'm on an Ubuntu >> system which by default writes an empty

[Freeipa-users] FreeIPA installation on centos 7

My QA development setup is running with IPA VERSION: 4.2.0 on centos 7 and I want to install the same version in my production environment as well. however when i am running yum install ipa-server i am getting VERSION: 4.4.0 (package ipa-server-4.4.0-14.el7.centos.4.x86_64) installed. How can i

Re: [Freeipa-users] Smart Card login into an Active Directory User

On Fri, Feb 03, 2017 at 09:33:13AM +0100, Sumit Bose wrote: > On Thu, Feb 02, 2017 at 11:03:28AM -0800, spammewo...@cox.net wrote: > > I am running an IPA server (4.4.0) on RHEL 7.3 which is integrated with a > > Windows Active Directory server. I am trying to configure the IPA server > > to

Re: [Freeipa-users] FreeIPA installation on centos 7

amit bhatt wrote: My QA development setup is running with IPA VERSION: 4.2.0 on centos 7 and I want to install the same version in my production environment as well. however when i am running yum install ipa-server i am getting VERSION: 4.4.0 (package ipa-server-4.4.0-14.el7.centos.4.x86_64)

Re: [Freeipa-users] How to enable krb5_child log

On 03-02-17 10:17, Jakub Hrozek wrote: > On Fri, Feb 03, 2017 at 09:45:34AM +0100, Kees Bakker wrote: >> On 02-02-17 17:32, Jakub Hrozek wrote: >>> On Thu, Feb 02, 2017 at 05:19:07PM +0100, Kees Bakker wrote: Hi Sorry, I did search wherever I could but I couldn't find it. How

Re: [Freeipa-users] FreeIPA installation on centos 7

Thanks Rob Is there a place/link i can download the release for centos 7? ~Amit On Fri, Feb 3, 2017 at 3:03 PM, Rob Crittenden wrote: > amit bhatt wrote: > >> My QA development setup is running with IPA VERSION: 4.2.0 on centos 7 >> and I want to install the same version

[Freeipa-users] Can too many group memberships for an AD user cause SSSD or IPA problems?

I've got a case where "id @AD-DOMAIN" hangs forever after partially resolving and I think it may because they are in way too many AD groups? The 'id' command resolve the user but hangs before completing. There is a large amount of group data returned from the AD forest for this user and

Re: [Freeipa-users] Trust between freeipa servers of different domains

On 02/03/2017 03:49 PM, ivan lago wrote: Hello, Is it possible to configure 2 freeipa servers, serving different domains (let’s sal dom1.com and dom2.com ) to estabilish a trust so that users form one domain can use resources under the control of the other

[Freeipa-users] Trust between freeipa servers of different domains

Hello, Is it possible to configure 2 freeipa servers, serving different domains (let’s sal dom1.com and dom2.com ) to estabilish a trust so that users form one domain can use resources under the control of the other one? And if it is possible, would it be

Re: [Freeipa-users] How to enable krb5_child log

On 03-02-17 10:43, Kees Bakker wrote: > On 03-02-17 10:17, Jakub Hrozek wrote: >> On Fri, Feb 03, 2017 at 09:45:34AM +0100, Kees Bakker wrote: >> >>> Then, at the very same time user "someuser", on his own login, gets this: >>> $ klist >>> klist: Invalid UID in persistent keyring name while

[Freeipa-users] client in many IPA domains

Hello, Can ipa-client (e.g., anotebook) be in more than one realm? e.g. depending on the network where it is connected. -rsd -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the