Re: [Freeipa-users] Issue upgrading freeipa to ipa-server-4.4.0-14.el7.centos.4.x86_64

On 03/08/2017 06:06 PM, free...@netnerdz.se wrote: Hi all! I'm trying to upgrade my ipa-server to the version in subject and hitting some bug that seems similar to https://bugzilla.redhat.com/show_bug.cgi?id=1404910 It is unlikely that it is this bug because the version of IPA with it was nev

Re: [Freeipa-users] Read-only replicas?

On 03/13/2017 03:17 PM, Stephen wrote: Is there read-only replica support in freeipa? The use case is a dmz. Thanks... Hello Stephen, No, FreeIPA doesn't support read only replicas yet. Could you write your use case in more details in: https://pagure.io/freeipa/issue/5569 or https://bugz

Re: [Freeipa-users] Issue upgrading freeipa to ipa-server-4.4.0-14.el7.centos.4.x86_64

Hi! I was a bit eager to fix this so I installed a new ipa-aerver, executed ipa migrate-ds and configured the replication afterwards. Sorry not to be able to troubleshoot this further. //Robban On 2017-03-14 16:25, Petr Vobornik wrote: On 03/08/2017 06:06 PM, free...@netnerdz.se wrote: Hi al

[Freeipa-users] Mutli site IPA scenario - DNS issue

Hi, please can you point me to right direction with this issue ? Scenario: Site A, Site B, IPA in Site A is already installed with DNS, CA and i want to create replica to Site B. OS: RHEL 7.3, IPA 4.4 Site A - 192.168.0.0/24 IPA_A server interfaces: eth0: 192.168.0.10 -- access for clien

[Freeipa-users] DB locks and Clean RUV

I just updated my FreeIPA server and now the LDAP instance crashes daily at 9:15 PM. I have a lot of these in my logs : Mar 14 08:40:20 freeipa-sea ns-slapd: [14/Mar/2017:08:40:20.781100512 -0700] NSMMReplicationPlugin - CleanAllRUV Task (rid 9): Replica is not cleaned yet (agmt="cn=meTobellevuen

Re: [Freeipa-users] Mutli site IPA scenario - DNS issue

On 14.03.2017 17:05, Jan Karásek wrote: > Hi, > please can you point me to right direction with this issue ? > Scenario: > Site A, Site B, IPA in Site A is already installed with DNS, CA and i want > to create replica to Site B. > OS: RHEL 7.3, IPA 4.4 > > > Site A - 192.168.0.0/24 > IPA_A ser

Re: [Freeipa-users] Foreman => Insufficient 'add' privilege to the 'userPassword' attribute

Matt . wrote: > Hi Rob, > > Thanks for the update, the same error happens when I add a new host, > so I'm lost, the same for the Foreman devs. > > What can I check/test further ? See what 389-ds is logging in its access log. You may need to enable ACI summary debugging. See the 389-ds FAQ for i

[Freeipa-users] IPA users can't log in to SDDM

I have users in an AD Domain, my FreeIPA server is set up with an interforest trust, and users can log in using SSH or virtual terminals on any system joined to the IPA domain, and I have Samba authenticating against these users on another server... Things are good... Until I try logging in to the

Re: [Freeipa-users] IPA users can't log in to SDDM

On ti, 14 maalis 2017, Tyrell Jentink wrote: I have users in an AD Domain, my FreeIPA server is set up with an interforest trust, and users can log in using SSH or virtual terminals on any system joined to the IPA domain, and I have Samba authenticating against these users on another server... Th

Re: [Freeipa-users] Foreman => Insufficient 'add' privilege to the 'userPassword' attribute

Hi Rob, I have this solved, I think it was an issue in the foreman-proxy. The reason why there are two users in the role was to test other usernames, as you cannot use foreman-proxy for this for an example. I need to update the Foreman ticket about it. Thanks for helping out. Cheers, Matt 20

Re: [Freeipa-users] sudo sometimes doesn't work

On 01/30/2017 01:38 AM, Jakub Hrozek wrote: > On Fri, Jan 27, 2017 at 02:15:16PM -0700, Orion Poplawski wrote: >> EL7.3 >> Users are in active directory via AD trust with IPA server >> >> sudo is configured via files - users in our default "nwra" group can run >> certain sudo commands, e.g.: >> >>

Re: [Freeipa-users] IPA users can't log in to SDDM

Oh, you are quite right... It's even identified in the project scope of the original proposal to switch from KDM: "Fix the bugs affecting log in: PAM stack integration and LDAP user lists" -- https://fedoraproject.org/wiki/Changes/SDDMinsteadOfKDM I'm just going to switch back to KDM... Should

[Freeipa-users] Fedora 25 IPA smart card login

Greetings, I have been working on an issue with smart card logins on a Fedora 25 system. For a short time smart card logins have been working well, but suddenly the login process has suddenly stopped working. I have verified that all appropriate certificates are installed, checked my dconf

Re: [Freeipa-users] Mutli site IPA scenario - DNS issue

Hi, this is simply because network design and we are probably not able to change that at the moment. So IPA clients are restricted to IPA servers in its own site and only IPA servers are able to do inter site communication. The plan is to add more IPA server into each site so clients will have

Re: [Freeipa-users] LDAP based autofs map redundancy

Hello, To add to previous mail, I have noticed this: I had two IPA, hydrogen and lithium. lithium died and will be resetting another soon after I find why the setup isn't redundant with one IPA. But this line seem to be a lead Working: ipa_server = _srv_, hydrogen.eng.example.com Failing: ip