[Freeipa-users] while doing ipa-getkeytab , getting Operation failed! PrincipalName not found.

2014-12-19 Thread Ben .T.George
Hi List i was trying to add linux machine manually as client. iwas following this http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/linux-manual.html while doing ipa-getkeytab on FreeIpa server, i am getting error like Operation failed! PrincipalName not found. please help me to

[Freeipa-users] how to configure Linux Cent Os as ipa client manual installation

2014-12-20 Thread Ben .T.George
Hi I was trying to configure centos as ipa client and got failed with that,. anyone please help me to configure centos as ipa client through manual configuration. Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

2014-12-20 Thread Ben .T.George
Hi List how can i configure solaris 10 sparc and x86 as ipa clients. Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

2014-12-21 Thread Ben .T.George
:50 AM, Fraser Tweedale ftwee...@redhat.com wrote: On Sun, Dec 21, 2014 at 09:03:17AM +0300, Ben .T.George wrote: Hi List how can i configure solaris 10 sparc and x86 as ipa clients. Regards, Ben Hi Ben, Please follow the Solaris 8/9/10 instructions on the wiki: http

Re: [Freeipa-users] Integration with Solaris 10

2015-01-03 Thread Ben .T.George
Hi Dmitri i was trying this from last 3 weeks. can you please give us more details about this. I tried ldapclient and i got lot of dependency service related error. can you please give me list of services and configuration file need to change/enable before trying ldapclient ? once again thanks

Re: [Freeipa-users] Integration with Solaris 10

2015-01-03 Thread Ben .T.George
Hi Oops sorry. i wrongly addressed you. Actually that question i asked is to Mr. Watson. Regards, Ben On Sat, Jan 3, 2015 at 10:17 PM, Dmitri Pal d...@redhat.com wrote: On 01/03/2015 03:26 AM, Ben .T.George wrote: Hi Dmitri i was trying this from last 3 weeks. can you please give us

Re: [Freeipa-users] Integration with Solaris 10

2015-01-05 Thread Ben .T.George
HI sorry that was a misunderstand happened from his side, actually i was strugglling to set it up for solaris \ regards, ben On Mon, Jan 5, 2015 at 11:51 AM, Petr Spacek pspa...@redhat.com wrote: On 2.1.2015 22:11, Dmitri Pal wrote: Would you mind creating a wiki page with the solution on

Re: [Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

2015-01-05 Thread Ben .T.George
HI IRC is like totally dead. i have waited one whole day to anyone responding. not even to my replay. i didn't see any messages at all. Regards, Ben On Mon, Jan 5, 2015 at 11:49 PM, Dmitri Pal d...@redhat.com wrote: On 01/05/2015 01:31 PM, Ben .T.George wrote: HI Thanks

[Freeipa-users] How to check IPA -- AD trust from command line

2015-01-05 Thread Ben .T.George
Hi LIst, how to check IPA - Active directory trust relationship . i just want to confirm my ipa server is working fine. Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on

Re: [Freeipa-users] ipa host-add and service add command to add solaris 10

2015-01-06 Thread Ben .T.George
, 2015 at 11:35 PM, Rob Crittenden rcrit...@redhat.com wrote: Ben .T.George wrote: HI i was trying to ass solaris 10 client from command line. Host add comand went successfully and service add for /host is giving error. please check below output and help me to solve this [root

[Freeipa-users] clarification regarding krb5.conf file

2015-01-07 Thread Ben .T.George
Hi List correct me if i am wrong. currently my client krb5.conf holding AD details. and my client is Solaris here is my file. bash-3.2# more /etc/krb5/krb5.conf [libdefaults] default_realm = KWTTESTDC.COM [realms] KWTTESTDC.COM = { kdc = kwttestdc001.kwttestdc.com:88 admin_server =

Re: [Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

2015-01-03 Thread Ben .T.George
Pal d...@redhat.com wrote: On 12/21/2014 07:50 PM, Fraser Tweedale wrote: On Sun, Dec 21, 2014 at 09:03:17AM +0300, Ben .T.George wrote: Hi List how can i configure solaris 10 sparc and x86 as ipa clients. Regards, Ben Hi Ben, Please follow the Solaris 8/9/10 instructions on the wiki

Re: [Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

2015-01-04 Thread Ben .T.George
is working fine. bcoz i tested by adding linux(centos) as IPA client by using client ass ipa commands. Regards, Ben On Sun, Jan 4, 2015 at 7:11 PM, Dmitri Pal d...@redhat.com wrote: On 01/04/2015 02:10 AM, Ben .T.George wrote: HI This is i am struggling to get this working on Solaris x86 client

Re: [Freeipa-users] clarification regarding krb5.conf file

2015-01-07 Thread Ben .T.George
(client) : kwttestsolaris10.solipa.local Active Directory: kwttestdc001.kwttestdc.com Regards, Ben On Wed, Jan 7, 2015 at 2:11 PM, Ben .T.George bentech4...@gmail.com wrote: Hi List correct me if i am wrong. currently my client krb5.conf holding AD details. and my client is Solaris here is my

Re: [Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

2015-01-04 Thread Ben .T.George
/Configuring_an_IPA_Client_on_Solaris.html http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html Regards,Ben On Mon, Jan 5, 2015 at 12:34 AM, Dmitri Pal d...@redhat.com wrote: On 01/04/2015 01:19 PM, Ben .T.George wrote: HI Thanks for the replay. i

Re: [Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

2015-01-05 Thread Ben .T.George
platforms. thanks Regards, Ben On Mon, Jan 5, 2015 at 6:54 PM, Dmitri Pal d...@redhat.com wrote: On 01/05/2015 10:51 AM, Dmitri Pal wrote: On 01/04/2015 10:30 PM, Ben .T.George wrote: HI yes you are right. Linux clients working and IPA is in trust relationship with AD. currently i am

Re: [Freeipa-users] How to check IPA -- AD trust from command line

2015-01-06 Thread Ben .T.George
, Jan 6, 2015 at 6:41 PM, Sumit Bose sb...@redhat.com wrote: On Tue, Jan 06, 2015 at 07:19:15AM -0700, Rich Megginson wrote: On 01/05/2015 08:35 PM, Ben .T.George wrote: Hi LIst, how to check IPA - Active directory trust relationship . i just want to confirm my ipa server is working

Re: [Freeipa-users] How to check IPA -- AD trust from command line

2015-01-06 Thread Ben .T.George
~]# id adm-ben.george id: adm-ben.george: no such user Regards, Ben On Tue, Jan 6, 2015 at 8:03 PM, Sumit Bose sb...@redhat.com wrote: On Tue, Jan 06, 2015 at 07:52:20PM +0300, Ben .T.George wrote: Hi I Tried on IPA server and below is my output: [root@kwtpocpbis01 ~]# kinit adm-ben.geo

Re: [Freeipa-users] How to check IPA -- AD trust from command line

2015-01-06 Thread Ben .T.George
(ad_admins),1198400513(domain us...@kwttestdc.com) i was trying the kinit command on solaris . -C key is not there Thanks Regards, Ben On Tue, Jan 6, 2015 at 8:18 PM, Sumit Bose sb...@redhat.com wrote: On Tue, Jan 06, 2015 at 08:13:17PM +0300, Ben .T.George wrote: HI thanks for the replay

[Freeipa-users] ipa: ERROR: CIFS server communication error: code -1073741771,

2015-03-18 Thread Ben .T.George
Hi i am getting ipa: ERROR: CIFS server communication error: code -1073741771, while doing [root@kwtpocpbis02 ~]# ipa trust-add --type=ad infra.com --admin Administrator --password Active Directory domain administrator's password: ipa: ERROR: CIFS server communication error: code -1073741771,

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code -1073741771,

2015-03-18 Thread Ben .T.George
HI thanks for the reply i have created PTR record for IPA server under reverse lookup zone manually and ipa server resolving from AD how can i solve trhis issue.? On Wed, Mar 18, 2015 at 12:15 PM, Alexander Bokovoy aboko...@redhat.com wrote: On Wed, 18 Mar 2015, Ben .T.George wrote: Hi

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code -1073741771,

2015-03-18 Thread Ben .T.George
HI i saw the this in BZ and it's closed my mentioning it's got resolved on RHEL/Centos 7. But i am already using 7 . please anyone help me to fix this? Regards, Nem On Wed, Mar 18, 2015 at 11:19 AM, Ben .T.George bentech4...@gmail.com wrote: Hi i am getting ipa: ERROR: CIFS server

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code -1073741771,

2015-03-18 Thread Ben .T.George
weight = 100 port = 389 svr hostname = kwtpocpbis02.solaris.com kwtpocpbis02.solaris.cominternet address = 172.16.107.135 On Wed, Mar 18, 2015 at 12:21 PM, Ben .T.George bentech4...@gmail.com wrote: HI thanks for the reply i have created

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code -1073741771,

2015-03-18 Thread Ben .T.George
HI i saw this ticket and' 13 months old https://fedorahosted.org/freeipa/ticket/4202 is this fixed? i think the mentioned patch is for 3.3 Regards, Ben On Wed, Mar 18, 2015 at 12:24 PM, Ben .T.George bentech4...@gmail.com wrote: this is the result from AD C:\Users\Administratornslookup

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code -1073741771,

2015-03-18 Thread Ben .T.George
Bokovoy aboko...@redhat.com wrote: On Wed, 18 Mar 2015, Ben .T.George wrote: no, this is new host-name i am choosed. anyway how to check is there any existing solaris.com in AD, under DNS management, i cannot see anything You can search with ldapsearch, something like this, from IPA master

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code -1073741771,

2015-03-18 Thread Ben .T.George
no, this is new host-name i am choosed. anyway how to check is there any existing solaris.com in AD, under DNS management, i cannot see anything Regards, Ben On Wed, Mar 18, 2015 at 12:45 PM, Alexander Bokovoy aboko...@redhat.com wrote: On Wed, 18 Mar 2015, Ben .T.George wrote: HI i saw

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code -1073741771,

2015-03-18 Thread Ben .T.George
,DC=com # search result search: 2 result: 0 Success # numResponses: 4 # numReferences: 3 You have new mail in /var/spool/mail/root but there is no solaris.com in this output On Wed, Mar 18, 2015 at 1:38 PM, Alexander Bokovoy aboko...@redhat.com wrote: On Wed, 18 Mar 2015, Ben .T.George wrote

[Freeipa-users] solaris to free IPA user issue

2015-03-15 Thread Ben .T.George
HI i am using free ipa 4.1.2 on centos 7. from root user, i can able to switch to IPA user : su ben but from any other user if i try that, it's asking for password. if i gave the correct passord also, its not accepting .This is what i am getting bash-3.2$ su jude Password: su: Sorry and on

[Freeipa-users] solaris 10 ad authentication happening with only one user

2015-03-15 Thread Ben .T.George
Hi LIst, i have successfully configured my solaris 10 with AD through IPA 4.1.2 the issue i am facing is,only one AD user can able to solaris here is the getent passwd: skipped nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:

[Freeipa-users] Only one AD user can able to login to IPA server

2015-03-17 Thread Ben .T.George
HI List i was following this link : http://www.freeipa.org/page/Active_Directory_trust_setup#Assumptions to setup IPA server my IPA version is 4.1.2 every setps in this tutorials was passed without any error even *Allow access for users from AD domain to protected resources* went successfully

Re: [Freeipa-users] Only one AD user can able to login to IPA server

2015-03-17 Thread Ben .T.George
...@infra.com from 10.18.2.130 port 64782 ssh2 Mar 17 12:44:59 kwtpocpbis01 sshd[15840]: pam_unix(sshd:session): session opened for user b...@infra.com by (uid=0) On Tue, Mar 17, 2015 at 12:09 PM, Jakub Hrozek jhro...@redhat.com wrote: On Tue, Mar 17, 2015 at 11:37:24AM +0300, Ben .T.George wrote

Re: [Freeipa-users] Only one AD user can able to login to IPA server

2015-03-17 Thread Ben .T.George
: DEBUG: stdout= ipa: DEBUG: stderr= ipa: DEBUG: Destroyed connection context.rpcclient ipa: ERROR: Insufficient access: CIFS server denied your credentials On Tue, Mar 17, 2015 at 1:06 PM, Ben .T.George bentech4...@gmail.com wrote: another thing i notice is: [root@kwtpocpbis01 ~]# kinit admin

Re: [Freeipa-users] Only one AD user can able to login to IPA server

2015-03-17 Thread Ben .T.George
@kwtpocpbis01 ~]# klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin@SOLARIS.LOCAL Valid starting Expires Service principal 03/17/2015 13:04:29 03/18/2015 13:04:26 krbtgt/SOLARIS.LOCAL@SOLARIS.LOCAL On Tue, Mar 17, 2015 at 12:57 PM, Ben .T.George bentech4

Re: [Freeipa-users] Only one AD user can able to login to IPA server

2015-03-17 Thread Ben .T.George
Hi all how can i fix this issue.? even i tried to trust add AD again. that too failed. from where i need to troubleshoot ? On Tue, Mar 17, 2015 at 3:02 PM, Ben .T.George bentech4...@gmail.com wrote: Hi i did kinit [root@kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab kinit: Keytab

Re: [Freeipa-users] Only one AD user can able to login to IPA server

2015-03-17 Thread Ben .T.George
replied to ping On Tue, Mar 17, 2015 at 1:27 PM, Jakub Hrozek jhro...@redhat.com wrote: On Tue, Mar 17, 2015 at 12:57:27PM +0300, Ben .T.George wrote: HI i have enabled debug here is my sssd.conf [root@kwtpocpbis01 ~]# cat /etc/sssd/sssd.conf [domain/solaris.local

Re: [Freeipa-users] Only one AD user can able to login to IPA server

2015-03-17 Thread Ben .T.George
]]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication. On Tue, Mar 17, 2015 at 2:23 PM, Ben .T.George bentech4...@gmail.com wrote: HI i have changed like this: [root@kwtpocpbis01 yum.repos.d]# more /etc/sssd/sssd.conf [domain/solaris.local

Re: [Freeipa-users] Only one AD user can able to login to IPA server

2015-03-17 Thread Ben .T.George
...@redhat.com wrote: On Tue, Mar 17, 2015 at 02:38:41PM +0300, Ben .T.George wrote: here is separated logs: tail -f sssd_solaris.local.log Thank you, see inline: (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_get_tgt_recv] (0x0400): Child responded: 14 [Decrypt integrity

Re: [Freeipa-users] solaris 10 ad authentication happening with only one user

2015-03-16 Thread Ben .T.George
HI the user Ben is from Ad, how can i assign shell to that user.? Regards, Ben On Sun, Mar 15, 2015 at 7:14 PM, Gianluca Cecchi gianluca.cec...@gmail.com wrote: Il 15/Mar/2015 11:04 Ben .T.George bentech4...@gmail.com ha scritto: here is the getent passwd: skipped nobody4:x:65534

Re: [Freeipa-users] IPA web ui always giving Your session has expired. Please re-login.

2015-03-09 Thread Ben .T.George
, thanks for information. I would still love to know the real root cause, but we will now find it now I assume. Of this issue re-appears, let us know :-) Thanks, Martin On 03/09/2015 09:10 AM, Ben .T.George wrote: Hi Martin, thanks for your replay. yesterday i did lot of this to fix

Re: [Freeipa-users] IPA web ui always giving Your session has expired. Please re-login.

2015-03-09 Thread Ben .T.George
the session data? Thanks, Martin On 03/08/2015 11:44 AM, Ben .T.George wrote: i was inspecting the page and got below response. http://s21.postimg.org/itv5hf0h3/asdasd.jpg http://s3.postimg.org/f6knomt1f/Capture.jpg please anyone help me to solve this issue. i just want to create

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

2015-03-11 Thread Ben .T.George
related to that. now i am little bit confident up to this level. and if everything is working fine, i will try to create automated script for IPA join Regards, Ben On Wed, Mar 11, 2015 at 7:32 PM, Dmitri Pal d...@redhat.com wrote: On 03/11/2015 09:50 AM, Ben .T.George wrote: HI i can able

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

2015-03-12 Thread Ben .T.George
[mailto: freeipa-users-boun...@redhat.com] *On Behalf Of *Ben .T.George *Sent:* Wednesday, March 11, 2015 11:22 AM *To:* dpal *Cc:* freeipa-users *Subject:* Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login from BZ While we value your interest

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

2015-03-11 Thread Ben .T.George
, Rob Crittenden rcrit...@redhat.com wrote: Ben .T.George wrote: HI thanks for the rply. even i tried native auto_master file with directory checking script. if i feed the user manually to the script, the directory is creating and while login request comes, it didn't. i don't think

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

2015-03-11 Thread Ben .T.George
not authenticate with AD, IPA user can login on solaris box On Wed, Mar 11, 2015 at 9:11 PM, Dmitri Pal d...@redhat.com wrote: On 03/11/2015 01:56 PM, Ben .T.George wrote: HI yea , i saw that mail thread and he claims that he achieved somehow. but not clear. and the steps mentioned is too

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

2015-03-11 Thread Ben .T.George
wiki :) as there are many solaris related documents which is pretty old. anyway still waiting for rply Regards, Ben On Wed, Mar 11, 2015 at 8:49 PM, Dmitri Pal d...@redhat.com wrote: On 03/11/2015 01:18 PM, Ben .T.George wrote: HI thanks for the rply. even i tried native auto_master

Re: [Freeipa-users] IPA web ui always giving Your session has expired. Please re-login.

2015-03-08 Thread Ben .T.George
ed (, Unknown error), referer: https://kwtpocpbis01.solaris.local/ipa/ui/ On Sun, Mar 8, 2015 at 12:48 PM, Ben .T.George bentech4...@gmail.com wrote: Hi i checked the services and below is my output [root@kwtpocpbis01 ipa_memcached]# ps -ef | grep ipa_memcached apache

Re: [Freeipa-users] IPA web ui always giving Your session has expired. Please re-login.

2015-03-08 Thread Ben .T.George
: RUNNING smb Service: RUNNING winbind Service: RUNNING ipa-otpd Service: RUNNING ipa-dnskeysyncd Service: RUNNING ipa: INFO: The ipactl command was successful On Sun, Mar 8, 2015 at 10:54 AM, Ben .T.George bentech4...@gmail.com wrote: HI i have free IPA 4.1.2 installed. my web ui always giving

Re: [Freeipa-users] IPA web ui always giving Your session has expired. Please re-login.

2015-03-08 Thread Ben .T.George
] [:error] [pid 3003] ipa: DEBUG: no ccache, need login [Sun Mar 08 13:16:29.922265 2015] [:error] [pid 3003] ipa: DEBUG: jsonserver_session: 401 Unauthorized need login On Sun, Mar 8, 2015 at 1:02 PM, Ben .T.George bentech4...@gmail.com wrote: this is the error mesage i am getting on httpd

[Freeipa-users] IPA web ui always giving Your session has expired. Please re-login.

2015-03-08 Thread Ben .T.George
HI i have free IPA 4.1.2 installed. my web ui always giving Your session has expired. Please re-login. even i tried from different computer.different browsers.. how can i fix this.? -- Manage your subscription for the Freeipa-users mailing list:

[Freeipa-users] how can i configure solaris10 as freeIPA 4.1.2 client

2015-03-07 Thread Ben .T.George
Hi list i have working IPA server were AD users can login to IPA server how can i configure solaris 10 as IPA 4.1.2 client.? i saw many tutorials in IPA domain and got confused . Which one i need to follow currently i am trying with X86 version of solaris and later i need to try on SPARC

Re: [Freeipa-users] IPA web ui always giving Your session has expired. Please re-login.

2015-03-08 Thread Ben .T.George
i was inspecting the page and got below response. http://s21.postimg.org/itv5hf0h3/asdasd.jpg http://s3.postimg.org/f6knomt1f/Capture.jpg please anyone help me to solve this issue. i just want to create one local user in IPA On Sun, Mar 8, 2015 at 1:17 PM, Ben .T.George bentech4...@gmail.com

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

2015-03-12 Thread Ben .T.George
: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login Date: Wed, 11 Mar 2015 21:22:02 +0300 From: Ben .T.George bentech4...@gmail.com bentech4...@gmail.com Reply-To: bentech4...@gmail.com To: dpal d...@redhat.com d...@redhat.com CC: freeipa-users

[Freeipa-users] how can i create home directories automatically on solaris while IPA user login

2015-03-11 Thread Ben .T.George
HI i can able to reach upto level that IPA user can able to login on solaris box, but how can i create home directories automatically on solaris while IPA user login. even i change the shell in IPA web interface that is getting affected. i saw some option in IPA 3.3 web interface like automount

[Freeipa-users] how can i give set of users to one particular host

2015-03-24 Thread Ben .T.George
HI i am using IPA 3.3 and my client is solaris 10. how can i give only some set of users to this client without creating user group in ad? thanks Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to

Re: [Freeipa-users] how can i give set of users to one particular host

2015-03-24 Thread Ben .T.George
please anyone share bit more information on this like real example On Tue, Mar 24, 2015 at 9:03 PM, Rob Crittenden rcrit...@redhat.com wrote: Dmitri Pal wrote: On 03/24/2015 01:15 PM, Ben .T.George wrote: Hi current stage is AD users can able to login to solaris box. But i don't up

Re: [Freeipa-users] how can i give set of users to one particular host

2015-03-24 Thread Ben .T.George
: On 03/24/2015 07:20 AM, Ben .T.George wrote: HI i am using IPA 3.3 and my client is solaris 10. how can i give only some set of users to this client without creating user group in ad? thanks Regards, Ben You can create a group in IPA and make Solaris check that group

[Freeipa-users] ipa: ERROR: Cannot find specified domain or server name

2015-04-01 Thread Ben .T.George
HI i have installed latest FreeIPA 4.1.4 on RHEL 7.1 My DNS is working fine. I am getting good response [root@kwtprsolipa01 ~]# for i in _ldap._tcp _kerberos._tcp _kerberos._udp _kerberos-master._tcp _kerberos-master._udp _ntp._udp; do echo ; dig @mha.local ${i}.SUN.LOCAL srv +nocmd +noquestion

Re: [Freeipa-users] how can i give set of users to one particular host

2015-03-29 Thread Ben .T.George
at 9:19 PM, Rob Crittenden rcrit...@redhat.com wrote: Ben .T.George wrote: please anyone share bit more information on this like real example As we've said many times before, we have very little real experience on Solaris. We do the best we can and sometimes that is going to be in the form

Re: [Freeipa-users] FreeIPA 3.3 AD- Solaris is working but solaris local users cannot able to login

2015-03-23 Thread Ben .T.George
HI i created the home directory manually and copied the profile. i tried to access the solaris box from putty and still it's not accepting password. On Mon, Mar 23, 2015 at 11:03 AM, Ben .T.George bentech4...@gmail.com wrote: HI List finally after soo much struggling now i can able

[Freeipa-users] ipa group-add-member failed

2015-03-02 Thread Ben .T.George
HI i am getting below error. please anyone tell me what does it mean [root@kwttstfreipa01 ~]# ipa group-add-member ad_admins_external --external 'KWTTESTDC\Domain Admins' [member user]: [member group]: Group name: ad_admins_external Description: kwttestdc.com admins external map Failed

Re: [Freeipa-users] ipa group-add-member failed

2015-03-02 Thread Ben .T.George
or not.? Regards, Ben On Mon, Mar 2, 2015 at 10:10 PM, Alexander Bokovoy aboko...@redhat.com wrote: On Mon, 02 Mar 2015, Ben .T.George wrote: HI i am getting below error. please anyone tell me what does it mean [root@kwttstfreipa01 ~]# ipa group-add-member ad_admins_external --external

Re: [Freeipa-users] ipa group-add-member failed

2015-03-02 Thread Ben .T.George
Bokovoy aboko...@redhat.com wrote: On Mon, 02 Mar 2015, Ben .T.George wrote: HI trust was successful ipa trust-add --type=ad *ad_domain* --admin Administrator --password and i got output like below Active directory domain administrator's password

[Freeipa-users] Trust is successful and getting error while creating groups.

2015-03-04 Thread Ben .T.George
Hi i have re-installed everything . my current versions are Centos 7 with IPA 4.1 i followed this tutorial: http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup when i fetch , it went successful: *[root@kwtpocpbis01 ~]# ipa trustdomain-find infra.com http://infra.com* * Domain name:

[Freeipa-users] how can i fix ipa: ERROR: AD DC was unable to reach any IPA domain controller

2015-03-03 Thread Ben .T.George
HI i have re-installed IPA with latest 4.1 version. installed packages by using https://copr.fedoraproject.org/coprs/mkosek/freeipa/ repos # ipa-server-install went successfully without any error an it says the same on log files *[root@kwtpocpbis01 ~]# kinit admin* *Password for

Re: [Freeipa-users] how can i fix ipa: ERROR: AD DC was unable to reach any IPA domain controller

2015-03-03 Thread Ben .T.George
domain controller complains about communication sequence. It may mean unsynchronized time on both sides, for example* This is the the same story happend with IPA 3.3 before Regards, Ben On Wed, Mar 4, 2015 at 9:06 AM, Ben .T.George bentech4...@gmail.com wrote: HI i have re-installed IPA

[Freeipa-users] how can i avoid error :ipa: ERROR: AD domain controller complains about communication sequence. It may mean unsynchronized time on both sides

2015-03-03 Thread Ben .T.George
HI i am getting below error while trying* ipa trust-fetch-domains kwttestdc.com http://kwttestdc.com * ipa: ERROR: AD domain controller complains about communication sequence. It may mean unsynchronized time on both sides time is synced through ntpd and there is no time difference between ad

Re: [Freeipa-users] ipa group-add-member failed

2015-03-03 Thread Ben .T.George
...@redhat.com wrote: On Mon, 02 Mar 2015, Ben .T.George wrote: Hi please find below output [root@kwttstfreipa01 ~]# kinit admin Password for admin@SOLIPA.LOCAL: [root@kwttstfreipa01 ~]# id admin uid=75680(admin) gid=75680(admins) groups=75680(admins) [root@kwttstfreipa01

Re: [Freeipa-users] ipa group-add-member failed

2015-03-03 Thread Ben .T.George
...@redhat.com wrote: On Tue, 03 Mar 2015, Ben .T.George wrote: HI thanks for the replay. iwas going through the replays and find that you suggested to check firewall and DNS What do you see in /var/log/httpd/error_log as result of dumping netr_LogonControl2Ex structure? You never showed

Re: [Freeipa-users] Only one AD user can able to login to IPA server

2015-03-17 Thread Ben .T.George
...@redhat.com wrote: On Tue, 17 Mar 2015, Ben .T.George wrote: Hi i did kinit [root@kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab kinit: Keytab contains no suitable keys for host/kwtpocpbis01.solaris.local@SOLARIS.LOCAL while getting initial credentials i destroyed and re-created

[Freeipa-users] FreeIPA 3.3 AD- Solaris is working but solaris local users cannot able to login

2015-03-23 Thread Ben .T.George
HI List finally after soo much struggling now i can able to login solaris box as AD user. but auto home directory creation still have issue. for that i need to compile some modules. The issue i am facing is i cannot able to login to solaris box after editing pam.conf file.here is the conf file

Re: [Freeipa-users] Your session has expired. Please re-login.

2015-04-03 Thread Ben .T.George
HI i was facing the same issue last week and it got fixed now. always user WUI from firefox. install Kerbros plugin and certificate from ipa help page check time(ntp) Destroy and recreate ticket (Kdestroy kinit admin) restart krb5kdc,sssd httpd services restart ipactl (ipactl restart)

Re: [Freeipa-users] Your session has expired. Please re-login.

2015-04-03 Thread Ben .T.George
no, it's because of wrong ticket i guess. try the steps and let us know the output On Fri, Apr 3, 2015 at 2:23 PM, Andrew Holway andrew.hol...@gmail.com wrote: On Friday, 3 April 2015, Ben .T.George bentech4...@gmail.com wrote: HI i was facing the same issue last week and it got fixed

Re: [Freeipa-users] krb5kdc: Server error

2015-04-08 Thread Ben .T.George
;; MSG SIZE rcvd: 68 On Wed, Apr 8, 2015 at 1:27 PM, Traiano Welcome trai...@gmail.com wrote: Hi Ben On Wed, Apr 8, 2015 at 12:39 PM, Ben .T.George bentech4...@gmail.com wrote: HI i am getting krb5kdc: Server error on ligs: krb5kdc: Server error - while fetching master key K/M

[Freeipa-users] krb5kdc: Server error

2015-04-08 Thread Ben .T.George
HI i am getting krb5kdc: Server error on ligs: krb5kdc: Server error - while fetching master key K/M for realm SUN.LOCAL and the ipactl status is taking long time. Web interface is not able to athenticate. If i issue ipactl restart, noting is happening to solve this issue currently i am

Re: [Freeipa-users] IPA web interface always giving Your session has expired. Please re-login.

2015-04-01 Thread Ben .T.George
everything is default. but now the issue solved after many restart,kinit ipactl restart don't still don't know how it got fixed Regards, Ben On Wed, Apr 1, 2015 at 8:31 PM, Nalin Dahyabhai na...@redhat.com wrote: On Wed, Apr 01, 2015 at 07:45:10PM +0300, Ben .T.George wrote: HI yes i

Re: [Freeipa-users] IPA web interface always giving Your session has expired. Please re-login.

2015-04-01 Thread Ben .T.George
/2015 12:32 PM, Ben .T.George wrote: Hi I have re-installed verything from RHEL 7.1 DVD and current ipa version is 4.0.1 everything is working including AD trust. but my web interface always giving Your session has expired. Please re-login. i faced the issue before that time i destroyed

[Freeipa-users] IPA web interface always giving Your session has expired. Please re-login.

2015-04-01 Thread Ben .T.George
Hi I have re-installed verything from RHEL 7.1 DVD and current ipa version is 4.0.1 everything is working including AD trust. but my web interface always giving Your session has expired. Please re-login. i faced the issue before that time i destroyed kerbros ticket (Kdestroy) and initiated

Re: [Freeipa-users] IPA web interface always giving Your session has expired. Please re-login.

2015-04-01 Thread Ben .T.George
HI i have checked from chrome and got 401 error: This is what exactly i reported 3 weeks back :( http://s1.postimg.org/41ik3o1hr/kerb.jpg Regards, Ben On Wed, Apr 1, 2015 at 7:45 PM, Ben .T.George bentech4...@gmail.com wrote: HI yes i have creared cache. tried from different browsers

Re: [Freeipa-users] What id my AD domain user password not available

2016-05-26 Thread Ben .T.George
example.com). I'm not familiar with setting up FreeIPA with an > external DNS, but I'm sure there are some instructions out there. > > -Mike > > -Original Message- > From: "Ben .T.George" > Sent: May 23, 2016 2:22 PM > To: Michael ORourke > Cc: freeipa-us

Re: [Freeipa-users] What id my AD domain user password not available

2016-05-26 Thread Ben .T.George
TC_TABS\Domain Users: trusted domain object not found * - Number of members added 0 - This is what my trust properties from AD. Trust type is showing as realm [image: Inline image 1] How can i fix this issue. On Thu, May 26, 2016 at 10:32 PM, Ben

Re: [Freeipa-users] What id my AD domain user password not available

2016-05-27 Thread Ben .T.George
<aboko...@redhat.com> wrote: > On Fri, 27 May 2016, Ben .T.George wrote: > >> HI >> >> i ran some commands from AD side and the Trust status got changed.Below is >> the command i used on AD >> >> netdom trust /d: /verify >> >>

[Freeipa-users] Install best practice -

2016-05-29 Thread Ben .T.George
Hi I would like to know how can i proceed with best practices My AD domain is : corp.examle.com.kw My DNS (appliances ) : kw.test.com All my clients are pointed to kw.test.com including AD. How can i proceed with Free IPA installation? where i need to manage DNS of freeipa master server?

Re: [Freeipa-users] Install best practice -

2016-05-29 Thread Ben .T.George
il.com> wrote: > > > On Sun, May 29, 2016 at 7:11 PM, Ben .T.George <bentech4...@gmail.com> > wrote: > >> Hi >> >> I would like to know how can i proceed with best practices >> >> My AD domain is : corp.examle.com.kw >> My DNS (appliances

[Freeipa-users] error while adding conditional forwarder for AD domain

2016-04-13 Thread Ben .T.George
Hi LIst, getting below error while adding conditional forwarder for AD domain on IPA [root@ipa ~]# ipa dnsforwardzone-add ad.example.com --forwarder=192.168.37.131 --forward-policy=only Server will check DNS forwarder(s). This may take some time, please wait ... ipa: ERROR: DNS check for domain

Re: [Freeipa-users] Good IPA implementation guide

2016-04-12 Thread Ben .T.George
he ‘Identity Management’ section in the RHEL > documentation: > > > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/ > > > > Josh > > > > *From:* freeipa-users-boun...@redhat.com [mailto: > freeipa-users-boun...@redhat.com] *On B

[Freeipa-users] From where can i get repo details for FreeIPA 4.3.1 version

2016-04-12 Thread Ben .T.George
Hi List, Ffrom where can i get repo details for FreeIPA 4.3.1 version. the link provided in website is broken. https://www.freeipa.org/page/Releases/4.3.1 please someone give me right package details. Regards, Ben -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] HBAC implementation help

2016-04-29 Thread Ben .T.George
HI Thanks for your reply. can i do this external group mapping from web UI? On Fri, Apr 29, 2016 at 10:50 AM, Jakub Hrozek <jhro...@redhat.com> wrote: > On Fri, Apr 29, 2016 at 12:03:42AM +0300, Ben .T.George wrote: > > Hi List, > > > > i have a working setup of IPA

[Freeipa-users] ipa trust-fetch-domains failing.

2016-04-29 Thread Ben .T.George
Hi while issuing ipa trust-fetch-domains, i am getting below error. i have created new security group in AD and i want to add this to external group. [root@freeipa ~]# ipa trust-fetch-domains "kwttestdc.com.kw" ipa: ERROR: error on server 'freeipa.idm.local': Fetching domains from trusted fo

[Freeipa-users] HBAC with Active directory group is not working

2016-04-29 Thread Ben .T.George
Hi List, I have working setup of one AD, one IPA server and one client server. by default i can login to client server by using AD username. i want to apply HBAC rules against this client server. For that i have done below steps. 1. created External group in IPA erver 2. created local POSIX

Re: [Freeipa-users] HBAC with Active directory group is not working

2016-04-29 Thread Ben .T.George
HI If i disable allow_all <https://freeipa.idm.local/ipa/ui/#allow_all> rule, i cannot able to login to client machine. On Fri, Apr 29, 2016 at 7:05 PM, Ben .T.George <bentech4...@gmail.com> wrote: > HI > > actually i have added Domain Admins and the user ben is not pa

Re: [Freeipa-users] HBAC with Active directory group is not working

2016-04-29 Thread Ben .T.George
surprisingly i have created some local IPA users and added to same HBAC rule, and removed AD grop ad applied this rule to client, and that got worked. How can i make this AD group with HBAC working? Regards, Ben On Fri, Apr 29, 2016 at 7:12 PM, Ben .T.George <bentech4...@gmail.com> wrote:

Re: [Freeipa-users] HBAC with Active directory group is not working

2016-04-29 Thread Ben .T.George
ee details in the error_log Thanks & Regards, Ben On Fri, Apr 29, 2016 at 6:33 PM, Ben .T.George <bentech4...@gmail.com> wrote: > Hi Alex, > > yea my mistake. > > i was following u this > > > http://www.freeipa.org/page/Active_Directory_trust_setup#Allow_access_

Re: [Freeipa-users] HBAC with Active directory group is not working

2016-04-29 Thread Ben .T.George
...@kwttestdc.com.kw <us...@kwttestdc.com.kw>*),1827801105(sudo adm...@kwttestdc.com.kw) On Fri, Apr 29, 2016 at 6:58 PM, Ben .T.George <bentech4...@gmail.com> wrote: > HI > > while explaning here it went wrong. actually i did is" > Added external group to POSIX group&q

Re: [Freeipa-users] HBAC with Active directory group is not working

2016-04-29 Thread Ben .T.George
Hi Alex, yea my mistake. i was following u this http://www.freeipa.org/page/Active_Directory_trust_setup#Allow_access_for_users_from_AD_domain_to_protected_resources On Fri, Apr 29, 2016 at 6:03 PM, Alexander Bokovoy <aboko...@redhat.com> wrote: > On Fri, 29 Apr 2016, Ben .T.Geo

Re: [Freeipa-users] HBAC with Active directory group is not working

2016-04-29 Thread Ben .T.George
HI while explaning here it went wrong. actually i did is" Added external group to POSIX group" On Fri, Apr 29, 2016 at 6:56 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > On Fri, Apr 29, 2016 at 06:32:28PM +0300, Ben .T.George wrote: > > HI, > > > > "T

Re: [Freeipa-users] HBAC with Active directory group is not working

2016-04-29 Thread Ben .T.George
HI, "The other is that the groups might not show up on the client (do they?)" how can i check that. Thanks Ben On Fri, Apr 29, 2016 at 5:59 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > On Fri, Apr 29, 2016 at 05:38:30PM +0300, Ben .T.George wrote: > > Hi List, >

Re: [Freeipa-users] ipa trust-fetch-domains failing.

2016-04-30 Thread Ben .T.George
HI All this issue has solved On Sat, Apr 30, 2016 at 9:16 AM, Ben .T.George <bentech4...@gmail.com> wrote: > when i am running ipa trust-fetch-domains "kwttestdc.com.kw" , i am > getting below error in error_log > > [Sat Apr 30 09:14:25.107449 2016] [:error] [

Re: [Freeipa-users] HBAC with Active directory group is not working

2016-04-30 Thread Ben .T.George
and here is my sssd debug log from client side http://pastebin.com/ud2q3FR5 On Sat, Apr 30, 2016 at 10:06 AM, Ben .T.George <bentech4...@gmail.com> wrote: > Hi > > Adding this this. > > in AD i habe added 2 users , ben and jude. In my HBAC rule, i pointed this >

Re: [Freeipa-users] ipa trust-fetch-domains failing.

2016-04-30 Thread Ben .T.George
@IDM.LOCAL: trust_fetch_domains(u'kwttestdc.com.kw', rights=False, all=False, raw=False, version=u'2.156'): ServerCommandError On Sat, Apr 30, 2016 at 12:00 AM, Ben .T.George <bentech4...@gmail.com> wrote: > Hi > > Anyone please help me to fix this issue. > > i have create

Re: [Freeipa-users] HBAC with Active directory group is not working

2016-04-30 Thread Ben .T.George
ad_can_login Not matched rules: local_admin_can_login so my hbac is working partially. How can i fix this. Regards, Ben On Fri, Apr 29, 2016 at 7:27 PM, Ben .T.George <bentech4...@gmail.com> wrote: > surprisingly i have created some local IPA users and added to same HBAC > rule, and re

  1   2   >