Re: [Freeipa-users] Only one AD user can able to login to IPA server

Hi all how can i fix this issue.? even i tried to trust add AD again. that too failed. from where i need to troubleshoot ? On Tue, Mar 17, 2015 at 3:02 PM, Ben .T.George wrote: > Hi > > i did kinit > > [root@kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab > kinit:

Re: [Freeipa-users] Only one AD user can able to login to IPA server

015] [:error] [pid 15176] raise assess_dcerpc_exception(num=num, message=message) [Wed Mar 18 08:10:19.541675 2015] [:error] [pid 15176] ACIError: Insufficient access: Gettext('CIFS server denied your credentials', domain='ipa', localedir=None) [Wed Mar 18 08:10:19.541678 2015]

[Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

Hi i am getting "ipa: ERROR: CIFS server communication error: code "-1073741771"," while doing [root@kwtpocpbis02 ~]# ipa trust-add --type=ad infra.com --admin Administrator --password Active Directory domain administrator's password: ipa: ERROR: CIFS server communication error: code "-107374177

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

HI i saw the this in BZ and it's closed my mentioning it's got resolved on RHEL/Centos 7. But i am already using 7 . please anyone help me to fix this? Regards, Nem On Wed, Mar 18, 2015 at 11:19 AM, Ben .T.George wrote: > Hi > > i am getting "ipa: ERROR: CIFS se

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

HI thanks for the reply i have created PTR record for IPA server under reverse lookup zone manually and ipa server resolving from AD how can i solve trhis issue.? On Wed, Mar 18, 2015 at 12:15 PM, Alexander Bokovoy wrote: > On Wed, 18 Mar 2015, Ben .T.George wrote: > >> H

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

ty = 0 weight = 100 port = 389 svr hostname = kwtpocpbis02.solaris.com kwtpocpbis02.solaris.cominternet address = 172.16.107.135 On Wed, Mar 18, 2015 at 12:21 PM, Ben .T.George wrote: > HI > > thanks for the reply > > i

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

HI i saw this ticket and' 13 months old https://fedorahosted.org/freeipa/ticket/4202 is this fixed? i think the mentioned patch is for 3.3 Regards, Ben On Wed, Mar 18, 2015 at 12:24 PM, Ben .T.George wrote: > this is the result from AD > > C:\Users\Administrator>nslookup

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

no, this is new host-name i am choosed. anyway how to check is there any existing solaris.com in AD, under DNS management, i cannot see anything Regards, Ben On Wed, Mar 18, 2015 at 12:45 PM, Alexander Bokovoy wrote: > On Wed, 18 Mar 2015, Ben .T.George wrote: > >> HI >

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

# search result search: 2 result: 0 Success # numResponses: 4 # numReferences: 3 You have new mail in /var/spool/mail/root but there is no solaris.com in this output On Wed, Mar 18, 2015 at 1:38 PM, Alexander Bokovoy wrote: > On Wed, 18 Mar 2015, Ben .T.George wrote: > >> did

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

Alexander Bokovoy wrote: > On Wed, 18 Mar 2015, Ben .T.George wrote: > >> no, >> >> this is new host-name i am choosed. >> >> anyway how to check is there any existing solaris.com in AD, under DNS >> management, i cannot see anything >> > You can

[Freeipa-users] FreeIPA 3.3 AD<-> Solaris is working but solaris local users cannot able to login

HI List finally after soo much struggling now i can able to login solaris box as AD user. but auto home directory creation still have issue. for that i need to compile some modules. The issue i am facing is i cannot able to login to solaris box after editing pam.conf file.here is the conf file

Re: [Freeipa-users] FreeIPA 3.3 AD<-> Solaris is working but solaris local users cannot able to login

HI i created the home directory manually and copied the profile. i tried to access the solaris box from putty and still it's not accepting password. On Mon, Mar 23, 2015 at 11:03 AM, Ben .T.George wrote: > HI List > > finally after soo much struggling now i can able to login

[Freeipa-users] how can i give set of users to one particular host

HI i am using IPA 3.3 and my client is solaris 10. how can i give only some set of users to this client without creating user group in ad? thanks & Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://fre

Re: [Freeipa-users] how can i give set of users to one particular host

On 03/24/2015 07:20 AM, Ben .T.George wrote: > > HI > > i am using IPA 3.3 and my client is solaris 10. > > how can i give only some set of users to this client without creating > user group in ad? > > thanks & Regards, > Ben > > > > You can cre

Re: [Freeipa-users] how can i give set of users to one particular host

please anyone share bit more information on this like real example On Tue, Mar 24, 2015 at 9:03 PM, Rob Crittenden wrote: > Dmitri Pal wrote: > > On 03/24/2015 01:15 PM, Ben .T.George wrote: > >> Hi > >> > >> current stage is AD users can able to login to

Re: [Freeipa-users] how can i give set of users to one particular host

9:19 PM, Rob Crittenden wrote: > Ben .T.George wrote: > > please anyone share bit more information on this like real example > > As we've said many times before, we have very little real experience on > Solaris. We do the best we can and sometimes that is going to be in the

[Freeipa-users] ipa: ERROR: Cannot find specified domain or server name

HI i have installed latest FreeIPA 4.1.4 on RHEL 7.1 My DNS is working fine. I am getting good response [root@kwtprsolipa01 ~]# for i in _ldap._tcp _kerberos._tcp _kerberos._udp _kerberos-master._tcp _kerberos-master._udp _ntp._udp; do echo ""; dig @mha.local ${i}.SUN.LOCAL srv +nocmd +noquestio

[Freeipa-users] IPA web interface always giving "Your session has expired. Please re-login."

Hi I have re-installed verything from RHEL 7.1 DVD and current ipa version is 4.0.1 everything is working including AD trust. but my web interface always giving "Your session has expired. Please re-login." i faced the issue before that time i destroyed kerbros ticket (Kdestroy) and initiated ag

Re: [Freeipa-users] IPA web interface always giving "Your session has expired. Please re-login."

PM, Ben .T.George wrote: > > Hi > > I have re-installed verything from RHEL 7.1 DVD and current ipa version > is 4.0.1 > > everything is working including AD trust. > > but my web interface always giving "Your session has expired. Please > re-login." > >

Re: [Freeipa-users] IPA web interface always giving "Your session has expired. Please re-login."

HI i have checked from chrome and got 401 error: This is what exactly i reported 3 weeks back :( http://s1.postimg.org/41ik3o1hr/kerb.jpg Regards, Ben On Wed, Apr 1, 2015 at 7:45 PM, Ben .T.George wrote: > HI > > yes i have creared cache. tried from different browsers, tried from &

Re: [Freeipa-users] IPA web interface always giving "Your session has expired. Please re-login."

everything is default. but now the issue solved after many restart,kinit & ipactl restart don't still don't know how it got fixed Regards, Ben On Wed, Apr 1, 2015 at 8:31 PM, Nalin Dahyabhai wrote: > On Wed, Apr 01, 2015 at 07:45:10PM +0300, Ben .T.George wrote: > >

Re: [Freeipa-users] Your session has expired. Please re-login.

HI i was facing the same issue last week and it got fixed now. always user WUI from firefox. install Kerbros plugin and certificate from ipa help page check time(ntp) Destroy and recreate ticket (Kdestroy & kinit admin) restart krb5kdc,sssd & httpd services restart ipactl (ipactl restart) ch

Re: [Freeipa-users] Your session has expired. Please re-login.

no, it's because of wrong ticket i guess. try the steps and let us know the output On Fri, Apr 3, 2015 at 2:23 PM, Andrew Holway wrote: > > > On Friday, 3 April 2015, Ben .T.George wrote: > >> HI >> >> i was facing the same issue last week and it got fi

[Freeipa-users] krb5kdc: Server error

HI i am getting krb5kdc: Server error on ligs: krb5kdc: Server error - while fetching master key K/M for realm SUN.LOCAL and the ipactl status is taking long time. Web interface is not able to athenticate. If i issue ipactl restart, noting is happening to solve this issue currently i am restar

Re: [Freeipa-users] krb5kdc: Server error

; SERVER: 172.16.100.180#53(172.16.100.180) ;; WHEN: Wed Apr 08 13:54:02 AST 2015 ;; MSG SIZE rcvd: 68 On Wed, Apr 8, 2015 at 1:27 PM, Traiano Welcome wrote: > Hi Ben > > > > On Wed, Apr 8, 2015 at 12:39 PM, Ben .T.George > wrote: > > HI > > > > i a

[Freeipa-users] freeipa 4.4 online repo is down

Hi List, always https://copr.fedorainfracloud.org/ is down, is there any alternative repo were i can get IPA 4.4? Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the proje

[Freeipa-users] From where can i get latest IPA repo for centos

HI List, >From where can i get latest IPA repo for centos. the repo which i was using on copr is not working now. please anyone help me to sort it out. Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http:/

[Freeipa-users] How to disable First time password change on IPA user

HI How to disable first time password change on newly created user from web UI Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] How to implement sudo rules

Hi List, please help me to implement sudo rules. i have did below steps and still not working for me. 1. created "Sudo Command Groups" 2. Added some command (/bin/yum) and included in sudo group 3. created "sudo Rule" on that * added sudo Option as "!authenticate" * Added User Group.

[Freeipa-users] Sudo rule implementation

Hi List, please help me to implement sudo rules. i have did below steps and still not working for me. 1. created "Sudo Command Groups" 2. Added some command (/bin/yum) and included in sudo group 3. created "sudo Rule" on that * added sudo Option as "!authenticate" * Added User Group.

Re: [Freeipa-users] Sudo rule implementation

HI, thanks for your information. I have validated logs. i destroyed the current kerberos ticket and re-initiated, then the issue solved. Regards, Ben On Tue, Dec 20, 2016 at 2:24 PM, Jakub Hrozek wrote: > On Tue, Dec 20, 2016 at 01:19:15PM +0300, Ben .T.George wrote: > >

[Freeipa-users] ipa replica installation help

HI while trying to create ipa replica, i am getting below error, Replica creation using 'ipa-replica-prepare' to generate replica file is supported only in 0-level IPA domain. The current IPA domain level is 1 and thus the replica must be created by promoting an existing IPA client. To set up a

Re: [Freeipa-users] ipa replica installation help

Martin Babinsky wrote: > On 01/04/2017 07:21 AM, Ben .T.George wrote: > >> HI >> >> while trying to create ipa replica, i am getting below error, >> >> Replica creation using 'ipa-replica-prepare' to generate replica file >> is supported only i

Re: [Freeipa-users] ipa replica installation help

s Regards, Ben On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik wrote: > On 01/04/2017 10:59 AM, Ben .T.George wrote: > > HI > > > > i tried the method mentioned on that document and it end up with below > error. My > > DNS is managed by external box and i dont

Re: [Freeipa-users] ipa replica installation help

HI anyone please help me to fix this. Regards, Ben On Wed, Jan 4, 2017 at 3:12 PM, Ben .T.George wrote: > HI > > port 8009 is not listening in master server > > and i added ::1 localhost localhost.localdomain localhost6 > localhost6.localdomain6 in hosts file. >

Re: [Freeipa-users] ipa replica installation help

:12:12PM +0300, Ben .T.George wrote: > > HI > > > > port 8009 is not listening in master server > > > > and i added ::1 localhost localhost.localdomain localhost6 > > localhost6.localdomain6 in hosts file. > > > > Did you add this to the hos

Re: [Freeipa-users] ipa replica installation help

l same error. is this service restart pki-tomcatd@pki-tomcat only applicable on master server? Regards, Ben On Thu, Jan 5, 2017 at 11:12 AM, Petr Vobornik wrote: > On 01/05/2017 07:10 AM, Ben .T.George wrote: > > HI > > > > yes i did the same and still port is not liste

Re: [Freeipa-users] ipa replica installation help

: man:firewalld(1) [root@zkwipamstr01 ~]# sestatus SELinux status: disabled On Thu, Jan 5, 2017 at 1:05 PM, Fraser Tweedale wrote: > On Thu, Jan 05, 2017 at 12:43:47PM +0300, Ben .T.George wrote: > > HI, > > > > on master server and replica server, i have enabled

Re: [Freeipa-users] ipa replica installation help

HI List, how can i solve this? is this a bug ,normal behavior or any missing configuration from my end, Till now i didn't get ant clue on this. Regards Ben On Thu, Jan 5, 2017 at 1:21 PM, Fraser Tweedale wrote: > On Thu, Jan 05, 2017 at 01:08:58PM +0300, Ben .T.George wrote

Re: [Freeipa-users] ipa replica installation help

Hi LIst, is there anyone faces/fixed this issue? Regards, BEn On Sun, Jan 8, 2017 at 7:03 AM, Ben .T.George wrote: > HI List, > > how can i solve this? is this a bug ,normal behavior or any missing > configuration from my end, > > Till now i didn't get ant clue on

[Freeipa-users] while doing ipa-getkeytab , getting Operation failed! PrincipalName not found.

Hi List i was trying to add linux machine manually as client. iwas following this http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/linux-manual.html while doing ipa-getkeytab on FreeIpa server, i am getting error like " Operation failed! PrincipalName not found." please help me t

[Freeipa-users] how to configure Linux Cent Os as ipa client manual installation

Hi I was trying to configure centos as ipa client and got failed with that,. anyone please help me to configure centos as ipa client through manual configuration. Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

Hi List how can i configure solaris 10 sparc and x86 as ipa clients. Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

2, 2014 at 3:50 AM, Fraser Tweedale wrote: > On Sun, Dec 21, 2014 at 09:03:17AM +0300, Ben .T.George wrote: > > Hi List > > > > how can i configure solaris 10 sparc and x86 as ipa clients. > > > > Regards, > > Ben > > Hi Ben, > > Plea

Re: [Freeipa-users] Integration with Solaris 10

Hi Dmitri i was trying this from last 3 weeks. can you please give us more details about this. I tried ldapclient and i got lot of dependency service related error. can you please give me list of services and configuration file need to change/enable before trying ldapclient ? once again thanks

Re: [Freeipa-users] Integration with Solaris 10

Hi Oops sorry. i wrongly addressed you. Actually that question i asked is to Mr. Watson. Regards, Ben On Sat, Jan 3, 2015 at 10:17 PM, Dmitri Pal wrote: > On 01/03/2015 03:26 AM, Ben .T.George wrote: > > Hi Dmitri > > > i was trying this from last 3 weeks. can you p

Re: [Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

Pal wrote: > On 12/21/2014 07:50 PM, Fraser Tweedale wrote: > >> On Sun, Dec 21, 2014 at 09:03:17AM +0300, Ben .T.George wrote: >> >>> Hi List >>> >>> how can i configure solaris 10 sparc and x86 as ipa clients. >>> >>> Regards

Re: [Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

working fine. bcoz i tested by adding linux(centos) as IPA client by using client ass ipa commands. Regards, Ben On Sun, Jan 4, 2015 at 7:11 PM, Dmitri Pal wrote: > On 01/04/2015 02:10 AM, Ben .T.George wrote: > > HI > > This is i am struggling to get this working on Solaris x

Re: [Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

Guide/Configuring_an_IPA_Client_on_Solaris.html http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html Regards,Ben On Mon, Jan 5, 2015 at 12:34 AM, Dmitri Pal wrote: > On 01/04/2015 01:19 PM, Ben .T.George wrote: > > > HI > > Thanks for

Re: [Freeipa-users] Integration with Solaris 10

HI sorry that was a misunderstand happened from his side, actually i was strugglling to set it up for solaris \ regards, ben On Mon, Jan 5, 2015 at 11:51 AM, Petr Spacek wrote: > On 2.1.2015 22:11, Dmitri Pal wrote: > > Would you mind creating a wiki page with the solution on the wiki? > May

Re: [Freeipa-users] Integration with Solaris 10

with@domain, it's not working. Regards, Ben On Mon, Jan 5, 2015 at 5:59 PM, Rob Crittenden wrote: > Ben .T.George wrote: > > HI > > > > sorry that was a misunderstand happened from his side, actually i was > > strugglling to set it up for solaris \ > > We sim

Re: [Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

platforms. thanks & Regards, Ben On Mon, Jan 5, 2015 at 6:54 PM, Dmitri Pal wrote: > On 01/05/2015 10:51 AM, Dmitri Pal wrote: > > On 01/04/2015 10:30 PM, Ben .T.George wrote: > > HI > > yes you are right. Linux clients working and IPA is in trust > relationship

[Freeipa-users] How to check IPA <--> AD trust from command line

Hi LIst, how to check IPA <-> Active directory trust relationship . i just want to confirm my ipa server is working fine. Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on t

Re: [Freeipa-users] how can i configure solaris 10 sparc and x86 as ipa clients

HI IRC is like totally dead. i have waited one whole day to anyone responding. not even to my replay. i didn't see any messages at all. Regards, Ben On Mon, Jan 5, 2015 at 11:49 PM, Dmitri Pal wrote: > On 01/05/2015 01:31 PM, Ben .T.George wrote: > > HI > > Thanks for t

Re: [Freeipa-users] How to check IPA <--> AD trust from command line

Tue, Jan 6, 2015 at 6:41 PM, Sumit Bose wrote: > On Tue, Jan 06, 2015 at 07:19:15AM -0700, Rich Megginson wrote: > > On 01/05/2015 08:35 PM, Ben .T.George wrote: > > > > > >Hi LIst, > > > > > >how to check IPA <-> Active directory trust relati

Re: [Freeipa-users] How to check IPA <--> AD trust from command line

bis01 ~]# id adm-ben.george id: adm-ben.george: no such user Regards, Ben On Tue, Jan 6, 2015 at 8:03 PM, Sumit Bose wrote: > On Tue, Jan 06, 2015 at 07:52:20PM +0300, Ben .T.George wrote: > > Hi > > > > I Tried on IPA server and below is my output: > > > > [r

Re: [Freeipa-users] How to check IPA <--> AD trust from command line

(ad_admins),1198400513(domain us...@kwttestdc.com) i was trying the kinit command on solaris . -C key is not there Thanks & Regards, Ben On Tue, Jan 6, 2015 at 8:18 PM, Sumit Bose wrote: > On Tue, Jan 06, 2015 at 08:13:17PM +0300, Ben .T.George wrote: > > HI > > > &

[Freeipa-users] ipa host-add and service add command to add solaris 10

HI i was trying to ass solaris 10 client from command line. Host add comand went successfully and service add for /host is giving error. please check below output and help me to solve this [root@kwtpocpbis01 ~]# ipa host-add --force --ip-address=172.16.107.107 kwttestsolaris10.solipa.local -

Re: [Freeipa-users] ipa host-add and service add command to add solaris 10

, 2015 at 11:35 PM, Rob Crittenden wrote: > Ben .T.George wrote: > > > > HI > > > > i was trying to ass solaris 10 client from command line. Host add comand > > went successfully and service add for /host is giving error. > > > > please check below o

[Freeipa-users] clarification regarding krb5.conf file

Hi List correct me if i am wrong. currently my client krb5.conf holding AD details. and my client is Solaris here is my file. bash-3.2# more /etc/krb5/krb5.conf [libdefaults] default_realm = KWTTESTDC.COM [realms] KWTTESTDC.COM = { kdc = kwttestdc001.kwttestdc.com:88 admin_server = kwttestdc00

Re: [Freeipa-users] clarification regarding krb5.conf file

(client) : kwttestsolaris10.solipa.local Active Directory: kwttestdc001.kwttestdc.com Regards, Ben On Wed, Jan 7, 2015 at 2:11 PM, Ben .T.George wrote: > Hi List > > correct me if i am wrong. > > currently my client krb5.conf holding AD details. and my client is Solaris > > here

[Freeipa-users] ipa group-add-member failed

HI i am getting below error. please anyone tell me what does it mean [root@kwttstfreipa01 ~]# ipa group-add-member ad_admins_external --external 'KWTTESTDC\Domain Admins' [member user]: [member group]: Group name: ad_admins_external Description: kwttestdc.com admins external map Failed memb

Re: [Freeipa-users] ipa group-add-member failed

t is correct or not.? Regards, Ben On Mon, Mar 2, 2015 at 10:10 PM, Alexander Bokovoy wrote: > On Mon, 02 Mar 2015, Ben .T.George wrote: > >> HI >> >> i am getting below error. please anyone tell me what does it mean >> >> [root@kwttstfreipa01 ~]# ip

Re: [Freeipa-users] ipa group-add-member failed

on, Mar 2, 2015 at 11:11 PM, Alexander Bokovoy wrote: > On Mon, 02 Mar 2015, Ben .T.George wrote: > >> HI >> >> trust was successful >> >> ipa trust-add --type=ad *ad_domain* --admin Administrator --password >> >> and i g

[Freeipa-users] how can i avoid error :ipa: ERROR: AD domain controller complains about communication sequence. It may mean unsynchronized time on both sides

HI i am getting below error while trying* ipa trust-fetch-domains kwttestdc.com * ipa: ERROR: AD domain controller complains about communication sequence. It may mean unsynchronized time on both sides time is synced through ntpd and there is no time difference between ad a

Re: [Freeipa-users] ipa group-add-member failed

ERVER: 172.16.104.231#53(172.16.104.231)* *;; WHEN: Tue Mar 03 13:28:43 AST 2015* *;; MSG SIZE rcvd: 115* and there is no replica server too Regards, Ben On Mon, Mar 2, 2015 at 11:27 PM, Alexander Bokovoy wrote: > On Mon, 02 Mar 2015, Ben .T.George wrote: > >> Hi please find below o

Re: [Freeipa-users] ipa group-add-member failed

pache/2.4.6 (CentOS) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations [Tue Mar 03 13:03:02.722971 2015] [core:notice] [pid 6259] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Tue Mar 03 13:03:04.176015 2015] [:er

[Freeipa-users] how can i fix ipa: ERROR: AD DC was unable to reach any IPA domain controller

HI i have re-installed IPA with latest 4.1 version. installed packages by using https://copr.fedoraproject.org/coprs/mkosek/freeipa/ repos # ipa-server-install went successfully without any error an it says the same on log files *[root@kwtpocpbis01 ~]# kinit admin* *Password for admin@SOLIPA.LO

Re: [Freeipa-users] how can i fix ipa: ERROR: AD DC was unable to reach any IPA domain controller

t;http://kwttestdc.com>"* *ipa: ERROR: AD domain controller complains about communication sequence. It may mean unsynchronized time on both sides, for example* This is the the same story happend with IPA 3.3 before Regards, Ben On Wed, Mar 4, 2015 at 9:06 AM, Ben .T.George wrote: > H

Re: [Freeipa-users] how can i fix ipa: ERROR: AD DC was unable to reach any IPA domain controller

kwtpocpbis01.solipa.local.42261: Flags [.], ack 1466, win 509, options [nop,nop,TS val 248822692 ecr 6919607], length 0* *10:21:38.722735 IP kwttestdc001.kwttestdc.com.microsoft-ds > kwtpocpbis01.solipa.local.42261: Flags [R.], seq 1395, ack 1466, win 0, length 0* On Wed, Mar 4, 2015 at

Re: [Freeipa-users] how can i fix ipa: ERROR: AD DC was unable to reach any IPA domain controller

3.3 , Redhat 7 + IPA 4.1 or Redhat6.6 + IPA 4.1 On Wed, Mar 4, 2015 at 11:31 AM, Ben .T.George wrote: > Hi i have done tcpdump against AD ip > > *10:21:34.033939 IP kwtpocpbis01.solipa.local.48731 > > kwttestdc001.kwttestdc.com.domain: 39643+ SRV? _ldap._tcp.solipa.local. &

[Freeipa-users] Trust is successful and getting error while creating groups.

Hi i have re-installed everything . my current versions are Centos 7 with IPA 4.1 i followed this tutorial: http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup when i fetch , it went successful: *[root@kwtpocpbis01 ~]# ipa trustdomain-find "infra.com "* * Domain name: infr

Re: [Freeipa-users] Trust is successful and getting error while creating groups.

.761885 2015] [:error] [pid 2101] ipa: INFO: [jsonserver_kerb] admin@SOLARIS.LOCAL: group_add_member(u'ad_admins_external', ipaexternalmember=(u'ad_netbiosDomain Users',), all=False, raw=False, version=u'2.113', no_members=False): SUCCESS On Thu, Mar 5, 2015 at 8

Re: [Freeipa-users] Trust is successful and getting error while creating groups.

Hi Alexander, can you please give me clue what will be error message "member group: KWTTESTDC\Domain Admins: invalid 'trusted domain object': no trusted domain matched the specified flat name" Regards, Ben On Thu, Mar 5, 2015 at 9:35 AM, Ben .T.George wrote: > HI &g

Re: [Freeipa-users] Trust is successful and getting error while creating groups.

98-512, S-1-5-21-191287045-4012216658-3592112898-513* *-* *Number of members added 1* how can i fetch AD user on command line on IPA server to check the communication? Regards Ben On Thu, Mar 5, 2015 at 10:05 AM, Alexander Bokovoy wrote: > On Thu, 05 Mar 2015, Ben .T.George

[Freeipa-users] how can i configure solaris10 as freeIPA 4.1.2 client

Hi list i have working IPA server were AD users can login to IPA server how can i configure solaris 10 as IPA 4.1.2 client.? i saw many tutorials in IPA domain and got confused . Which one i need to follow currently i am trying with X86 version of solaris and later i need to try on SPARC based.

[Freeipa-users] IPA web ui always giving "Your session has expired. Please re-login."

HI i have free IPA 4.1.2 installed. my web ui always giving "Your session has expired. Please re-login." even i tried from different computer.different browsers.. how can i fix this.? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-users] IPA web ui always giving "Your session has expired. Please re-login."

: RUNNING smb Service: RUNNING winbind Service: RUNNING ipa-otpd Service: RUNNING ipa-dnskeysyncd Service: RUNNING ipa: INFO: The ipactl command was successful On Sun, Mar 8, 2015 at 10:54 AM, Ben .T.George wrote: > HI > > i have free IPA 4.1.2 installed. > > my web ui always givin

Re: [Freeipa-users] IPA web ui always giving "Your session has expired. Please re-login."

ed (, Unknown error), referer: https://kwtpocpbis01.solaris.local/ipa/ui/ On Sun, Mar 8, 2015 at 12:48 PM, Ben .T.George wrote: > Hi i checked the services and below is my output > > [root@kwtpocpbis01 ipa_memcached]# ps -ef | grep ipa_memcached > apache2079

Re: [Freeipa-users] IPA web ui always giving "Your session has expired. Please re-login."

e184cecb42f2e326391dbb09443d start_timestamp=2015-03-08T13:16:29 access_timestamp=2015-03-08T13:16:29 expiration_timestamp=1970-01-01T03:00:00 [Sun Mar 08 13:16:29.922191 2015] [:error] [pid 3003] ipa: DEBUG: no ccache, need login [Sun Mar 08 13:16:29.922265 2015] [:error] [pid 3003] ipa: DEBUG: jso

Re: [Freeipa-users] IPA web ui always giving "Your session has expired. Please re-login."

i was inspecting the page and got below response. http://s21.postimg.org/itv5hf0h3/asdasd.jpg http://s3.postimg.org/f6knomt1f/Capture.jpg please anyone help me to solve this issue. i just want to create one local user in IPA On Sun, Mar 8, 2015 at 1:17 PM, Ben .T.George wrote: > I enab

Re: [Freeipa-users] IPA web ui always giving "Your session has expired. Please re-login."

in /var/log/audit/audit.log preveting Apache from > looking up > the session data? > > Thanks, > Martin > > On 03/08/2015 11:44 AM, Ben .T.George wrote: > > i was inspecting the page and got below response. > > > > http://s21.postimg.org/itv5hf0h3/asdasd.

Re: [Freeipa-users] IPA web ui always giving "Your session has expired. Please re-login."

anks for information. I would still love to know the real root > cause, but > we will now find it now I assume. > > Of this issue re-appears, let us know :-) > > Thanks, > Martin > > On 03/09/2015 09:10 AM, Ben .T.George wrote: > > Hi Martin, > > > > thanks for you

[Freeipa-users] how can i create home directories automatically on solaris while IPA user login

HI i can able to reach upto level that IPA user can able to login on solaris box, but how can i create home directories automatically on solaris while IPA user login. even i change the shell in IPA web interface that is getting affected. i saw some option in IPA 3.3 web interface like automount

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

questions related to that. now i am little bit confident up to this level. and if everything is working fine, i will try to create automated script for IPA join Regards, Ben On Wed, Mar 11, 2015 at 7:32 PM, Dmitri Pal wrote: > On 03/11/2015 09:50 AM, Ben .T.George wrote: > > HI > >

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

sting wiki :) as there are many solaris related documents which is pretty old. anyway still waiting for rply Regards, Ben On Wed, Mar 11, 2015 at 8:49 PM, Dmitri Pal wrote: > On 03/11/2015 01:18 PM, Ben .T.George wrote: > > HI > > thanks for the rply. > > even i tried na

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

but's not authenticate with AD, IPA user can login on solaris box On Wed, Mar 11, 2015 at 9:11 PM, Dmitri Pal wrote: > On 03/11/2015 01:56 PM, Ben .T.George wrote: > > HI > > yea , i saw that mail thread and he claims that he achieved somehow. but > not clear. > > an

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

b Crittenden > wrote: > >> Ben .T.George wrote: >> > HI >> > >> > thanks for the rply. >> > >> > even i tried native auto_master file with directory checking script. if >> > i feed the user manually to the script, the directory is creating

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

the /etc/auto_master file so the "mkhomedir" script runs > at login > /home /usr/local/adm/mkhomedir > > Remove original /home/ directories > rm -rf /home/* > > Restart autofs so the change takes effect > svcadm restart autofs > > Make sure you change you

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

: > > Hello, > > Is there any chance you can help this guy on the FreeIPA list? > > Thanks > Dmitri > > > Original Message ---- Subject: Re: [Freeipa-users] how can > i create home directories automatically on solaris while IPA user login Date: > Wed, 11 Ma

[Freeipa-users] solaris to free IPA user issue

HI i am using free ipa 4.1.2 on centos 7. from root user, i can able to switch to IPA user : "su ben" but from any other user if i try that, it's asking for password. if i gave the correct passord also, its not accepting .This is what i am getting bash-3.2$ su jude Password: su: Sorry and on l

[Freeipa-users] solaris 10 ad authentication happening with only one user

Hi LIst, i have successfully configured my solaris 10 with AD through IPA 4.1.2 the issue i am facing is,only one AD user can able to solaris here is the getent passwd: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: *b...@infra.com:x:531001104:531001104:ben:/home/infra.com/ben

Re: [Freeipa-users] solaris 10 ad authentication happening with only one user

HI the user Ben is from Ad, how can i assign shell to that user.? Regards, Ben On Sun, Mar 15, 2015 at 7:14 PM, Gianluca Cecchi wrote: > > Il 15/Mar/2015 11:04 "Ben .T.George" ha scritto: > > > > > here is the getent passwd: > > > > > > nob

[Freeipa-users] Only one AD user can able to login to IPA server

HI List i was following this link : http://www.freeipa.org/page/Active_Directory_trust_setup#Assumptions to setup IPA server my IPA version is 4.1.2 every setps in this tutorials was passed without any error even "*Allow access for users from AD domain to protected resources*" went successfully

Re: [Freeipa-users] Only one AD user can able to login to IPA server

5840]: Accepted password for b...@infra.com from 10.18.2.130 port 64782 ssh2 Mar 17 12:44:59 kwtpocpbis01 sshd[15840]: pam_unix(sshd:session): session opened for user b...@infra.com by (uid=0) On Tue, Mar 17, 2015 at 12:09 PM, Jakub Hrozek wrote: > On Tue, Mar 17, 2015 at 11:37:24AM +0300,

Re: [Freeipa-users] Only one AD user can able to login to IPA server

;user' 'ipa_session_cookie:admin@SOLARIS.LOCAL' ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=35095713 ipa: DEBUG: stderr= ipa: DEBUG: Starting external process ipa: DEBUG: args='keyctl' 'search' '@s' 'user' 'ipa_session_coo

Re: [Freeipa-users] Only one AD user can able to login to IPA server

okie 'ipa_session=cf8484a2b0ee0f8f3fe2cac8c6ad7570; Domain=kwtpocpbis01.solaris.local; Path=/ipa; Expires=Tue, 17 Mar 2015 10:27:04 GMT; Secure; HttpOnly' for principal admin@SOLARIS.LOCAL ipa: DEBUG: Starting external process ipa: DEBUG: args='keyctl' 'search' '

Re: [Freeipa-users] Only one AD user can able to login to IPA server

replied to ping On Tue, Mar 17, 2015 at 1:27 PM, Jakub Hrozek wrote: > On Tue, Mar 17, 2015 at 12:57:27PM +0300, Ben .T.George wrote: > > HI > > > > i have enabled debug > > > > here is my sssd.conf > > > > [root@kwtpocpbis01 ~]# cat

Re: [Freeipa-users] Only one AD user can able to login to IPA server

17 14:33:30 2015) [sssd[be[solaris.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext] (Tue Mar 17 14:33:30 2015) [sssd[be[solaris.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN] (Tue Mar 17 14:33:30 2015) [sssd[be[solaris.local]]] [sdap_get_

Re: [Freeipa-users] Only one AD user can able to login to IPA server

wrote: > On Tue, Mar 17, 2015 at 02:38:41PM +0300, Ben .T.George wrote: > > here is separated logs: > > > > tail -f sssd_solaris.local.log > > Thank you, see inline: > > > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_get_tgt_recv] > > (0x0400): Ch

  1   2   >