[Freeipa-users] Patch for ipa-sam: ipa-server-trust-ad samba server valid users =@groupname

2014-03-06 Thread Jason Woods
Hi all, I am quite aware that installing ipa-server-trust-ad and using the samba as a file server is as unsupported as one can get... but I really needed a Samba server integrated with IPA (damn Mac OS and Windows). I don't actually have a Windows environment but this seemed to bootstrap

Re: [Freeipa-users] Patch for ipa-sam: ipa-server-trust-ad samba server valid users =@groupname

2014-03-07 Thread Jason Woods
Hi, On 6.3.2014 23:06, Alexander Bokovoy wrote: For the record, it is ipa-adtrust-install --add-sids and the task is called sidgen task. Absolutely. Sorry for the confusion - too late and swimming in the code had me mix up the terminology :-) All sorted for the bugzilla ticket. On 6.3.2014

Re: [Freeipa-users] Another patch for ipa-sam: Excessive LDAP calls by ipa-sam during file operations

2014-03-09 Thread Jason Woods
Hi, On 9 Mar 2014, at 19.22, Alexander Bokovoy aboko...@redhat.com wrote: Good. I'll take that bug and will review your patch in my queue. It will, perhaps, take some time as I have some load with stabilization work for 3.3.x. Thanks. Anyway, you are correct that we need a service principal

[Freeipa-users] Mountain Lion GUI Login (Expired passwords / Mavericks too)

2014-03-13 Thread Jason Woods
Hi all, This has been raised previously, here: https://www.redhat.com/archives/freeipa-users/2013-August/msg00043.html I'm experiencing the same issue and I will summarise. Mac OS X (Mavericks in my case, but it was the same before I upgraded it from Mountain Lion.) Using RHEL 6.5 and ipa

Re: [Freeipa-users] Mountain Lion GUI Login (Expired passwords / Mavericks too)

2014-03-13 Thread Jason Woods
Hi I don't have OS X, but every time I create a new test user on linux and log in to test it, I get bit by the fact that the passwd change always asks for the existing password first, before asking for the new password. So I have to enter the original password once to login, once to make

Re: [Freeipa-users] authenticate samba 3 or 4 with freeipa: building ipasam.so on Ubuntu

2014-03-28 Thread Jason Woods
Hi (Apologies - resending to the list - I'm so used to the Reply-To already set but it appears not to be here my bad.) On 28 Mar 2014, at 11:32, Petr Spacek pspa...@redhat.com wrote: Please let us know if it worked for you or not. I'm curious! :-) I'm pretty curious too. I have RHEL 6.5

[Freeipa-users] Lost access after password policy change

2014-09-15 Thread Jason Woods
Hi all, I wonder if anyone has any advice. We changed password policy to 2 days a few weeks ago. Over the weekend, passwords expired and now we cannot login. All admin accounts are essentially unusable. Seems to be this issue: https://fedorahosted.org/freeipa/ticket/3312 Any ideas how to

Re: [Freeipa-users] Lost access after password policy change

2014-09-15 Thread Jason Woods
On 15 Sep 2014, at 14.48, Jason Woods de...@jasonwoods.me.uk wrote: I wonder if anyone has any advice. We changed password policy to 2 days a few weeks ago. Over the weekend, passwords expired and now we cannot login. All admin accounts are essentially unusable. Seems

[Freeipa-users] ipa-server-4.1.0 ipasam performance issue / strange behaviour

2015-06-30 Thread Jason Woods
attributes can mess with OR queries. But I can’t understand why it would only affect the GSSAPI authenticated user. Regards, Jason Woods signature.asc Description: Message signed with OpenPGP using GPGMail -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com

Re: [Freeipa-users] ipa-server-4.1.0 ipasam performance issue / strange behaviour

2015-06-30 Thread Jason Woods
)(objectClass=posixAccount))) The following returns one result: ((gidNumber=543800010)(objectClass=ipaNTGroupAttrs)) My understanding would be if it were permissions, both would return nothing. I’ve even tried the uidNumber part with a valid uid and it does actually return something. Thanks, Jason