[Freeipa-users] issues with nfs4 privileges.

2014-06-20 Thread Rob Verduijn
Hello, I'm a bit at loss with my freeipa kerberized nfs4 shares. the nfs4 shares mount fine and users can read and write their files. However pulse audio does not work properly, and some programs fail to start. When logging in with a local account using a local homedrive pulseaudio works, and

Re: [Freeipa-users] issues with nfs4 privileges.

2014-06-20 Thread Rob Verduijn
Hi Simo, Thanx for the quick answer, i will consider the root implications. However, what about pulse audio not working ? The logs complain about that one not beeing able to write in home as well. Rob 2014-06-20 18:27 GMT+02:00 Simo Sorce s...@redhat.com: On Fri, 2014-06-20 at 18:02 +0200, Rob

Re: [Freeipa-users] issues with nfs4 privileges.

2014-06-20 Thread Rob Verduijn
...@redhat.com: On Fri, 2014-06-20 at 18:57 +0200, Rob Verduijn wrote: Hi Simo, Thanx for the quick answer, i will consider the root implications. However, what about pulse audio not working ? The logs complain about that one not beeing able to write in home as well. Is it running as the pulse user

Re: [Freeipa-users] issues with nfs4 privileges.

2014-06-20 Thread Rob Verduijn
Considering the root immplications. Handing out root to all nfs clients is indeed something that is undesirable. However personally I believe manually creating homedirs to be a procedure from the previous millenium. Can I get freeipa to do this automatically the right way ? (respecting security)

Re: [Freeipa-users] Having difficulty installing on Fedora 20

2014-06-24 Thread Rob Verduijn
err http://www.freeipa.org/docs/master/html-desktop/index.html#Preparing_for_an_IPA_Installation ofcourse Rob 2014-06-24 21:12 GMT+02:00 Rob Verduijn rob.verdu...@gmail.com: I saw this in your log : snip Global DNS configuration in LDAP server is empty You can use 'dnsconfig-mod' command

Re: [Freeipa-users] Having difficulty installing on Fedora 20

2014-06-24 Thread Rob Verduijn
I saw this in your log : snip Global DNS configuration in LDAP server is empty You can use 'dnsconfig-mod' command to set global DNS options that would override settings in local named.conf files snip Did you install bind and bind-dyndb-ldap ?

[Freeipa-users] GSSAPIDelegateCredentials yes

2014-07-05 Thread Rob Verduijn
Hello, I've set up host that mounts a kerberized nfs4 homedrive. This all works fine, however when logging in remotely with a user using ssh the kerberos ticket is not set for that user. This requires either manually doing kinit or setting the GSSAPIDelegateCredentials yes in either .ssh config

Re: [Freeipa-users] GSSAPIDelegateCredentials yes

2014-07-14 Thread Rob Verduijn
: On Sat, 2014-07-05 at 15:01 +0200, Rob Verduijn wrote: Hello, I've set up host that mounts a kerberized nfs4 homedrive. This all works fine, however when logging in remotely with a user using ssh the kerberos ticket is not set for that user. This requires either manually doing kinit

[Freeipa-users] sudo without the !authenticate

2014-09-01 Thread Rob Verduijn
Hello, I've a freeipa running on fedora 20 with fedora 20 clients. When I configure sudo with the !authenticate option, everything works fine. ie 'sudo journalctl' works fine, you get to see the logs However when I remove the !authenticate option the sudo command asks for a password but it

Re: [Freeipa-users] sudo without the !authenticate

2014-09-01 Thread Rob Verduijn
2014-09-01 18:47 GMT+02:00 Dmitri Pal d...@redhat.com: On 09/01/2014 06:17 PM, Rob Verduijn wrote: Hello, I've a freeipa running on fedora 20 with fedora 20 clients. When I configure sudo with the !authenticate option, everything works fine. ie 'sudo journalctl' works fine, you get

[Freeipa-users] apache kerberized nfs4 /var/www/html access denied for apache user

2014-09-15 Thread Rob Verduijn
Hello, I've got a webserver whose default export is on a kerberized nfs4 export. The export works fine for regular ipa users However the apache user is not allowed to read anything from the export. What would be the best practice to allow the apache user access to the nfs4 export without

Re: [Freeipa-users] apache kerberized nfs4 /var/www/html access denied for apache user

2014-09-17 Thread Rob Verduijn
but that's a bit off topic) Rob Verduijn -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] apache kerberized nfs4 /var/www/html access denied for apache user

2014-09-20 Thread Rob Verduijn
cred_usage = initiate allow_any_uid = yes trusted = yes euid = 0 2014-09-17 9:15 GMT+02:00 Rob Verduijn rob.verdu...@gmail.com: 2014-09-16 20:57 GMT+02:00 Nordgren, Bryce L -FS bnordg...@fs.fed.us: Also opened https://fedorahosted.org/freeipa/ticket/4544 Tried to summarize

Re: [Freeipa-users] apache kerberized nfs4 /var/www/html access denied for apache user

2014-09-20 Thread Rob Verduijn
allow_any_uid = no trusted = yes euid = 48 2014-09-20 18:15 GMT+02:00 Simo Sorce s...@redhat.com: On Sat, 20 Sep 2014 16:53:48 +0200 Rob Verduijn rob.verdu...@gmail.com wrote: Hello all, I've managed to get the gssproxy to work on my installation. I can now mount my apache document

[Freeipa-users] dns stops working after upgrade

2014-10-25 Thread Rob Verduijn
Hello all, I'm running freeipa 3.3.0 on fedora 20 x86_65 and it is set up as my main dns server. I've tried the upgrade to 4.1 using the copr repositorie. I performed the following steps: 1 apply latest fedora updates 2 shutdown system 3 create a snapshot from the freeipa vm as a backup (which

Re: [Freeipa-users] dns stops working after upgrade

2014-10-26 Thread Rob Verduijn
) -- john 2014-10-25 16:40 GMT+02:00 Rob Verduijn rob.verdu...@gmail.com: Hello all, I'm running freeipa 3.3.0 on fedora 20 x86_65 and it is set up as my main dns server. I've tried the upgrade to 4.1 using the copr repositorie. I performed the following steps: 1 apply latest fedora

Re: [Freeipa-users] dns stops working after upgrade

2014-10-27 Thread Rob Verduijn
: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-X-X.socket': 2014-10-26 21:38 GMT+01:00 Rob Crittenden rcrit...@redhat.com: Rob Verduijn wrote: h after some more digging (monitoring the upgrade more closely.) I saw that the upgrade kept waiting for the ca to start, which

Re: [Freeipa-users] dns stops working after upgrade

2014-10-27 Thread Rob Verduijn
zone does no longer resolve :( reverting back to the 3.3 snapshot again :( Please help Rob 2014-10-26 21:38 GMT+01:00 Rob Crittenden rcrit...@redhat.com: Rob Verduijn wrote: h after some more digging (monitoring the upgrade more closely.) I saw that the upgrade kept waiting

Re: [Freeipa-users] dns stops working after upgrade

2014-10-27 Thread Rob Verduijn
certificate renewal configuration to version 2] [Enable PKIX certificate path discovery and validation] PKIX already enabled The ipa-upgradeconfig command was successful Any ideas ? I'm rather stuck now. Rob 2014-10-27 22:59 GMT+01:00 Rob Verduijn rob.verdu...@gmail.com: Hello, I'm rather

Re: [Freeipa-users] dns stops working after upgrade

2014-10-28 Thread Rob Verduijn
'ipa' loaded (0 zones defined, 0 inactive, 0 failed to load) It claims 0 zones loaded but I can see my forward and reverse zones in ipa what could cause it not to load the zones that I defined in ipa ? Rob 2014-10-27 23:05 GMT+01:00 Rob Verduijn rob.verdu...@gmail.com: sorry for the xml

Re: [Freeipa-users] dns stops working after upgrade

2014-10-28 Thread Rob Verduijn
before the update its 4.5-1.fc20.x86_64.rpm from fedora 20 updates repo after the update its 6.0-5.fc20.x86_64.rpm from copr repo Regards Rob 2014-10-28 17:58 GMT+01:00 Martin Basti mba...@redhat.com: On 28/10/14 16:10, Rob Verduijn wrote: Hello all, I've been digging into my problem

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Rob Verduijn
Hello, I've checked and I see a lot of objects representing my dns entries. Still I get no answers if i try to resolve any of them :( Rob 2014-10-29 13:28 GMT+01:00 Petr Spacek pspa...@redhat.com: On 28.10.2014 18:42, Rob Verduijn wrote: before the update its 4.5-1.fc20.x86_64.rpm from

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Rob Verduijn
really started to appreciate snapshots with this upgrade :-) Rob 2014-10-29 14:50 GMT+01:00 Petr Spacek pspa...@redhat.com: On 29.10.2014 14:32, Rob Verduijn wrote: I've checked and I see a lot of objects representing my dns entries. Still I get no answers if i try to resolve any of them

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Rob Verduijn
can pinpoint what goes wrong with the update script if you like. Rob 2014-10-29 16:13 GMT+01:00 Martin Basti mba...@redhat.com: On 29/10/14 15:56, Martin Basti wrote: On 29/10/14 15:46, Rob Verduijn wrote: You're right duh I should read more carefully and not try to do to many things

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Rob Verduijn
Hello again, I jumped to early. # ipa-ldap-updater /usr/share/ipa/updates/55-pbacmemberof.update didn't work but ipa-ldap-updater fixes the problem for me. Rob 2014-10-29 16:55 GMT+01:00 Martin Basti mba...@redhat.com: On 29/10/14 16:46, Rob Verduijn wrote: Hello, # ipa-ldap-updater

Re: [Freeipa-users] dns stops working after upgrade

2014-10-29 Thread Rob Verduijn
-updater /usr/share/ipa/updates/55-pbacmemberof.update didn't fix it ipa-ldap-updater did fix the 'access control instructions' and my internal dns zones started to resolv again :-) Cheers Rob 2014-10-29 18:14 GMT+01:00 Petr Spacek pspa...@redhat.com: On 29.10.2014 16:46, Rob Verduijn wrote

Re: [Freeipa-users] dns stops working after upgrade

2014-11-04 Thread Rob Verduijn
katello integration, so I got some mixed emotions about it) Any ideas anyone ? Rob 2014-10-29 22:14 GMT+01:00 Rob Verduijn rob.verdu...@gmail.com: Hello, I've tested the update again. The bind-utils conflict is still there when I issue yum update freeipa-server ( as indicated

Re: [Freeipa-users] dns stops working after upgrade

2014-11-04 Thread Rob Verduijn
15:52 GMT+01:00 Petr Spacek pspa...@redhat.com: On 4.11.2014 15:27, Rob Verduijn wrote: Hello again, I've managed to integrate my katello configuration with freeipa. Now I not only use freeipa authentication in katello but also when a host is defined in katello it automagically gets created

Re: [Freeipa-users] dns stops working after upgrade

2014-11-05 Thread Rob Verduijn
: On 4.11.2014 17:15, Rob Verduijn wrote: The problem with 'foreman-prepare-realm' and freeipa was that it claimed that a few o thef permissions required did not exist when it tried to add them to the 'smart proxy host management' privilege. I think it was because the permissions were all in lower case

Re: [Freeipa-users] dns stops working after upgrade

2014-11-05 Thread Rob Verduijn
Petr Spacek pspa...@redhat.com: Hello, Rob V., you did not answered to my question when DNS worked for you last time. Did it work right after reverting the snapshot? Petr^2 Spacek On 5.11.2014 16:09, Rob Verduijn wrote: Hello again, I don't know about foreman upstream, the current

Re: [Freeipa-users] dns stops working after upgrade

2014-11-05 Thread Rob Verduijn
Hello, Yes I noticed the name change it took me a while to realise it was a known ruby bug in katello that caused the real problem. I also checked after I updated the 'katello integrated' update from 3.3.5 to 4.1 and the permissions were neatly renamed to their new counterparts. However the

Re: [Freeipa-users] dns stops working after upgrade

2014-11-05 Thread Rob Verduijn
remove those :P Rob 2014-11-05 16:20 GMT+01:00 Stephen Benjamin step...@redhat.com: On Wed, Nov 05, 2014 at 04:09:18PM +0100, Rob Verduijn wrote: Hello again, I don't know about foreman upstream, the current version that I am using included in the katello installation is 1.6

Re: [Freeipa-users] dns stops working after upgrade

2014-11-05 Thread Rob Verduijn
'Write DNS Configuration' Rob 2014-11-05 16:25 GMT+01:00 Petr Spacek pspa...@redhat.com: On 5.11.2014 16:20, Rob Verduijn wrote: Hello, Yes I noticed the name change it took me a while to realise it was a known ruby bug in katello that caused the real problem. I also checked after I updated

[Freeipa-users] missing package in 4.1.1 repo

2014-11-06 Thread Rob Verduijn
Hi, There is a dependency error in the updated repo. I did a yum clean all then a yum update. I got this error: Error: Package: freeipa-server-4.1.1-1.fc20.x86_64 (mkosek-freeipa) Requires: slapi-nis = 0.54.1-1 Removing: slapi-nis-0.52-1.fc20.x86_64 (@private.updates)

Re: [Freeipa-users] DS failed after upgrade

2014-11-07 Thread Rob Verduijn
Original Message Subject: Re: [Freeipa-users] dns stops working after upgrade Date: Thu, 6 Nov 2014 21:42:55 +0100 From: Rob Verduijn rob.verdu...@gmail.com rob.verdu...@gmail.com To: Martin Basti mba...@redhat.com mba...@redhat.com Hi again, I tried the update to 4.1.1

Re: [Freeipa-users] DNS stops working after upgrade (was DS failed after upgrade)

2014-11-07 Thread Rob Verduijn
failed: Operations error: That's it Rob 2014-11-07 13:56 GMT+01:00 Martin Basti mba...@redhat.com: On 07/11/14 13:52, Rob Verduijn wrote: Hi all, Either I was to worn out last night, or another update has happened. This morning the directory server did start after the update. local dns

Re: [Freeipa-users] DNS stops working after upgrade (was DS failed after upgrade)

2014-11-07 Thread Rob Verduijn
Yup that solved it. Everything looks ok now :-) Thank you for you great effort. Rob 2014-11-07 14:55 GMT+01:00 Martin Basti mba...@redhat.com: On 07/11/14 14:26, Rob Verduijn wrote: Hello, Yes this time there are This section : 2014-11-07T13:10:03Z INFO Updating existing entry: cn

Re: [Freeipa-users] OTP and cached credentials

2015-03-14 Thread Rob Verduijn
For which sssd release is this feature targetted ? Rob Verduijn 2015-03-12 23:26 GMT+01:00 Dmitri Pal d...@redhat.com: On 03/12/2015 04:59 PM, Jakub Hrozek wrote: On 12 Mar 2015, at 21:32, Rob Verduijn rob.verdu...@gmail.com wrote: Hello, I was looking into otp authentication and found

[Freeipa-users] OTP and cached credentials

2015-03-12 Thread Rob Verduijn
used ? Or with a radius proxy ? Rob Verduijn -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] multi-tenancy status

2015-02-24 Thread Rob Verduijn
/Security_Assertion_Markup_Language Cheers Rob 2015-02-24 19:48 GMT+01:00 Dmitri Pal d...@redhat.com: On 02/24/2015 12:34 PM, Rob Verduijn wrote: Hello, I'm interested in setting up ipa with multiple tenancies. However I can only find this document about the subject: http://www.freeipa.org/page/V3

Re: [Freeipa-users] multi-tenancy status

2015-02-24 Thread Rob Verduijn
Thanx, That all sounds very interesting, I've got some reading up to do. I'm going to point this out to some people :-) Rob 2015-02-24 20:55 GMT+01:00 Rob Crittenden rcrit...@redhat.com: Rob Verduijn wrote: Now that sounds like an interesting project :-) besides the following links any

[Freeipa-users] multi-tenancy status

2015-02-24 Thread Rob Verduijn
Hello, I'm interested in setting up ipa with multiple tenancies. However I can only find this document about the subject: http://www.freeipa.org/page/V3/Multitenancy What is the status of the implementation of multiple tenancies. Cheers Rob Verduijn -- Manage your subscription

[Freeipa-users] indirect automount offsets

2015-04-15 Thread Rob Verduijn
Hello, I'm trying to figure out how to use automounts in freeipa with offsets. currently I have this: the default location containing 3 maps auto.direct auto.home auto.master auto.direct is empty auto.home contains: key : * mount information : -rw nfs.example.com:/homes/ auto.master contains

Re: [Freeipa-users] indirect automount offsets

2015-04-16 Thread Rob Verduijn
the privileges in such a way that not everybody requires access to the exports ? Rob Verduijn 2015-04-16 5:36 GMT+02:00 Rob Crittenden rcrit...@redhat.com: Rob Verduijn wrote: Hello, I'm trying to figure out how to use automounts in freeipa with offsets. currently I have this: the default

[Freeipa-users] certificate alert

2015-06-28 Thread Rob Verduijn
Hello, Is there an easy way to get alerts for soon to expire certificates in freeipa ? Because the day you forget to do the checks via the gui or cli is the day you will be regretting. Cheers Rob -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] could anybody give an update on the multitenancy status for freeipa ?

2015-10-30 Thread Rob Verduijn
2015-10-30 20:14 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>: > Rob Verduijn wrote: >> Hello all, >> >> It has been a while since I asked this before. >> >> Multitenancy was put in the freezer back then in favor of this nice project : >> https://

[Freeipa-users] could anybody give an update on the multitenancy status for freeipa ?

2015-10-30 Thread Rob Verduijn
already. Now that ipsilon has reached 1.0.0, is there a change regarding the possibility for multitenancy ? http://www.freeipa.org/page/V3/Multitenancy Cheers Rob Verduijn -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http

Re: [Freeipa-users] service account for ovirt

2015-11-18 Thread Rob Verduijn
2015-11-18 15:51 GMT+01:00 Martin Kosek <mko...@redhat.com>: > On 11/18/2015 08:23 AM, Rob Verduijn wrote: >> Hello all, >> >> I've read a lot regarding service accounts on this mailinglist in the past. >> But it's rather unclear to me what is the current preffe

[Freeipa-users] service account for ovirt

2015-11-18 Thread Rob Verduijn
with this ? Cheers Rob Verduijn -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] service account for ovirt

2015-11-20 Thread Rob Verduijn
gn permissions for them on the vm's # Cheers Rob Verduijn 2015-11-18 20:34 GMT+01:00 Martin Kosek <mko...@redhat.com>: > On 11/18/2015 04:27 PM, Rob Verduijn wrote: >> >> 2015-11-18 15:51 GMT+01:00 Martin Kosek <mko...@redhat.com>: >>> >>> On 11/18/

[Freeipa-users] what is the sudo rule runasuser local user account

2016-02-04 Thread Rob Verduijn
Hello, I've noticed that the sudorule-add-runasuser no longer has en --external option What is the current method to add a local service account to a sud rule list so that users may run sudo as that service account (ie apache or jboss) Cheers Rob Verudijn -- Manage your subscription for the

Re: [Freeipa-users] what is the sudo rule runasuser local user account

2016-02-04 Thread Rob Verduijn
On Centos7.2 all patches applied I used the command: ipa-client-install --enable-dns-updates Rob 2016-02-04 16:45 GMT+01:00 Jakub Hrozek <jhro...@redhat.com>: > On Thu, Feb 04, 2016 at 03:52:25PM +0100, Rob Verduijn wrote: >> Hello, >> >> I've noticed that the sudor

Re: [Freeipa-users] what is the sudo rule runasuser local user account

2016-02-04 Thread Rob Verduijn
That does seem to work for me as well, however I can only add the external user via the web-gui Any idea how to do this with the command line tools ? Rob Verduijn 2016-02-04 17:00 GMT+01:00 Baird, Josh <jba...@follett.com>: > Actually, I use local (external) users in my sudo rules i

Re: [Freeipa-users] what is the sudo rule runasuser local user account

2016-02-04 Thread Rob Verduijn
hi all, I tried and figured it out.. ipa sudorule-add-runasuser --users= Is the command syntax I was looking for. I guess that if the --users isn't an ipa user it is automatically flagged as an external user. Cheers Rob Verduijn 2016-02-04 17:33 GMT+01:00 Jakub Hrozek <jhro...@redhat.

[Freeipa-users] ipa replica is ad trust controller but refuses ad users

2016-01-28 Thread Rob Verduijn
ad-authentication ? Rob Verduijn -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa replica is ad trust controller but refuses ad users

2016-01-28 Thread Rob Verduijn
Verduijn 2016-01-28 13:26 GMT+01:00 Rob Verduijn <rob.verdu...@gmail.com>: > Hello, > > I've set up an ipa-server with an one way trust to a windows 2012r2 > controller. > All works on this server. > I can login with ad accounts on this server. > > I added an ipa repl

Re: [Freeipa-users] multimaster ad one way trust setup

2016-01-25 Thread Rob Verduijn
Cool Thanx Rob Verduijn 2016-01-25 12:59 GMT+01:00 Alexander Bokovoy <aboko...@redhat.com>: > On Mon, 25 Jan 2016, Rob Verduijn wrote: >> >> Since the first option has less impact, that one sounds the most >> interesting. >> However, does this also remain fun

[Freeipa-users] Default shell for AD-domain accounts

2016-01-24 Thread Rob Verduijn
/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/ex.sssd-ad-posix.html How do I define a new default shell for all ms-AD accounts in ipa ? Cheers Rob Verduijn -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org

Re: [Freeipa-users] Default shell for AD-domain accounts

2016-01-24 Thread Rob Verduijn
? Cheers Rob Verduijn 2016-01-24 15:40 GMT+01:00 Alexander Bokovoy <aboko...@redhat.com>: > On Sun, 24 Jan 2016, Rob Verduijn wrote: >> >> Hello, >> >> I'm trying to get an ipa server to trust a microsoft AD-domain. >> >> So far I've managed to get the tr

Re: [Freeipa-users] Default shell for AD-domain accounts

2016-01-25 Thread Rob Verduijn
+short -t SRV _kerberos._tcp.dc._msdcs.ad.example.com. This gives a response I also validated the trust on the AD side, I'm not sure this is needed. After doing this I can issue the command : 'id AD.DOMAIN\\ADUSER' and I get a response telling me the uid/gid/ad-id/ad-group etc. Rob Verduijn

[Freeipa-users] multimaster ad one way trust setup

2016-01-25 Thread Rob Verduijn
Hi all, When you have an ipa 4.2 server with an one way trust to the ad. What steps are needed to install a second ipa master that also has a one way trust to the ad ? Rob Verduijn -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-users] multimaster ad one way trust setup

2016-01-25 Thread Rob Verduijn
Since the first option has less impact, that one sounds the most interesting. However, does this also remain functional when the first ipa server is taken offline ? Rob Verduijn 2016-01-25 12:41 GMT+01:00 Alexander Bokovoy <aboko...@redhat.com>: > On Mon, 25 Jan 2016, Rob Verdu

Re: [Freeipa-users] Default shell for AD-domain accounts

2016-01-24 Thread Rob Verduijn
. This is required I guess on all ipa-clients that AD-accounts get access to. And now all users seem to get the /bin/bash that can be set in the AD-user attribute loginShell ( glad to see the keep their camel case in sync everywhere in the AD ) Thanks for thinking along on this one. Rob Verduijn 2016-01

Re: [Freeipa-users] FreeIPA and samba 4

2016-03-10 Thread Rob Verduijn
Howdy, out of curiousity any targetted release for UPN ? Cheers Rob 2016-03-10 15:15 GMT+01:00 Petr Spacek : > On 10.3.2016 13:34, Giulio Casella wrote: >> I've seen that howto, but it's not my case. I cannot establish a trust >> between >> IPA and AD, because AD

Re: [Freeipa-users] get freeipa to update ad users and groups more often

2016-05-04 Thread Rob Verduijn
This goes especially for ad groups that are bested in ipa_groups ie : microsft group is defined as an external group, and that external group is member of an ipa group and that ipa group takes forever. Regards Rob Verduijn 2016-05-04 16:10 GMT+02:00 Rob Verduijn <rob.verdu...@gmail.

Re: [Freeipa-users] get freeipa to update ad users and groups more often

2016-05-04 Thread Rob Verduijn
of including ad_linux_administrators (ipa group) and 'linux administrat...@ad-domain.com' getent group ad_linux_administrators only shows the group ad, no members, these pop up after a very long time getent group 'linux administrat...@ad-domain.com' imediatly show all members weird Rob Verduijn

[Freeipa-users] get freeipa to update ad users and groups more often

2016-05-04 Thread Rob Verduijn
for a couple hours, and also I do not like to clean up the sssd cache folder each time a new user appears. Is there a way to tell ipa and all clients to refresh their cache ? Regards Rob Verduijn -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman

Re: [Freeipa-users] get freeipa to update ad users and groups more often

2016-05-04 Thread Rob Verduijn
sssd-ad-1.13.0-40.el7_2.2.x86_64 Cheers Rob Verduijn 2016-05-04 18:06 GMT+02:00 Jakub Hrozek <jhro...@redhat.com>: > On Wed, May 04, 2016 at 05:00:50PM +0200, Rob Verduijn wrote: >> to make sure I did the following on the ipa host >> >> systemctl stop sssd.servi

Re: [Freeipa-users] ipa client deletes dns record from ipa domain

2016-05-02 Thread Rob Verduijn
debug logging from sssd is rather overwhelming, What am I looking for in the logs ? Rob 2016-05-02 11:54 GMT+02:00 Jakub Hrozek <jhro...@redhat.com>: > On Mon, May 02, 2016 at 11:48:48AM +0200, Rob Verduijn wrote: >> Hello, >> >> I'm a bit at loss here. &g

Re: [Freeipa-users] ipa client deletes dns record from ipa domain

2016-05-02 Thread Rob Verduijn
found it, I needed to set dyndns_iface to the proper device It was set to the original device which was bridged, so no ip address was assigned to it. After setting it to bridge0 the update went ok Rob Verduijn 2016-05-02 13:06 GMT+02:00 Rob Verduijn <rob.verdu...@gmail.com>: > debu

[Freeipa-users] ipa client deletes dns record from ipa domain

2016-05-02 Thread Rob Verduijn
can't seem to find any errors or inconsystencies with the flawed system or the ones that do work. Any ideas what could cause this ? I now have set it to false on the system that keeps deleting its record, but I keep wondering what is causing this. Regards Rob Verduijn -- Manage your subscription

Re: [Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?

2016-07-14 Thread Rob Verduijn
hi, just a long shot here.. I've been battling sudo for a couple days now and found that my issue was one related to symlinks on centos7 'which cat' says /bin/cat but on centos /bin is a symlink to /usr/bin and sudo knows a symlink when it sees one and to prevent abuse it requires the 'real'

[Freeipa-users] what is the best way to create a search account

2016-06-30 Thread Rob Verduijn
Hello, What would be the most appropriate way to create a search account so that a third party tool (wildfly) can use it to search the ipa domain for credentials ? Cheers Rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] what is the best way to create a search account

2016-06-30 Thread Rob Verduijn
thanx 2016-06-30 13:59 GMT+02:00 Tomasz Torcz <to...@pipebreaker.pl>: > On Thu, Jun 30, 2016 at 01:22:34PM +0200, Rob Verduijn wrote: > > Hello, > > > > > > What would be the most appropriate way to create a search account so > that a > > third party t

Re: [Freeipa-users] CentOS 6 -> 7 migration

2017-02-26 Thread Rob Verduijn
Verduijn 2017-02-26 14:40 GMT+01:00 Ian Pilcher <arequip...@gmail.com>: > On 02/26/2017 05:08 AM, Rob Verduijn wrote: > >> You should consider setting up a temporary vm to migrate from. >> On one of your client systems, I assume you got at least 1 ipa client >> >>

Re: [Freeipa-users] CentOS 6 -> 7 migration

2017-02-26 Thread Rob Verduijn
client Try looking at http://libguestfs.org/virt-p2v.1.html to migrate your current system to a vm (side effect : instant full backup) When you got the vm up and running you can reinstall your main system with the new os and ipa. Then replicate the old ipa to the new one. Rob Verduijn 2017-02

Re: [Freeipa-users] sss / nsswitch

2016-09-13 Thread Rob Verduijn
2016-09-13 15:07 GMT+02:00 Lukas Slebodnik <lsleb...@redhat.com>: > On (13/09/16 10:39), Sumit Bose wrote: > >On Tue, Sep 13, 2016 at 10:13:12AM +0200, Rob Verduijn wrote: > >> Hi, > >> > >> Thanks that did it. > >> > >> Is there a less

[Freeipa-users] sss / nsswitch

2016-09-13 Thread Rob Verduijn
shares belong to nobody:nobodyy again. Anybody who has a tip on how to work around this until they fix sssd ? Cheers Rob Verduijn -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info

Re: [Freeipa-users] sss / nsswitch

2016-09-23 Thread Rob Verduijn
2016-09-23 10:27 GMT+02:00 Lukas Slebodnik <lsleb...@redhat.com>: > On (13/09/16 16:18), Rob Verduijn wrote: > >2016-09-13 15:07 GMT+02:00 Lukas Slebodnik <lsleb...@redhat.com>: > > > >> On (13/09/16 10:39), Sumit Bose wrote: > >> >On Tue, Sep

[Freeipa-users] FYI incorrect configuration when using ipa-client-automount

2016-12-16 Thread Rob Verduijn
bugzilla when the word centos is mentioned I've posterd it in the centos buglist : https://bugs.centos.org/view.php?id=12415 Cheers Rob Verduijn -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more

[Freeipa-users] ipa fails to start after centos 7.3 upgrade

2016-12-12 Thread Rob Verduijn
-failure' Is there a way to explain the script that it should check for chronyd instead of ntpd ? I also see this a lot in the logs: dns_rdatatype_fromtext() failed for attribute 'idnsTemplateAttribute;cnamerecord': unknown class/type Is that a serious error ? Rob Verduijn -- Manage your subscription

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-02 Thread Rob Verduijn
2016-12-01 19:44 GMT+01:00 Rob Verduijn <rob.verdu...@gmail.com>: > > > 2016-12-01 17:20 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>: > >> Rob Verduijn wrote: >> > >> > >> > 2016-12-01 15:41 GMT+01:00 Rob Crittenden <rcrit...@redh

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-01 Thread Rob Verduijn
2016-12-01 15:41 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>: > Rob Verduijn wrote: > > Hello, > > > > For some reason my ipa server no longer boots. > > It keeps trying to start pki-tomcat service. > > > > Does anybody know where I should start loo

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-01 Thread Rob Verduijn
2016-12-01 17:20 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>: > Rob Verduijn wrote: > > > > > > 2016-12-01 15:41 GMT+01:00 Rob Crittenden <rcrit...@redhat.com > > <mailto:rcrit...@redhat.com>>: > > > > Rob Verduijn wrote: > >

[Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-01 Thread Rob Verduijn
Hello, For some reason my ipa server no longer boots. It keeps trying to start pki-tomcat service. Does anybody know where I should start looking to get this fixed ? Rob Verduijn ipactl -d start gives this output: ipa: DEBUG: The CA status is: check interrupted due to error: Command ''/usr/bin

Re: [Freeipa-users] ipa-dnskeysyncd not starting

2016-12-19 Thread Rob Verduijn
2016-12-19 16:07 GMT+01:00 Rob Verduijn <rob.verdu...@gmail.com>: > > > > 2016-12-19 15:52 GMT+01:00 Petr Spacek <pspa...@redhat.com>: > >> On 19.12.2016 14:07, Rob Verduijn wrote: >> > Hello, >> > >> > I'm running ipa on centos 7.3 wi

Re: [Freeipa-users] ipa-dnskeysyncd not starting

2016-12-19 Thread Rob Verduijn
2016-12-19 17:06 GMT+01:00 Martin Basti <mba...@redhat.com>: > > > On 19.12.2016 16:27, Rob Verduijn wrote: > > > > 2016-12-19 16:07 GMT+01:00 Rob Verduijn <rob.verdu...@gmail.com>: > >> >> >> >> 2016-12-19 15:52 GMT+01:00 Petr Spacek &l

Re: [Freeipa-users] ipa-dnskeysyncd not starting

2016-12-19 Thread Rob Verduijn
2016-12-19 15:52 GMT+01:00 Petr Spacek <pspa...@redhat.com>: > On 19.12.2016 14:07, Rob Verduijn wrote: > > Hello, > > > > I'm running ipa on centos 7.3 with the latest patches applied. > > > > It seem to run fine however the ipa-dnskeysyncd keeps f

Re: [Freeipa-users] ipa-dnskeysyncd not starting

2016-12-19 Thread Rob Verduijn
2016-12-19 18:53 GMT+01:00 Martin Basti <mba...@redhat.com>: > > > On 19.12.2016 17:51, Rob Verduijn wrote: > > 2016-12-19 17:06 GMT+01:00 Martin Basti <mba...@redhat.com>: > >> >> >> On 19.12.2016 16:27, Rob Verduijn wrote: >> >&

[Freeipa-users] ipa-dnskeysyncd not starting

2016-12-19 Thread Rob Verduijn
status 1 systemd[1]: ipa-dnskeysyncd.service: main process exited, code=exited, status=1/FAILURE systemd[1]: Unit ipa-dnskeysyncd.service entered failed state. systemd[1]: ipa-dnskeysyncd.service failed. for some reason the ipa-dnskeysyncd keeops crashing. Anybody know where to start looking for thi

Re: [Freeipa-users] ipa fails to start after centos 7.3 upgrade

2016-12-16 Thread Rob Verduijn
2016-12-15 13:47 GMT+01:00 Petr Vobornik <pvobo...@redhat.com>: > On 12/12/2016 08:53 PM, Rob Verduijn wrote: > > Hello, > > > > I've recently upgraded to centos 7.3. > > Didn't intend to so soon but should have checked the anounce lists before > &g