Re: [Freeipa-users] FreeIPA user can't login to linux.

2015-11-20 Thread Rob Crittenden
zhiyong xue wrote: > The problem still exist after update from 4.1 to 4.2.3. Because the problem is not in IPA, it is in how you are manually adding entries. Since you are now running 4.2 I'd suggest you look into using staged users, http://www.freeipa.org/page/V4/User_Life-Cycle_Management >

Re: [Freeipa-users] FreeIPA user can't login to linux.

2015-11-20 Thread zhiyong xue
The problem still exist after update from 4.1 to 4.2.3. Rob, how to check the missed manage entry? 2015-11-20 0:11 GMT+08:00 Rob Crittenden : > zhiyong xue wrote: > > Rob, where can I get more error information beside the log? > > [16/Nov/2015:02:52:59 +]

Re: [Freeipa-users] FreeIPA user can't login to linux.

2015-11-19 Thread zhiyong xue
Rob, where can I get more error information beside the log? [16/Nov/2015:02:52:59 +] managed-entries-plugin - mep_del_post_op: failed to delete managed entry (member=syncopex5,cn=groups,cn=accounts,dc=example,dc=com) - error (32) 2015-11-16 13:43 GMT+08:00 zhiyong xue : >

Re: [Freeipa-users] FreeIPA user can't login to linux.

2015-11-19 Thread Rob Crittenden
zhiyong xue wrote: > Rob, where can I get more error information beside the log? > [16/Nov/2015:02:52:59 +] managed-entries-plugin - mep_del_post_op: > failed to delete managed entry > (member=syncopex5,cn=groups,cn=accounts,dc=example,dc=com) - error (32) I can still only assume what you're

Re: [Freeipa-users] FreeIPA user can't login to linux.

2015-11-16 Thread zhiyong xue
I query a new user syncopex8, it's same created from Apache Syncope server. *The output of command "ldapsearch -x -h localhost -b dc=exampe,dc=com uid=syncopex8":* # extended LDIF # # LDAPv3 # base

Re: [Freeipa-users] FreeIPA user can't login to linux.

2015-11-16 Thread Tomas Babej
Can you provide a result of a LDAP search run on that entry? As Rob points out, you're probably creating the user in a manner that bypasses the framework. Tomas On 11/16/2015 06:43 AM, zhiyong xue wrote: > I am using IPA 4.1 in CenOS7. And I can login to system after "id > syncopex5", maybe

Re: [Freeipa-users] FreeIPA user can't login to linux.

2015-11-16 Thread zhiyong xue
I am using IPA 4.1 in CenOS7. And I can login to system after "id syncopex5", maybe it's cache problem. 2015-11-16 11:24 GMT+08:00 Rob Crittenden : > zhiyong xue wrote: > > We integrated the Apache Syncope server with FreeIPA server. So user can > > self register ID from

Re: [Freeipa-users] FreeIPA user can't login to linux.

2015-11-15 Thread Rob Crittenden
zhiyong xue wrote: > We integrated the Apache Syncope server with FreeIPA server. So user can > self register ID from Apache Syncope then synchronize to FreeIPA. The > problems are: > *1) User created from Apache Syncope can't login to linux. The user > created from FreeIPA web gui works well.*