On 01/14/2016 09:51 AM, Alexander Bokovoy wrote:
> On Wed, 13 Jan 2016, Prasun Gera wrote:
>> Great! I hope it makes it downstream to RHEL.
> Please open a case with GSS to facilitate the backport.
+1. These are the Bug numbers to link to:
RHEL-6.x:
On Wed, 13 Jan 2016, Prasun Gera wrote:
Great! I hope it makes it downstream to RHEL.
Please open a case with GSS to facilitate the backport.
On Wed, Jan 13, 2016 at 4:27 PM, Alexander Bokovoy
wrote:
On Wed, 13 Jan 2016, Prasun Gera wrote:
They are authenticated
They are authenticated using CRYPT passwords. i.e. Even after a user is
disabled in ipa, it's entry is still visible in ypcat passwd on the
clients.
On Wed, Jan 13, 2016 at 4:17 PM, Alexander Bokovoy
wrote:
> On Wed, 13 Jan 2016, Prasun Gera wrote:
>
>> I think I've solved
I think I've solved this. I don't know what or who enabled it, but for some
reason the original NIS service (ypserv) was running on the server. That
was taking precedence over ipa's fake NIS, and causing problems. I have now
deleted the maps and commented them out in the Makefile so that it
On Wed, 13 Jan 2016, Prasun Gera wrote:
I think I've solved this. I don't know what or who enabled it, but for some
reason the original NIS service (ypserv) was running on the server. That
was taking precedence over ipa's fake NIS, and causing problems. I have now
deleted the maps and commented
On Wed, 13 Jan 2016, Prasun Gera wrote:
They are authenticated using CRYPT passwords. i.e. Even after a user is
disabled in ipa, it's entry is still visible in ypcat passwd on the
clients.
https://fedorahosted.org/slapi-nis/ticket/10
The definition is unfortunately in the C code, so it would
Great! I hope it makes it downstream to RHEL.
On Wed, Jan 13, 2016 at 4:27 PM, Alexander Bokovoy
wrote:
> On Wed, 13 Jan 2016, Prasun Gera wrote:
>
>> They are authenticated using CRYPT passwords. i.e. Even after a user is
>> disabled in ipa, it's entry is still visible in
This is the output of the command:
ldapsearch -LLL -H $(cat /etc/ipa/default.conf | grep ldap_uri|cut -d=
-f2) -b cn=config '(nis-domain=*)' dn CreateTimestamp ModifyTimestamp
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
On Mon, 11 Jan 2016, Prasun Gera wrote:
I upgraded ipa to 4.2 on my rhel 7.2 servers a few weeks ago. One of the
users reported that he is not able to log in to certain systems any more.
It turns out that there is some change in behaviour w.r.t NIS clients after
this upgrade. I see that his