Re: [Freeipa-users] IPA users not visible in NIS passwd map

2016-01-14 Thread Martin Kosek
On 01/14/2016 09:51 AM, Alexander Bokovoy wrote: > On Wed, 13 Jan 2016, Prasun Gera wrote: >> Great! I hope it makes it downstream to RHEL. > Please open a case with GSS to facilitate the backport. +1. These are the Bug numbers to link to: RHEL-6.x:

Re: [Freeipa-users] IPA users not visible in NIS passwd map

2016-01-14 Thread Alexander Bokovoy
On Wed, 13 Jan 2016, Prasun Gera wrote: Great! I hope it makes it downstream to RHEL. Please open a case with GSS to facilitate the backport. On Wed, Jan 13, 2016 at 4:27 PM, Alexander Bokovoy wrote: On Wed, 13 Jan 2016, Prasun Gera wrote: They are authenticated

Re: [Freeipa-users] IPA users not visible in NIS passwd map

2016-01-13 Thread Prasun Gera
They are authenticated using CRYPT passwords. i.e. Even after a user is disabled in ipa, it's entry is still visible in ypcat passwd on the clients. On Wed, Jan 13, 2016 at 4:17 PM, Alexander Bokovoy wrote: > On Wed, 13 Jan 2016, Prasun Gera wrote: > >> I think I've solved

Re: [Freeipa-users] IPA users not visible in NIS passwd map

2016-01-13 Thread Prasun Gera
I think I've solved this. I don't know what or who enabled it, but for some reason the original NIS service (ypserv) was running on the server. That was taking precedence over ipa's fake NIS, and causing problems. I have now deleted the maps and commented them out in the Makefile so that it

Re: [Freeipa-users] IPA users not visible in NIS passwd map

2016-01-13 Thread Alexander Bokovoy
On Wed, 13 Jan 2016, Prasun Gera wrote: I think I've solved this. I don't know what or who enabled it, but for some reason the original NIS service (ypserv) was running on the server. That was taking precedence over ipa's fake NIS, and causing problems. I have now deleted the maps and commented

Re: [Freeipa-users] IPA users not visible in NIS passwd map

2016-01-13 Thread Alexander Bokovoy
On Wed, 13 Jan 2016, Prasun Gera wrote: They are authenticated using CRYPT passwords. i.e. Even after a user is disabled in ipa, it's entry is still visible in ypcat passwd on the clients. https://fedorahosted.org/slapi-nis/ticket/10 The definition is unfortunately in the C code, so it would

Re: [Freeipa-users] IPA users not visible in NIS passwd map

2016-01-13 Thread Prasun Gera
Great! I hope it makes it downstream to RHEL. On Wed, Jan 13, 2016 at 4:27 PM, Alexander Bokovoy wrote: > On Wed, 13 Jan 2016, Prasun Gera wrote: > >> They are authenticated using CRYPT passwords. i.e. Even after a user is >> disabled in ipa, it's entry is still visible in

Re: [Freeipa-users] IPA users not visible in NIS passwd map

2016-01-11 Thread Prasun Gera
This is the output of the command: ldapsearch -LLL -H $(cat /etc/ipa/default.conf | grep ldap_uri|cut -d= -f2) -b cn=config '(nis-domain=*)' dn CreateTimestamp ModifyTimestamp SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0

Re: [Freeipa-users] IPA users not visible in NIS passwd map

2016-01-11 Thread Alexander Bokovoy
On Mon, 11 Jan 2016, Prasun Gera wrote: I upgraded ipa to 4.2 on my rhel 7.2 servers a few weeks ago. One of the users reported that he is not able to log in to certain systems any more. It turns out that there is some change in behaviour w.r.t NIS clients after this upgrade. I see that his