Re: [Freeipa-users] Shadow Utils appears in sssd.conf

2016-11-26 Thread Lukas Slebodnik 
On (22/11/16 10:16), Lachlan Musicman wrote:
>Great - thank you. That worked.
>
I am not sure what is working now.
Did the domain "domain/shadowutils" cause any problems to you?

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Shadow Utils appears in sssd.conf

2016-11-21 Thread Lachlan Musicman 
Great - thank you. That worked.

Unfortunately SELinux creates too much overhead on a subset of our servers,
so we have it disabled.

cheers
L.

--
The most dangerous phrase in the language is, "We've always done it this
way."

- Grace Hopper

On 16 November 2016 at 19:39, Lukas Slebodnik  wrote:

> On (16/11/16 11:46), Lachlan Musicman wrote:
> >I don't know what I've done wrong, but when I use ipa-client-install on a
> >new host to add to my one way trust domain, I now have a
> >[domain/shadowutils] stanza.
> >
> >This first happened a couple of weeks ago, I saw this bug and thought "it
> >will be solved soon".
> >
> >https://bugzilla.redhat.com/show_bug.cgi?id=1369118
> >
> >The report says it's been resolved in a recent advisory but I'm still
> >seeing the error.
> >
> It was fixed by reverting upstream commit which
> introduced such seature.
> https://git.fedorahosted.org/cgit/sssd.git/commit/?id=
> 59744cff6edb106ae799b2321cb8731edadf409a
>
> >Is it because I'm using sssd 1.14.2-1 from COPR instead of the centrally
> >supplied sssd?
> >
> Yes, theis feature is still available in upstream/fedora.
>
> A) "domain/shadowutils" should not cause any problems.
>If yes then it should be also reproducible on fedora
>please filae a bug.
>
> B) It does not happen with SELinux in enforcing mode.
>Another reason for "setenforce 1" :-)
>
> LS
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Shadow Utils appears in sssd.conf

2016-11-16 Thread Lukas Slebodnik 
On (16/11/16 11:46), Lachlan Musicman wrote:
>I don't know what I've done wrong, but when I use ipa-client-install on a
>new host to add to my one way trust domain, I now have a
>[domain/shadowutils] stanza.
>
>This first happened a couple of weeks ago, I saw this bug and thought "it
>will be solved soon".
>
>https://bugzilla.redhat.com/show_bug.cgi?id=1369118
>
>The report says it's been resolved in a recent advisory but I'm still
>seeing the error.
>
It was fixed by reverting upstream commit which
introduced such seature.
https://git.fedorahosted.org/cgit/sssd.git/commit/?id=59744cff6edb106ae799b2321cb8731edadf409a

>Is it because I'm using sssd 1.14.2-1 from COPR instead of the centrally
>supplied sssd?
>
Yes, theis feature is still available in upstream/fedora.

A) "domain/shadowutils" should not cause any problems.
   If yes then it should be also reproducible on fedora
   please filae a bug.

B) It does not happen with SELinux in enforcing mode.
   Another reason for "setenforce 1" :-)

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project