Re: [Freeipa-users] Shadow Utils appears in sssd.conf
On (22/11/16 10:16), Lachlan Musicman wrote: >Great - thank you. That worked. > I am not sure what is working now. Did the domain "domain/shadowutils" cause any problems to you? LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Shadow Utils appears in sssd.conf
Great - thank you. That worked. Unfortunately SELinux creates too much overhead on a subset of our servers, so we have it disabled. cheers L. -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 16 November 2016 at 19:39, Lukas Slebodnikwrote: > On (16/11/16 11:46), Lachlan Musicman wrote: > >I don't know what I've done wrong, but when I use ipa-client-install on a > >new host to add to my one way trust domain, I now have a > >[domain/shadowutils] stanza. > > > >This first happened a couple of weeks ago, I saw this bug and thought "it > >will be solved soon". > > > >https://bugzilla.redhat.com/show_bug.cgi?id=1369118 > > > >The report says it's been resolved in a recent advisory but I'm still > >seeing the error. > > > It was fixed by reverting upstream commit which > introduced such seature. > https://git.fedorahosted.org/cgit/sssd.git/commit/?id= > 59744cff6edb106ae799b2321cb8731edadf409a > > >Is it because I'm using sssd 1.14.2-1 from COPR instead of the centrally > >supplied sssd? > > > Yes, theis feature is still available in upstream/fedora. > > A) "domain/shadowutils" should not cause any problems. >If yes then it should be also reproducible on fedora >please filae a bug. > > B) It does not happen with SELinux in enforcing mode. >Another reason for "setenforce 1" :-) > > LS > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Shadow Utils appears in sssd.conf
On (16/11/16 11:46), Lachlan Musicman wrote: >I don't know what I've done wrong, but when I use ipa-client-install on a >new host to add to my one way trust domain, I now have a >[domain/shadowutils] stanza. > >This first happened a couple of weeks ago, I saw this bug and thought "it >will be solved soon". > >https://bugzilla.redhat.com/show_bug.cgi?id=1369118 > >The report says it's been resolved in a recent advisory but I'm still >seeing the error. > It was fixed by reverting upstream commit which introduced such seature. https://git.fedorahosted.org/cgit/sssd.git/commit/?id=59744cff6edb106ae799b2321cb8731edadf409a >Is it because I'm using sssd 1.14.2-1 from COPR instead of the centrally >supplied sssd? > Yes, theis feature is still available in upstream/fedora. A) "domain/shadowutils" should not cause any problems. If yes then it should be also reproducible on fedora please filae a bug. B) It does not happen with SELinux in enforcing mode. Another reason for "setenforce 1" :-) LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project