[Freeipa-users] Re: krblastadminunlock on user account
krbLastAdminUnlock was only a part of my issue. I was able to resolve this issue, but not in the manner I expected. A careless administrator overwrote the keytabs on two FreeIPA servers while he was generating keytabs for MacOS hosts. Somehow, FreeIPA still functioned, the only repercussion was that some users (but not all) were unable to ssh into the IPA servers. The syslog did log this as a keytab issue. I was able to recover the original keytabs with "ipa-getkeytab -r” - grant ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Freeipa-users] Re: Indirect/nested group membership behaviour change in 4.6.8
Mark Stewart via FreeIPA-users wrote: > All, We have a RHEL estate currently at Red Hat release 4.9 This included an > IPA upgrade to 4.6.8. As soon as the upgrade was complete the various > applications that we have integrated with FreeIPA/IdM ceased to recognise > nested group membership. We opened a case with Red Hat who reported that > nothing had changed that would cause that behaviour. I'm just checking if > anyone is aware of what may have changed in this IPA release, or part of the > configuration that we should verify? I think we need more details on what you're seeing. What subtree you're apps are searching on, what results they are getting and expecting, etc. rob ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Freeipa-users] Indirect/nested group membership behaviour change in 4.6.8
All, We have a RHEL estate currently at Red Hat release 4.9 This included an IPA upgrade to 4.6.8. As soon as the upgrade was complete the various applications that we have integrated with FreeIPA/IdM ceased to recognise nested group membership. We opened a case with Red Hat who reported that nothing had changed that would cause that behaviour. I'm just checking if anyone is aware of what may have changed in this IPA release, or part of the configuration that we should verify? Thanks. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue