[Freeipa-users] winsync agreement

2012-09-12 Thread Steven Jones 
I just setup a winsync agreement expect its wiped any IPA user that also exists 
in AD.

Is this expected? if so how do I stop it doing that?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Stale NFS file handle

2012-09-12 Thread Sigbjorn Lie 

What nfs version are you using? And if 4, do you use kerberos?

We are using mostly nfs 3 still, and those nfs mounts just reconnect by 
themselves up to a few minutes after the nfs server is back online.



Regards,
Siggi


On 09/12/2012 10:44 PM, george he wrote:

I think it's about half an hour.
Any ideas about the authentication failsure thing?
Thanks,
George


*From:* Sigbjorn Lie 
*To:* freeipa-users@redhat.com
*Sent:* Wednesday, September 12, 2012 3:53 PM
*Subject:* Re: [Freeipa-users] Stale NFS file handle

On 09/12/2012 08:26 PM, george he wrote:

Hello,
My ipa server and my nfs server are the same machine running
centos 6.3.
The server was accidentally down and rebooted.
But then I got "authentication failsure" on some clients when
tried to log on through gdm, and blue screen (no desktop, no
panels) on some others.
On some clients that I was on before the server was downthe, I
got "Stale NFS file handle".
Yet on some other clients, everything is fine. All clients are
running centos 6.3, too.
Is there a way (e.g. restarting some services) to get the above
problems away instead of rebooting the clients?
Thanks,
George



Just wait and it reconnects a while after the nfs server becomes
available again.

How long have you waited before rebooting?


Regards,
Siggi


___
Freeipa-users mailing list
Freeipa-users@redhat.com 
https://www.redhat.com/mailman/listinfo/freeipa-users



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Stale NFS file handle

2012-09-12 Thread george he 
I think it's about half an hour.
Any ideas about the authentication failsure thing?
Thanks,
George




>
> From: Sigbjorn Lie 
>To: freeipa-users@redhat.com 
>Sent: Wednesday, September 12, 2012 3:53 PM
>Subject: Re: [Freeipa-users] Stale NFS file handle
> 
>
>On 09/12/2012 08:26 PM, george he wrote:
>
>Hello,
>>My ipa server and my nfs server are the same machine running centos 6.3.
>>The server was accidentally down and rebooted.
>>But then I got "authentication failsure" on some clients when tried to log on 
>>through gdm, and blue screen (no desktop, no panels) on some others.
>>On some clients that I was on before the server was downthe, I got "Stale NFS 
>>file handle".
>>Yet on some other clients, everything is fine. All clients are running centos 
>>6.3, too.
>>
>>Is there a way (e.g. restarting some services) to get the above problems away 
>>instead of rebooting the clients?
>>
>>Thanks,
>>George
>>
>Just wait and it reconnects a while after the nfs server becomes
available again.
>
>How long have you waited before rebooting?
>
>
>Regards,
>Siggi
>
>
>___
>Freeipa-users mailing list
>Freeipa-users@redhat.com
>https://www.redhat.com/mailman/listinfo/freeipa-users
>
>___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Stale NFS file handle

2012-09-12 Thread george he 
I tried umount but without -l, it said drive busy. Next time I will try with -l.
Thanks,
George




>
> From: Natxo Asenjo 
>To: "freeipa-users@redhat.com"  
>Sent: Wednesday, September 12, 2012 2:43 PM
>Subject: Re: [Freeipa-users] Stale NFS file handle
> 
>
>On Wed, Sep 12, 2012 at 8:26 PM, george he  wrote:
>
>Hello,
>>My ipa server and my nfs server are the same machine running centos 6.3.
>
>try to separate those roles if you can. You can use vm's, it'll work great.
> 
>
>The server was accidentally down and rebooted.
>>But then I got "authentication failsure" on some clients when tried to log on 
>>through gdm, and blue screen (no desktop, no panels) on some others.
>>On some clients that I was on before the server was downthe, I got "Stale NFS 
>>file handle".
>>Yet on some other clients, everything is fine. All clients are running centos 
>>6.3, too.
>>
>>Is there a way (e.g. restarting some services) to get the above problems away 
>>instead of rebooting the clients?
>>
>
>you could try umounting the stale mount points in the clients with the -l 
>switch (lazy). It works most of the time, sometimes rebooting or resetting is 
>necessary. Do not change dir to the mount point because then your client will 
>not respond :-)
>
>-- 
>natxo
>
>___
>Freeipa-users mailing list
>Freeipa-users@redhat.com
>https://www.redhat.com/mailman/listinfo/freeipa-users
>
>___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Stale NFS file handle

2012-09-12 Thread Sigbjorn Lie 

On 09/12/2012 08:26 PM, george he wrote:

Hello,
My ipa server and my nfs server are the same machine running centos 6.3.
The server was accidentally down and rebooted.
But then I got "authentication failsure" on some clients when tried to 
log on through gdm, and blue screen (no desktop, no panels) on some 
others.
On some clients that I was on before the server was downthe, I got 
"Stale NFS file handle".
Yet on some other clients, everything is fine. All clients are running 
centos 6.3, too.
Is there a way (e.g. restarting some services) to get the above 
problems away instead of rebooting the clients?

Thanks,
George



Just wait and it reconnects a while after the nfs server becomes 
available again.


How long have you waited before rebooting?


Regards,
Siggi

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Stale NFS file handle

2012-09-12 Thread Natxo Asenjo 
On Wed, Sep 12, 2012 at 8:26 PM, george he  wrote:

> Hello,
> My ipa server and my nfs server are the same machine running centos 6.3.
>

try to separate those roles if you can. You can use vm's, it'll work great.


> The server was accidentally down and rebooted.
> But then I got "authentication failsure" on some clients when tried to log
> on through gdm, and blue screen (no desktop, no panels) on some others.
> On some clients that I was on before the server was downthe, I got "Stale
> NFS file handle".
> Yet on some other clients, everything is fine. All clients are running
> centos 6.3, too.
> Is there a way (e.g. restarting some services) to get the above problems
> away instead of rebooting the clients?
>

you could try umounting the stale mount points in the clients with the -l
switch (lazy). It works most of the time, sometimes rebooting or resetting
is necessary. Do not change dir to the mount point because then your client
will not respond :-)

-- 
natxo
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] Stale NFS file handle

2012-09-12 Thread george he 
Hello,
My ipa server and my nfs server are the same machine running centos 6.3.
The server was accidentally down and rebooted.
But then I got "authentication failsure" on some clients when tried to log on 
through gdm, and blue screen (no desktop, no panels) on some others.
On some clients that I was on before the server was downthe, I got "Stale NFS 
file handle".
Yet on some other clients, everything is fine. All clients are running centos 
6.3, too.

Is there a way (e.g. restarting some services) to get the above problems away 
instead of rebooting the clients?

Thanks,
George
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] distribution mailing list

2012-09-12 Thread Marcello Giannoni UCLA 
Hi Dimitri

Thank you for the suggestions I'll try your solution with the member 
attribute and see how it goes.
Thank you for your prompt answer

Marcello 

On Sep 12, 2012, at 4:44 AM, Dmitri Pal wrote:

> On 09/12/2012 02:52 AM, Marcello Giannoni UCLA wrote:
>> Hi I'm currently using the free-ipa server on red hat enterprise 6.2.
>> Someone asked me to implement a distribution list on the system.
>> I would like to set up free-ipa in a way that I can create expandable groups 
>> that when I connect trough an email client  and I type the group defined in 
>> the ipa-server the group will expand all the email of user subscribed to 
>> that particular group.
>> 
>> Do I have to change the dif.ldif schema in order to achieve this ? 
>> I have heard that someone resolved this problem using the 
>> objectClass=groupOfNames but I couldn't find any explanation on how to 
>> implement this.
>> 
>> I don't know if the problem lies on the type of group to use or the base 
>> search on the ldap client, I need some clue on how to do this.
>> 
>> I hope someone can spread some light on this
>> 
> 
> I am not sure but suspect that you need a filter for the mail client to
> expand the list of users.
> The attribute that would help with that is "member". It is a multi value
> attribute of the group object that contains the list of all the users
> that are directly or indirectly (via nested groups) are members of the
> specific group.
> 
> If you need more than user DNs but user entries then you might want to
> go the other way around.
> Use the entered group to search for all the users  who's memberOf
> attribute contains given group.
> 
>> Thank you in advance
>> Marcello
>> 
>> 
>> ___
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> 
> -- 
> Thank you,
> Dmitri Pal
> 
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
> 
> 
> ---
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
> 
> 
> 
> ___
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] distribution mailing list

2012-09-12 Thread Dmitri Pal 
On 09/12/2012 02:52 AM, Marcello Giannoni UCLA wrote:
> Hi I'm currently using the free-ipa server on red hat enterprise 6.2.
> Someone asked me to implement a distribution list on the system.
> I would like to set up free-ipa in a way that I can create expandable groups 
> that when I connect trough an email client  and I type the group defined in 
> the ipa-server the group will expand all the email of user subscribed to that 
> particular group.
>
> Do I have to change the dif.ldif schema in order to achieve this ? 
> I have heard that someone resolved this problem using the 
> objectClass=groupOfNames but I couldn't find any explanation on how to 
> implement this.
>
> I don't know if the problem lies on the type of group to use or the base 
> search on the ldap client, I need some clue on how to do this.
>
> I hope someone can spread some light on this
>

I am not sure but suspect that you need a filter for the mail client to
expand the list of users.
The attribute that would help with that is "member". It is a multi value
attribute of the group object that contains the list of all the users
that are directly or indirectly (via nested groups) are members of the
specific group.

If you need more than user DNs but user entries then you might want to
go the other way around.
Use the entered group to search for all the users  who's memberOf
attribute contains given group.

> Thank you in advance
> Marcello
>
>
> ___
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users