On pe, 04 elo 2017, Kristian Petersen via FreeIPA-users wrote:
Alexander,
That was it! I had seen this before at a previous place of employment, but
couldn't recall enough of what we'd done there to fix it. You're a
lifesaver, really. Thank you very much to *everyone* who chimed in to lend
a h
Turns out, I'm still getting the same problem. It works right away after I
force clean the sssd cache: systemctl stop sssd ; rm -f /var/lib/sss/db/*
/var/log/sssd/* ; systemctl start sssd
After some time, trying to log back on the same system I see the login
prompt is much quicker when I type adu.
On 8/4/17 2:16 AM, Florence Blanc-Renaud wrote:
On 08/03/2017 11:13 PM, Ian Harding via FreeIPA-users wrote:
On 08/03/2017 12:28 AM, Florence Blanc-Renaud wrote:
On 08/02/2017 11:51 PM, Ian Harding via FreeIPA-users wrote:
On 08/02/2017 12:11 AM, Florence Blanc-Renaud wrote:
On 08/02/2017 01
Alexander,
That was it! I had seen this before at a previous place of employment, but
couldn't recall enough of what we'd done there to fix it. You're a
lifesaver, really. Thank you very much to *everyone* who chimed in to lend
a hand.
PS: We're still running FreeIPA 4.4.0 and were affected by
On Fri, Aug 04, 2017 at 09:05:20AM -0300, Felipe Barreto Volpone via
FreeIPA-users wrote:
> Hi Alka,
>
> I think you can get useful info here: https://www.redhat.com/
> archives/freeipa-users/2017-May/msg00028.html
Also this might be useful to pinpoint the issue:
https://docs.pagure.org/SSSD
On 08/04/2017 02:19 PM, Rob Crittenden wrote:
You'd have to do it using LDAP directly. There is nothing really wrong
with having a few revoked certs.
rob
I suppose that's fine, it just offends my sense of order. Thanks for
the info.
--
Mark Haney
Network Engineer at NeoNova
919-460-3330
Mark Haney via FreeIPA-users wrote:
> So now that we have a nicely replicating domain and ca, I'd like to rid
> myself of these revoked certificates which I tried as a way to fix the
> replication and setting up of a CA. Is there a way to delete these
> certs out of the store?
>
>
You'd have to
Hi all,
We run IPA 3.0.0 and have a cert on the CA master expiring in about 10 days.
The problem is that we mistakenly provisioned the last cert using an old
hostname which means that automatically renewing the cert fails, and the IPA
cert checks we run fails with...
ca-error: Server at "http:
Tiemen Ruiten via FreeIPA-users wrote:
> As I mentioned in my first mail, that doesn't work. For testing, I
> created a new role that contains the following privileges:
>
> Group Administrators
> Modify Group membership
> Modify Users and Reset passwords
> User Administrators
>
> Unfortunately, I
As I mentioned in my first mail, that doesn't work. For testing, I created
a new role that contains the following privileges:
Group Administrators
Modify Group membership
Modify Users and Reset passwords
User Administrators
Unfortunately, I get the same error.
On 4 August 2017 at 17:40, Bob Rent
Assigning roles to your userwill fix that issue. The existing "User
Administrator" role may fit your needs, but I am unsure how restrictive
you want to be with permissions.
If you want to be more restrictive a custom role with "System: Change User
password" permissions would seem to be the right
On pe, 04 elo 2017, Kristian Petersen wrote:
If it helps, the python file where we customized things is included below:
# Place in /usr/lib/python2.7/site-packages/ipalib/plugins/
Ok, this is location for pre-4.5 plugins. With FreeIPA 4.5 we split them
into ipaserver/plugins and ipaclient/plugi
If it helps, the python file where we customized things is included below:
# Place in /usr/lib/python2.7/site-packages/ipalib/plugins/
import re
from ipalib import api
from ipalib.plugins import user, stageuser, group
from ipalib.parameters import Str
from ipalib import _
FILESERVER = "fileser
Hello,
On 08/03/2017 10:12 PM, Kristian Petersen via FreeIPA-users wrote:
The customizations that define the additions to the schema appear to
be in the javascript file
/usr/share/ipa/ui/js/plugins/chemuser/chemuser.js. It defines the
additional fields we use that are causing us so much trou
On pe, 04 elo 2017, Yuri Moens via FreeIPA-users wrote:
Hi
I'm currently trying to setup a trust between IPA and Samba AD but I keep
running into some issues.
IPA is running on CentOS 7
VERSION: 4.4.0, API_VERSION: 2.213
ipa01.cloud.ymo.lab, Netbios CLOUD, domain cloud.ymo.lab
Samba is running
Hello,
I setup an LDAP User Federation in Keycloak to our FreeIPA domain.
Unfortunately, the password reset functionality appears to only work when
the user Keycloak binds as is in the admins group. I tried both the User
Administrator and helpdesk roles, but always got this error:
Caused by: java
Hi Alka,
I think you can get useful info here: https://www.redhat.com/
archives/freeipa-users/2017-May/msg00028.html
On Fri, Aug 4, 2017 at 8:31 AM, Alka Murali via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hello,
>
> I have implemented a freeipa server and enrolled many cli
Hello,
I have implemented a freeipa server and enrolled many clients like Ubuntu,
Debian, CentOS. In all those clients, my sudo rules worked.
However if I try the sudo rules to the users in Ubuntu 16, its not
recognising the sudo user
--
Aug 4 19:22:40 sudo: pam_unix(sudo:auth): authe
On 08/03/2017 11:13 PM, Ian Harding via FreeIPA-users wrote:
On 08/03/2017 12:28 AM, Florence Blanc-Renaud wrote:
On 08/02/2017 11:51 PM, Ian Harding via FreeIPA-users wrote:
On 08/02/2017 12:11 AM, Florence Blanc-Renaud wrote:
On 08/02/2017 01:43 AM, Ian Harding wrote:
On 08/01/2017 12:03 PM
19 matches
Mail list logo