[Freeipa-users] Re: user_add post_callback doesn't seem to be called.

I thought I should let everyone know what ended up happening with this. It turns out that the script is now run as the ipaapi user instead of as root (like it either used to or I thought it used to). We changed permissions on some files that the script needed and now it works again. On Fri,

[Freeipa-users] Re: New replica (4.5) issues

As a side question to this issue, might it be possible to use this non-replicating essentially standalone new replica as a basis to rebuild the entire IPA environment since it did complete successfully during the replica install? The whole drive behind trying to get a new CA server in the

[Freeipa-users] (no subject)

some new log insights from the client when a mount from the /storage/ fails: Jan 23 19:41:10 ubuntu_client automount[825]: parse_mount: parse(sun): core of entry: options=, loc=NFS_Server.ipa.mydomain.example:/storage/media Jan 23 19:41:10 ubuntu_client automount[825]: sun_mount: parse(sun):

[Freeipa-users] Re: BUG REPORT nss/sssd looking up root user on cent 7.4 and sssd 1.15.2 with AD_User_Short_Names

On Tue, Jan 23, 2018 at 7:55 PM, Jakub Hrozek wrote: > On Tue, Jan 23, 2018 at 12:44:03PM -0500, email--- via FreeIPA-users wrote: > > Hey All, > > Having some major issues with sudo and it appears the root cause is the > time it takes sssd to resolve root as a local user

[Freeipa-users] BUG REPORT nss/sssd looking up root user on cent 7.4 and sssd 1.15.2 with AD_User_Short_Names

Hey All, Having some major issues with sudo and it appears the root cause is the time it takes sssd to resolve root as a local user when domain-resolution-order is enabled in ipa4.5, I do not have filter_users or filter_groups defined, so the default root user should be used

[Freeipa-users] Re: ipa-client-install changed SELinux Booleans

On (23/01/18 15:01), Eric Scholwin via FreeIPA-users wrote: >Interesting thought, I figured something had to have changed it, but what >would cause this to occur on my production box and not my test box? Both boxes >needed to install the exact same packages and dependencies, but this didn't

[Freeipa-users] Re: ipa-client-install changed SELinux Booleans

Interesting thought, I figured something had to have changed it, but what would cause this to occur on my production box and not my test box? Both boxes needed to install the exact same packages and dependencies, but this didn't occur on the test box, only the production box. Going to dig

[Freeipa-users] Re: ipa-client-install changed SELinux Booleans

Eric Scholwin via FreeIPA-users wrote: > I was wondering if anyone noticed while installing FreeIPA on any of their > machines, whether or not their SELinux Booleans were affected? I installed > this in a test environment and nothing broke. However, when installed in my > production

[Freeipa-users] Re: Certificates renewing with the wrong Subject

Roderick Johnstone via FreeIPA-users wrote: > On 15/01/2018 20:07, Rob Crittenden via FreeIPA-users wrote: >> Roderick Johnstone via FreeIPA-users wrote: >>> On 15/01/2018 16:06, Rob Crittenden via FreeIPA-users wrote: Roderick Johnstone via FreeIPA-users wrote: > Hi > > Our

[Freeipa-users] ipa-client-install changed SELinux Booleans

I was wondering if anyone noticed while installing FreeIPA on any of their machines, whether or not their SELinux Booleans were affected? I installed this in a test environment and nothing broke. However, when installed in my production environment, an important SEBoolean was changed:

[Freeipa-users] Re: Request for input on installing IPA onto ARM/SoC boards

For the most part, yes.  Its cheap, low-power.  I actually have tried to do this w/ a Fedora build.  It overloaded the RasPi 2 & or 3.  I can't remember to be honest. But I feel like if i'm able to run something that does IDM on that, i'm good to go.  I think it is probably just the hobbyist in

[Freeipa-users] Re: ipa-restore: a bytes-like object is required, not 'str'

Hi Christian, Thanks for the heads up! I will remove that part of code, that will fix it for the time being! Cheers, Matt ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to

[Freeipa-users] Re: Request for input on installing IPA onto ARM/SoC boards

Andrew Meyer via FreeIPA-users wrote: > Agreed.  I would love to run this on a raspberry pi or better. But why? Is it because the hardware is so cheap? Is it better/easier/cheaper than running it in a VM on an existing box? Is it merely for the "fun" factor (and I'm not disparaging it, I do lots

[Freeipa-users] Re: Freeipa / IDM on a VM

Not sure if this meets you definition of cluster or not but all of our IdM servers are VMs. We have a multi-master set with standard replication. I have IdM servers 2 in one location with 1 serving as DNS CA, LDAP, etc and a second serving SMB shares and backing up the LDAP services. Across

[Freeipa-users] Re: ipa-restore: a bytes-like object is required, not 'str'

On 2018-01-23 12:16, Matt . via FreeIPA-users wrote: > Hi, > > Yes Fedora 27, not sure if I had the same on the latest 4.5.4 on F26 as that > installed was broked in some strange way without any changes and has kinda > the same issue I thought. > > What I run now on F27 is: > > # rpm -q

[Freeipa-users] Re: ipa-restore: a bytes-like object is required, not 'str'

Hi, Yes Fedora 27, not sure if I had the same on the latest 4.5.4 on F26 as that installed was broked in some strange way without any changes and has kinda the same issue I thought. What I run now on F27 is: # rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base

[Freeipa-users] API 3005 Unknown option:

HI Guys, I have added my own userattribute which works perfectly fine from the webgui and the cli but not using the API where I get this error from as response: 3005 Unknown option: I thought this would lineup easily, what goes wrong ? Thanks, Matt

[Freeipa-users] Re: Certificates renewing with the wrong Subject

On 15/01/2018 20:07, Rob Crittenden via FreeIPA-users wrote: Roderick Johnstone via FreeIPA-users wrote: On 15/01/2018 16:06, Rob Crittenden via FreeIPA-users wrote: Roderick Johnstone via FreeIPA-users wrote: Hi Our freeipa certificates need to be renewed due to passing their expiry dates.