[Freeipa-users] Re: IPA WebGUI login fails with "Login failed due to an unknown reason"

On to, 03 helmi 2022, code bugs wrote:   [03/Feb/2022:02:00:35.465687122 +0500] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c

[Freeipa-users] Re: IPA WebGUI login fails with "Login failed due to an unknown reason"

 [03/Feb/2022:02:00:35.465687122 +0500] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 194]: Sidgen task starts ...[03/Feb/2022:02:00:35.966385266 +0500] - ERR - find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 522]: Cannot convert Posix ID [1196400016] into an unused SID.[03/F

[Freeipa-users] Re: IPA WebGUI login fails with "Login failed due to an unknown reason"

On to, 03 helmi 2022, code bugs wrote: # ipa config-mod --enable-sid --add-sids Executes without error. But User still has no objectclass ipaNTUserAttrs and ipaNTSecurity

[Freeipa-users] Re: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='idm.issc.io', port=8080): Read timed out

Ricardo Mendes via FreeIPA-users wrote: > Hi Rob thank you for your reply and I'm sorry for the missing information. > Everything is up to date latest available > > # cat /etc/os-release > NAME="Red Hat Enterprise Linux" > VERSION="8.5 (Ootpa)" > ID="rhel" > ID_LIKE="fedora" > VERSION_ID="8.5" >

[Freeipa-users] Re: IPA WebGUI login fails with "Login failed due to an unknown reason"

ipa config-mod --enable-sid --add-sids  Maximum username length: 32  Maximum hostname length: 64  Home directory base: /home  Default shell: /bin/sh  Default users group: ipausers  Default e-mail domain: example.com  Search time limit: 2  Search size limit: 100  User search fields: uid,givenname,sn

[Freeipa-users] Re: IPA WebGUI login fails with "Login failed due to an unknown reason"

# ipa config-mod --enable-sid --add-sidsExecutes without error. But User still has no objectclass ipaNTUserAttrs and ipaNTSecurityIdentifier attribute.  From: Alexander BokovoySent: Thursday, February 3, 2022 1:02 AMTo: code bugsCc: FreeIPA users listSubject: Re: [Freeipa-users] Re: IPA WebGUI logi

[Freeipa-users] Re: IPA WebGUI login fails with "Login failed due to an unknown reason"

On to, 03 helmi 2022, code bugs wrote: I tried changing the password but that did not work.  

[Freeipa-users] Re: IPA WebGUI login fails with "Login failed due to an unknown reason"

I tried changing the password but that did not work. When I ran #ipa -e in_server=true user-mod mtest --addattr=ipanthash=MagicRegenI am getting ipa: ERROR: attribute "ipanthas" not allowed same Error when  dn: uid=foo,cn=users,cn=accounts,dc=ipa,dc=testchangetype: modifyadd: ipaNTHashipaNTHash: Ma

[Freeipa-users] Re: IPA WebGUI login fails with "Login failed due to an unknown reason"

On ke, 02 helmi 2022, Alexander Bokovoy via FreeIPA-users wrote: On ke, 02 helmi 2022, code bugs wrote: After following the @Dan West solution described at https://lists.fedorahosted.org/archives/list/freeip

[Freeipa-users] Re: IPA WebGUI login fails with "Login failed due to an unknown reason"

On ke, 02 helmi 2022, code bugs wrote: After following the @Dan West solution described at https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/4S4QQDC4FBVTA4GYWWVBPKGYN3MF

[Freeipa-users] Re: IPA WebGUI login fails with "Login failed due to an unknown reason"

After following the @Dan West solution described at https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/4S4QQDC4FBVTA4GYWWVBPKGYN3MF4UJ6/#7SKWKKFFDMMFWOXPR53ZFGB634RKJHVU ,

[Freeipa-users] Re: IPA to IPA migration - lot more groups - why?

On ke, 02 helmi 2022, lejeczek via FreeIPA-users wrote: On 02/02/2022 14:21, Rob Crittenden wrote: lejeczek via FreeIPA-users wrote: On 02/02/2022 08:45, Florence Blanc-Renaud wrote: Hi, On Wed, Feb 2, 2022 at 7:31 AM lejeczek via FreeIPA-users wrote:     Hi guys.     I migrate:     -> $

[Freeipa-users] Re: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='idm.issc.io', port=8080): Read timed out

Hi Rob thank you for your reply and I'm sorry for the missing information. Everything is up to date latest available # cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="8.5 (Ootpa)" ID="rhel" ID_LIKE="fedora" VERSION_ID="8.5" PLATFORM_ID="platform:el8" PRETTY_NAME="Red Hat Enterprise L

[Freeipa-users] Re: IPA to IPA migration - lot more groups - why?

On 02/02/2022 14:21, Rob Crittenden wrote: lejeczek via FreeIPA-users wrote: On 02/02/2022 08:45, Florence Blanc-Renaud wrote: Hi, On Wed, Feb 2, 2022 at 7:31 AM lejeczek via FreeIPA-users wrote:     Hi guys.     I migrate:     -> $ ipa migrate-ds --bind-dn="cn=Directory Manager"    

[Freeipa-users] Re: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='idm.issc.io', port=8080): Read timed out

Ricardo Mendes via FreeIPA-users wrote: > Hi, > > I'm having an issue where I can't remove an host due to the error: > "Operation Error > Some entries were not deleted > > Show details: > - Certificate operation cannot be completed: Unable to communicate with CMS > (403)" > > getcert list > Num

[Freeipa-users] ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='idm.issc.io', port=8080): Read timed out

Hi, I'm having an issue where I can't remove an host due to the error: "Operation Error Some entries were not deleted Show details: - Certificate operation cannot be completed: Unable to communicate with CMS (403)" getcert list Number of certificates and requests being tracked: 9. Request ID '2

[Freeipa-users] Re: Rawhide upgrade dirsrv startup failure workaround

On 2/2/22 08:22, Rob Crittenden wrote: Harry G. Coin via FreeIPA-users wrote: When 'upgrading' using Rawhide, (instead of a fresh install), you might notice ns-slapd / dirsrv fails to start.  Do this to work around it: #mkdir /dev/shm/slapd- #chown dirsrv:dirsrv /dev/shm/slapd- #systemctl re

[Freeipa-users] Re: Group permissions failing on group with ipaNTSecurityIdentifier attribute

On ke, 02 helmi 2022, Scott Serr via FreeIPA-users wrote: On 2/1/22 09:24, Scott Serr via FreeIPA-users wrote: Hello, I have an IPA cluster of 5 servers, running version 4.9.6-10.  The system was put in production Feb 2021 and has been updated several times.  These updates have sometimes not

[Freeipa-users] Re: Group permissions failing on group with ipaNTSecurityIdentifier attribute

On 2/1/22 09:24, Scott Serr via FreeIPA-users wrote: Hello, I have an IPA cluster of 5 servers, running version 4.9.6-10.  The system was put in production Feb 2021 and has been updated several times.  These updates have sometimes not gone well: https://lists.fedorahosted.org/archives/list/f

[Freeipa-users] Re: Accidentally deleted NS record

Nikolay Sukhno via FreeIPA-users wrote: > Thanks for the answer! > --force key helped! > > Feeling very stupid that I didn't see what he was. But I have a small excuse, > there is not a word about it in the documentation > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/

[Freeipa-users] Re: Rawhide upgrade dirsrv startup failure workaround

Harry G. Coin via FreeIPA-users wrote: > When 'upgrading' using Rawhide, (instead of a fresh install), you might > notice ns-slapd / dirsrv fails to start.  Do this to work around it: > > #mkdir /dev/shm/slapd- > > #chown dirsrv:dirsrv /dev/shm/slapd- of .> > > #systemctl restart ipa Thanks for

[Freeipa-users] Re: IPA to IPA migration - lot more groups - why?

lejeczek via FreeIPA-users wrote: > On 02/02/2022 08:45, Florence Blanc-Renaud wrote: >> Hi, >> >> On Wed, Feb 2, 2022 at 7:31 AM lejeczek via FreeIPA-users >> wrote: >> >>     Hi guys. >> >>     I migrate: >>     -> $ ipa migrate-ds --bind-dn="cn=Directory Manager" >>     --user-container=cn=user

[Freeipa-users] Re: IPA to IPA migration - lot more groups - why?

On 02/02/2022 08:45, Florence Blanc-Renaud wrote: Hi, On Wed, Feb 2, 2022 at 7:31 AM lejeczek via FreeIPA-users wrote: Hi guys. I migrate: -> $ ipa migrate-ds --bind-dn="cn=Directory Manager" --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts

[Freeipa-users] Rawhide upgrade dirsrv startup failure workaround

When 'upgrading' using Rawhide, (instead of a fresh install), you might notice ns-slapd / dirsrv fails to start.  Do this to work around it: #mkdir /dev/shm/slapd- #chown dirsrv:dirsrv /dev/shm/slapd-of .> #systemctl restart ipa ___ FreeIPA-users m

[Freeipa-users] Short names in named dyndb module

I understand that short names in DNS are not what you need The DNS suffix is substituted on the client side from the resolv.conf, tcp\ip settings etc. But in my infrastructure there are some strings for short names and I would like the dns server to supply the suffix itself. There is no problem

[Freeipa-users] Re: IPA to IPA migration - lot more groups - why?

Hi, On Wed, Feb 2, 2022 at 7:31 AM lejeczek via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi guys. > > I migrate: > -> $ ipa migrate-ds --bind-dn="cn=Directory Manager" > --user-container=cn=users,cn=accounts > --group-container=cn=groups,cn=accounts > --group-objectclass=pos

[Freeipa-users] Re: AD groups detected only on one ipa server

Both IPA servers are configured as trust agents. For all the other groups everything works as expected, only for the newly defined group is not displayed on one if the IPA servers. Regards, iulian ___ FreeIPA-users mailing list -- freeipa-users@lists

[Freeipa-users] Re: Accidentally deleted NS record

Thanks for the answer! --force key helped! Feeling very stupid that I didn't see what he was. But I have a small excuse, there is not a word about it in the documentation https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/managing-dnsrecord-en