[Freeipa-users] Re: Plugin to add host to user view

On Срд, 25 кас 2023, Ales Rozmarin via FreeIPA-users wrote: Hi Alexander, I create objectClasses named 'testHost' which have attribute 'host'. As I mention up, I also test to create new attribute like this attributeTypes: ( 2.25.36.1.2.3.4.5.1 NAME 'customhost' DESC 'A hostname or ident

[Freeipa-users] Re: Plugin to add host to user view

Hi Rob, Yes, I did write a little bit unclear, sorry of that. What I meant with that, when I go to 'IPA Server' 'Configuration' I try to add or remove 'Default user objectclasses' I get an error displayed : 'invalid 'ipauserobjectclasses': user default attribute host would not be allowed!'

[Freeipa-users] Re: Plugin to add host to user view

Hi Alexander, I create objectClasses named 'testHost' which have attribute 'host'. As I mention up, I also test to create new attribute like this attributeTypes: ( 2.25.36.1.2.3.4.5.1 NAME 'customhost' DESC 'A hostname or identifier for a Custom host' EQUALITY caseIgnoreMatch

[Freeipa-users] Re: Plans for integrating DHCP

On 9/25/23 13:56, Charles Hedrick via FreeIPA-users wrote: We did most of this, and have been using it for a few years. However it depends upon the ISC DHCP server, which is now EOL. The replacement, KEA, does not support LDAP, and there are no plans for it to. I think the reason is that they

[Freeipa-users] Re: ipa CLI doesn't work due to revoked TGT following S4U2PROXY_NO_HEADER_PAC

On Срд, 25 кас 2023, Rob Crittenden wrote: Alexander Bokovoy via FreeIPA-users wrote: On Срд, 25 кас 2023, Kroon PC, Peter via FreeIPA-users wrote: Hi all, After upgrading to Rocky linux 9.2 I'm running into issues with my IPA server (4.10.1-9.el9_2). In particular, my IPA CLI seems FUBARred:

[Freeipa-users] Re: ipa CLI doesn't work due to revoked TGT following S4U2PROXY_NO_HEADER_PAC

Alexander Bokovoy via FreeIPA-users wrote: > On Срд, 25 кас 2023, Kroon PC, Peter via FreeIPA-users wrote: >> Hi all, >> >> After upgrading to Rocky linux 9.2 I'm running into issues with my IPA >> server (4.10.1-9.el9_2). In particular, my IPA CLI seems FUBARred: >> >> $ kinit admin >> Password fo

[Freeipa-users] Re: Plugin to add host to user view

On Срд, 25 кас 2023, Ales Rozmarin via FreeIPA-users wrote: Maybe I should add plugin. here is test.py from ipaserver.plugins.user import user from ipalib.parameters import Str from ipalib.text import _ from ipaserver.plugins.internal import i18n_messages user.takes_params += ( Str('host*',

[Freeipa-users] Re: ipa CLI doesn't work due to revoked TGT following S4U2PROXY_NO_HEADER_PAC

On Срд, 25 кас 2023, Kroon PC, Peter via FreeIPA-users wrote: Hi all, After upgrading to Rocky linux 9.2 I'm running into issues with my IPA server (4.10.1-9.el9_2). In particular, my IPA CLI seems FUBARred: $ kinit admin Password for ad...@example.com: $ ipa show-user admin ipa: ERROR: Insuffi

[Freeipa-users] Re: Installing FreeIPA server + replica using Ansible Role FreeIPA

Finn Fysj via FreeIPA-users wrote: >> Finn Fysj via FreeIPA-users wrote: >> >> If SSSD doesn't have the rules it can't grant access. >> >> >> You might try enabling replication debugging on your misbehaving server. >> It could tell you what is wrong. >> >> rob > > I tried to setup a another test I

[Freeipa-users] Re: Current best practice: Backup/Restore?

On 10/18/23 10:33, Christian Heimes wrote: On 18/10/2023 16.57, Harry G Coin wrote: On Tue, Oct 17, 2023 at 7:50 PM Christian Heimes via FreeIPA-users wrote: On 17/10/2023 19.32, Harry G Coin via FreeIPA-users wrote: 'security' and 'other' seemingly 'unrelated' 'upgrades' to

[Freeipa-users] Re: Installing FreeIPA server + replica using Ansible Role FreeIPA

Whenever I've been working with FreeIPA and sssd I've able to see something like: No HBAC rules find, denying access This is not the case here. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freei

[Freeipa-users] Re: Installing FreeIPA server + replica using Ansible Role FreeIPA

> Finn Fysj via FreeIPA-users wrote: > > If SSSD doesn't have the rules it can't grant access. > > > You might try enabling replication debugging on your misbehaving server. > It could tell you what is wrong. > > rob I tried to setup a another test IPA server just to verify. Here I created a

[Freeipa-users] Re: I need help with Replica installation.

For example, when my idm.lab.lab main free ipa server is active, when I ssh from ipa clients, the username and password screen comes very quickly and I can log in. However, when I disconnect my idm.lab.lab main free ipa server for testing, my replica free ipa server idm02.lab.lab automatically ac

[Freeipa-users] Re: User missing after a restore of full backup

Ok, I changed the values of "displayName" and "sn" of the affected user, to check if that is the issue, but it looks like it is not (I expected that, as the last year this recovery was successful). I did some additional tests: It looks like old values are saved eventhough they were deleted, I ch

[Freeipa-users] Re: Installing FreeIPA server + replica using Ansible Role FreeIPA

Finn Fysj via FreeIPA-users wrote: >> Finn Fysj via FreeIPA-users wrote: >> >> What's the use-case for this? >> >> I think this is likely because migration currently doesn't support >> user-private groups and a default IPA user doesn't have a memberof their >> private groups. >> >> migrate-ds was d

[Freeipa-users] Re: I need help with Replica installation.

Alper AYKUT via FreeIPA-users wrote: > I disconnected the main server to do a test. The replica server comes up > automatically but it is very slow. What could be the reason for this, > what could I be missing? What exactly does slow mean? rob > > Alper AYKUT mailto:alperayku...@gmail.com>>, 2

[Freeipa-users] Re: Installing FreeIPA server + replica using Ansible Role FreeIPA

> Finn Fysj via FreeIPA-users wrote: > > What's the use-case for this? > > I think this is likely because migration currently doesn't support > user-private groups and a default IPA user doesn't have a memberof their > private groups. > > migrate-ds was designed to migrate users who used only LD

[Freeipa-users] Re: I need help with Replica installation.

I disconnected the main server to do a test. The replica server comes up automatically but it is very slow. What could be the reason for this, what could I be missing? Alper AYKUT , 25 Eki 2023 Çar, 15:33 tarihinde şunu yazdı: > this command shows the ip address of both my main server and my repl

[Freeipa-users] ipa CLI doesn't work due to revoked TGT following S4U2PROXY_NO_HEADER_PAC

Hi all, After upgrading to Rocky linux 9.2 I'm running into issues with my IPA server (4.10.1-9.el9_2). In particular, my IPA CLI seems FUBARred: $ kinit admin Password for ad...@example.com: $ ipa show-user admin ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error: No cred

[Freeipa-users] Re: Plugin to add host to user view

Ales Rozmarin via FreeIPA-users wrote: > Hi guys, > > I tried to write my firs plugin to add attribute host to be displayed in web > UI at at user. > > Plugin work ok host is displayed but I'm getting error when I try to add > object class to Default user. I don't understand this part of yo

[Freeipa-users] Re: I need help with Replica installation.

this command shows the ip address of both my main server and my replica server. dig +short *server.idm.example.com * A dig +short -x *192.0.2.1 But this command only shows the name of my main free ipa server. On my replica server it returns blank and says nothing. I

[Freeipa-users] Re: I need help with Replica installation.

Hi, On Wed, Oct 25, 2023 at 12:31 PM Alper AYKUT via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello, I have a free ipa server with dns and ca integrated that is > currently running. Now I want to set up a replica server but I can't figure > out some parts. It gives an error

[Freeipa-users] How can I create a custom .basrhc user and have it added automatically?

When I create a user, how can I ensure that the .basrhc user that I have specially set when I create a user is created in the home directory or copied to the home directory of the .basrhc user that I have prepared. Thankyou. ___ FreeIPA-users mailing lis

[Freeipa-users] I need help with Replica installation.

Hello, I have a free ipa server with dns and ca integrated that is currently running. Now I want to set up a replica server but I can't figure out some parts. It gives an error when I want to set it up with the following steps. How can I overcome this problem? ipa-replica-install --setup-dns --set