Hi Jakub,
I understand that cache_first=true is set in the [nss] section of
/etc/sssd/sssd.conf but what about the negative cache setting you are
referring to ? Could you please give an example ?
Looking at https://jhrozek.fedorapeople.org/sssd/1.16.2/man/sssd.conf.5.html
, there's a few settings
Thanks Alexander that was it.
On Wed, Feb 14, 2018 at 6:06 AM, Alexander Bokovoy
wrote:
> On ke, 14 helmi 2018, Alexandre Pitre via FreeIPA-users wrote:
>
>> Earlier this week, users reported they could no longer ssh to freeipa
>> joined servers using their AD login. After s
Earlier this week, users reported they could no longer ssh to freeipa
joined servers using their AD login. After some inverstigation, it was
discovered if krb5_validate was set to false in the sssd.conf, AD ssh login
would start working again.
One of our IPA server is showing these errors in /var/
Crittenden
wrote:
> Alexandre Pitre via FreeIPA-users wrote:
> > Hi,
> >
> > I recently deployed a new FreeIPA domain running on CentOS 7.4 and
> > FreeIPA 4.5
> >
> > The installation went without hiccups but the WebUI isn't working as
> > expe
SELinux is disabled in our CentOS template. Good hypothesis tho.
On Jan 18, 2018 01:36, "Tony Brian Albers via FreeIPA-users" <
freeipa-users@lists.fedorahosted.org> wrote:
> On 01/18/2018 02:24 AM, Alexandre Pitre via FreeIPA-users wrote:
> > Hi,
> >
> > I r
Hi,
I recently deployed a new FreeIPA domain running on CentOS 7.4 and FreeIPA
4.5
The installation went without hiccups but the WebUI isn't working as
expected. Logging in with admin failed with this error:
Login failed due to an unknow reason.
I've seen this issue with every FreeIPA 4.5 repli
e
Is this a good practice ?
Thanks,
Alex
On Tue, Dec 19, 2017 at 5:13 AM, Jakub Hrozek via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> On Mon, Dec 18, 2017 at 06:59:25PM -0500, Alexandre Pitre via
> FreeIPA-users wrote:
> > Hi,
> >
> > While troubles
Hi,
While troubleshooting "slow login" with ipa users we discovered that adding
these two lines to our clients sssd.conf file fixed our issue for ipa users.
ldap_search_base = cn=accounts,dc=ipa,dc=domain,dc=com
ldap_user_search_base = cn=users,cn=accounts,dc=ipa,dc=domain,dc=com
On the freeipa
anges the data generation and other replicas have
> to be reinitialized for replication to work again
>
> Ludwig
>
> On 11/28/2017 04:37 AM, Alexandre Pitre via FreeIPA-users wrote:
>
> I managed to remove the replication conflicts but the orignal issue
> persist. I found a
t Bose via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> On Fri, Nov 24, 2017 at 07:04:10PM -0500, Alexandre Pitre via
> FreeIPA-users wrote:
> > Hi,
> >
> > I had two freeipa replica servers up and running in our german DC for
> > nearly 2 months and this morning
Hi,
I had two freeipa replica servers up and running in our german DC for
nearly 2 months and this morning out of the blue they stopped working.
Looking at ipactl status, both servers are reporting that their directory
service is stopped. Trying to restart ipa only works from 2 minutes to an
hour
Would you look at that! Problem solved.Thanks.
On Tue, Oct 24, 2017 at 12:08 PM, Rob Crittenden
wrote:
> Alexandre Pitre via FreeIPA-users wrote:
> > Hi,
> >
> > I noticed that on FreeIPA 4.5.0 on CentOS I can't specify multiple
> > groups with the sudorule-a
Hi,
I noticed that on FreeIPA 4.5.0 on CentOS I can't specify multiple groups
with the sudorule-add-user command.
Example:
ipa sudorule-add-user sudorule --groups=group1,group2
Failed users/groups:
member user:
member group: group1,group2
-
Number of members add
could specify my AD.COM realm in
/etc/krb5.conf with my local site AD DC ?
Big thanks to you and Jakub, my employer and I are very glad that this
issue is finally resolved =)
On Tue, Aug 15, 2017 at 3:45 AM, Alexander Bokovoy
wrote:
> On ma, 14 elo 2017, Alexandre Pitre via FreeIPA-users wrote:
Although, the explanation from Alexander Bokovoy made perfect sense, I'm
still facing the issue after I re-established the AD trust successfully:
(Tue Aug 15 02:23:40 2017) [sssd[be[domain.ad.com]]] [sdap_cli_auth_step]
(0x1000): the connection will expire at 1502764720
(Tue Aug 15 02:23:40 2017)
t; On 7 Aug 2017, at 20:02, Alexandre Pitre via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
> The client is in the IPA domain. Although it's sub-domain of ad.com, I
> did delegate it and configure the IPA servers as name servers. It uses a
> differ
ode may provide more information (Server krbtgt/ad@ipa.ad.com not
> found in Kerberos database)]
>
> Is your client hostname in the AD domain (centos.domain.ad.com) or in the
> IPA domain (ipa.ad.com) ?
>
> Thanks,
> Alex
>
>
>
>
>
>
>
>
> On
ooks healthy.AD trust agent/controller server role are
installed on both.
ipa trustdomain-find ad.com does return all of my AD domains on both IPA
servers.
Thanks,
Alex
On Sun, Aug 6, 2017 at 11:07 AM, Jakub Hrozek wrote:
>
> On 4 Aug 2017, at 23:08, Alexandre Pitre via FreeIPA-us
Turns out, I'm still getting the same problem. It works right away after I
force clean the sssd cache: systemctl stop sssd ; rm -f /var/lib/sss/db/*
/var/log/sssd/* ; systemctl start sssd
After some time, trying to log back on the same system I see the login
prompt is much quicker when I type adu.
I'm unable to rejoin a CentOS client to my FreeIPA realm. I ran the
uninstall command on my client: ipa-client-install --uninstall
As far as I know the uninstall was successful. It asked me to reboot. After
rebooting if I try to rerun the install command:
ipa-client-install -U -p admin -w P@ssw0r
believe that's all I need.
Thanks,
Alex
On Jul 27, 2017 04:08, "Jakub Hrozek via FreeIPA-users" <
freeipa-users@lists.fedorahosted.org> wrote:
> On Thu, Jul 27, 2017 at 02:34:06AM -0400, Alexandre Pitre via
> FreeIPA-users wrote:
> > I uploaded krb5_child.log and ld
I’ve been struggling to get SSH to work with an AD user for over 3 weeks
now. I've scraped the bowels of the internet for answers, still no dice.
The issue is pretty simple in itself, I can’t SSH to a freeipa joined
Centos client 7.3 with an AD user. However, kinit with any AD users as well
as su
22 matches
Mail list logo