Hi Florence.
As far as I understand, it's all because the keytab file become bad in some
time.
1. Why it's so?
2. I know how to fix file manually, but how can I check it in script "if file
become bad"?
--
___
FreeIPA-users mailing list -- freeipa-users
all hosts already enrolled with --enable-dns-updates option but it still
doesn't work
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Cond
Hello.
How can I update clients dns records automatically, without setup of DHCP
server?
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of C
If I will change line in sssd.conf file to "ipa_server = ipa_server = _srv_,
ipa.dom.loc" on existent enrolled clients. Will they work fine with failover?
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an e
My enroll command:
sudo ipa-client-install --fixed-primary --enable-dns-updates --server
ipa.dom.loc --domain dom.loc --mkhomedir --force-join -p admin -w password -U
client sssd.conf:
[domain/dom.loc]
id_provider = ipa
ipa_server = ipa. dom.loc
ipa_domain = dom.loc
ipa_hostname = deskto
Hello.
just installed replica (ipa2.dom.loc), it seems works fine.
But how enrolled clients will know about this replica, if primary server will
be down?
And how to make ipa2.dom.loc to work as primary server?
--
___
FreeIPA-users mailing list -- freeip
Hello.
Centos 9 client
Trying get new keytab from ipa (ubuntu), by this command (after kinit):
ipa-getkeytab -s ipa.dom.loc -p host/clienthost.l3874.ru -k /etc/krb5.keytab
Failed to get key table file
"update-crypto-policies --set DEFAULT:AD-SUPPORT-LEGACY" doesn't help
On ubuntu clients " ipa-g
it seems works fine now.
Thanks for helping Florence
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.o
probably it's because more high encrypt level in Centos. How to make it lower?
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
ht
It's 4.3.1 and it's last version after ipa-server-upgrade.
Also, there is no error in few other OSs like ubuntu 22.04, or some other
redhat based OSs.
They enrolled successfully.
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
T
and tell me please, how to install ipa-client from git (step by step
instructions will be better)?
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora
here is new log with admin principal:
https://pastebin.com/UnETWizc
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.
all ports available, selinux and firewalld disabled, iptables is empty.
ipaclient-install.log:
https://pastebin.com/nM0xkL16
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lis
Centos 9 ipa-client install error:
Failed to obtain host TGT: Major (458752): No credentials were supplied, or the
credentials were unavailable or inaccessible, Minor (2529639122):
Pre-authentication failed: No key table entry found for
host/ipaclient.dom@dom.loc
did I do everything right?
in journalctl -xe seems like same logs:
11:12:03 desktop22043.dom.loc kernel: audit: type=1400
audit(1705561923.050:266): apparmor="ALLOWED" operation="open" class="file"
profile="/usr/sbin/sssd" name="/proc/4471/cmdline" pid=813 comm="sssd_nss"
requested_mask="r" de
https://youtu.be/-LlK_x4WaPI?si=3giEsGIxQVgoeEXD
Created file on client ubuntu machine. But it still doesn't work.
Also, it seems code tegs in this "Howto/FreeIPA and PolicyKit" page doesn't
quite correct.
--
___
FreeIPA-users mailing list -- freeipa-use
sssd_dom.loc.log
https://codeshare.io/qP8rYx
sssd_pam.log
https://codeshare.io/eVgexb
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Cond
HBAC allow_all enabled. I think everything default, only sudo rule from video.
I did debug level 3...
sssd_dom.loc.log:
(2024-01-10 16:14:08): [be[dom.loc]] [sdap_dyndns_dns_addrs_done] (0x0040):
[RID#62] Could not receive list of current addresses [5]: Input/output error
(2024-01-10 16:14:08)
https://youtu.be/kwQrBfuzEcg?si=aLOfs5j3xXYoiWjL
"desktop" user is freeipa user, and local sudo admin through sudo rule.
"user special" is a local user, and local sudo admin.
---
sssd.log:
(2024-01-09 14:27:28): [sssd] [server_setup] (0x1f7c0): Starting with debug
level = 0x0
Hello.
The FreeIpa user has sudo rights on a Ubuntu 2204 desktop machine that is in
the FreeIpa Linux domain. It can do sudo su, sudo apt install…
But when starting some services and basic installation of applications from the
market (in general, when it comes to gui admin rights), it asks the
20 matches
Mail list logo