Just refreshing this to see if anyone maybe had some input.
Thanks!
—
Bob Jones
Lead Linux Services Engineer
ITS ECP - Linux Services
> On Jan 21, 2021, at 8:08 AM, Jones, Bob (rwj5d) via FreeIPA-users
> wrote:
>
> Hello all,
>
> We currently have Red Hat IDM implemented o
Hello all,
We currently have Red Hat IDM implemented on our campus local network. It has
a one-way trust with our Active Directory and all of our Linux systems that
live in our network use IDM for auth/authz. We are looking to start deploying
our linux images into AWS and want to use our Red
We implemented Red Hat IDM with completely external DNS. You just need to make
sure the correct DNS entries are in place and everything works fine.
—
Bob Jones
Lead Linux Services Engineer
ITS ECP - Linux Services
> On Jan 16, 2020, at 10:03 AM, Daniel PC via FreeIPA-users
> wrote:
>
> Hi,
Please note that SSSD will try to read the rootDSE of the AD LDAP
> service without any authenticate or encryption. Not sure if this might
> cause any log messages on the AD side as well.
>
> bye,
> Sumit
>
>>>>
>>>> —
>>>> Bob Jones
>&g
Okay, I’ve narrowed it down to the sssd_be process that has a standard ldap
connection to the AD servers (at least according to lsof -i).
—
Bob Jones
Lead Linux Services Engineer
ITS ECP - Linux Services
> On Dec 17, 2019, at 4:49 PM, Jones, Bob (rwj5d) via FreeIPA-users
> wrote:
>
ote:
>
> On Tue, 2019-12-17 at 20:09 +0000, Jones, Bob (rwj5d) via FreeIPA-users
> wrote:
>> Hello all,
>>
>> Our Active Directory team is working on a project to get rid of all
>> insecure LDAP communications to Active Directory, and it seems our
>> FreeIPA s
Hello all,
Our Active Directory team is working on a project to get rid of all insecure
LDAP communications to Active Directory, and it seems our FreeIPA servers are
doing just that. I did a quick search and didn’t find anything definitive.
How do I go about ensuring that LDAP queries from my
nes, Bob (rwj5d) via FreeIPA-users
> wrote:
>
> Hello all,
>
> We have been in the process of migrating our RHEL/CentOS 7 systems into using
> IPA. One problem we are encountering is with usage of cron (and specifically
> crontab to edit/list users cron entries). We hav
Hello all,
We have been in the process of migrating our RHEL/CentOS 7 systems into using
IPA. One problem we are encountering is with usage of cron (and specifically
crontab to edit/list users cron entries). We have HBAC enabled, and have crond
as allowed in the list of services users can acc
Hello all,
In our Nagios system we have some checks that require the nrpe user to use sudo
in order to elevate privileges. This works fine on our IPA clients but not on
our IPA servers. It appears that on the IPA servers it tries to find the nrpe
user as n...@lids.virginia.edu, which does not
Thank you for the help Flo. Doing the ipa-csreplica-manage re-initialize
corrected the issue I was seeing.
Sincerely,
—
Bob Jones
Lead Linux Services Engineer
ITS ECP - Linux Services
> On Nov 20, 2019, at 6:54 AM, Florence Blanc-Renaud wrote:
>
> On 11/19/19 10:04 PM, Jones, B
Hello,
We have a 3 node multi-master IPA setup. These are running on Red Hat
Enterprise Linux Server release 7.7 (Maipo) and all are version:
Name: ipa-server
Arch: x86_64
Version : 4.6.5
Release : 11.el7_7.3
Starting yesterday, we are getting the following messages app
Jones
Lead Linux Services Engineer
ITS ECP - Linux Services
> On Nov 11, 2019, at 10:00 AM, Alex Corcoles via FreeIPA-users
> wrote:
>
> On Mon, Nov 11, 2019 at 3:48 PM Rob Crittenden wrote:
> Jones, Bob (rwj5d) via FreeIPA-users wrote:
> > If you’re making these sort
On Nov 10, 2019, at 7:30 PM, Rob Crittenden via FreeIPA-users
wrote:
>
> You can probably get away with running it once a day. With the exception
> of the replication checks these aren't all that dynamic. You would catch
> things like permission and FS space issues earlier I suppose.
>
> I'll m
One thing to check which was our problem when we first implemented this is that
every user must have a gidNumber assigned and that gidNumber has to be assigned
to a group existing in AD (might work if the group is just in IPA, never tested
that). Also, all of the groups that a user is a member
Hello all,
Florence has graciously helped me determine the underlying problem for issue 2
which I also believe is part of the problem with issue 1 as well. Has anyone
experienced or have any idea about issue 3? I have to believe there is some
difference in how sssd 1.13.3 and ipa 3.0.0 is han
AM, Florence Blanc-Renaud wrote:
>
> On 9/26/19 3:44 PM, Jones, Bob (rwj5d) via FreeIPA-users wrote:
>> Thank you for the answer. My guess was it had something to do with the
>> negative cache, but wasn’t sure. Unfortunately I’m not authorized to access
>> bug #1717008
Thank you for the answer. My guess was it had something to do with the
negative cache, but wasn’t sure. Unfortunately I’m not authorized to access
bug #1717008 so cannot view the details in order to potentially confirm this is
my issue. Are there any log messages I should be looking for in or
18 matches
Mail list logo
