[Freeipa-users] Re: Fedora 40: new warning in ipa-healthckeck

Cross-posting this on the 389-users list. rob Jochen Kellner via FreeIPA-users wrote: > > Hi, > > I've upgraded my freeipa server to Fedora 40 (the system was installed > several releases ago). After the upgrade I get the following new warning > from ipa-healthcheck: > > { > "source":

[Freeipa-users] Fedora 40: new warning in ipa-healthckeck

Hi, I've upgraded my freeipa server to Fedora 40 (the system was installed several releases ago). After the upgrade I get the following new warning from ipa-healthcheck: { "source": "ipahealthcheck.ds.backends", "check": "BackendsCheck", "result": "WARNING", "uuid":

[Freeipa-users] Re: IPA replica cannot lookup AD trust users (worked before)

Thanks much. dnssec-validation was set to yes on the replica. No idea how that happened. Works now. Something else and not related I wondered about, is why some clients point to a certain server (in my case the failing server). This is seen with `sssctl domain-status ` under "Active servers".

[Freeipa-users] Re: IPA replica cannot lookup AD trust users (worked before)

On Пят, 26 кра 2024, slek kus via FreeIPA-users wrote: Hi Alexander, according to /etc/resolv.conf it is integrated and points to localhost, but nmcli says DNS is set to idm01. A bit strange, since resolv.conf is generated by networkmanager. [root@idm02 ~]# nmcli dev show | grep DNS

[Freeipa-users] Re: IPA replica cannot lookup AD trust users (worked before)

Hi Alexander, according to /etc/resolv.conf it is integrated and points to localhost, but nmcli says DNS is set to idm01. A bit strange, since resolv.conf is generated by networkmanager. [root@idm02 ~]# nmcli dev show | grep DNS IP4.DNS[1]: 172.16.27.10 <

[Freeipa-users] Re: Password expired is not requested with Ubuntu clients

Sorry for this later response. Problem is solved. The problem was in the common-auth file, in the line referring to pam_sss.so that was missing the option 'use_first_pass'. Many thanks to all for your help Regards, C. L. Martinez -Original Message- From: Sumit Bose Sent: Friday,

[Freeipa-users] Re: IPA replica cannot lookup AD trust users (worked before)

On Пят, 26 кра 2024, slek kus via FreeIPA-users wrote: Hi Sumit, that does not return anything good on the replica. See below. On the main IPA node node: [alma@idm01 ~]$ host -t SRV _ldap._tcp.redacted.domain _ldap._tcp.redacted.domain has SRV record 0 100 389 dc01.redacted.domain.

[Freeipa-users] Re: IPA replica cannot lookup AD trust users (worked before)

Hi Sumit, that does not return anything good on the replica. See below. On the main IPA node node: [alma@idm01 ~]$ host -t SRV _ldap._tcp.redacted.domain _ldap._tcp.redacted.domain has SRV record 0 100 389 dc01.redacted.domain. _ldap._tcp.redacted.domain has SRV record 0 100 389