Re: [Freeipa-users] authentication with latest putty fails

On Fri, Jan 4, 2013 at 6:52 PM, Sumit Bose wrote: > About delegating credentials, you might need to set the ok_as_delegate > flag on the host/* service ticket. To do this you can call kadmin.local > on the IPA server and then use > > modprinc +ok_as_delegate host/test-server-ipa.realm@REALM > > t

Re: [Freeipa-users] authentication with latest putty fails

On Mon, Jan 07, 2013 at 09:15:41AM +0100, Han Boetes wrote: > On Fri, Jan 4, 2013 at 6:52 PM, Sumit Bose wrote: > > > About delegating credentials, you might need to set the ok_as_delegate > > flag on the host/* service ticket. To do this you can call kadmin.local > > on the IPA server and then u

Re: [Freeipa-users] authentication with latest putty fails

There was something going on with a firewall blocking something and that windows host didn't have a cert yet. But still: Using Kerberos authentication Using principal fh@REALM Got host ticket host/test-server-ipa.domain@REALM Using username "fh". Successful Kerberos connection Last login: Mon Jan

Re: [Freeipa-users] authentication with latest putty fails

On Mon, Jan 07, 2013 at 09:56:42AM +0100, Han Boetes wrote: > There was something going on with a firewall blocking something and that > windows host didn't have a cert yet. But still: > > Using Kerberos authentication > Using principal fh@REALM > Got host ticket host/test-server-ipa.domain@REALM

[Freeipa-users] ipa admin tool error "ipa: ERROR: Client is not configured. Run ipa-client-install."

hi, on a workstation *not* joined to the IPA domain but with the the ipa admin tools installed I get this error when trying to modify dns settings and I have a kerberos ticket of an admin user: $ kinit user.ad...@unix.domain.tld Password for user.ad...@unix.domain.tld $ klist Ticket cache: FILE:/

[Freeipa-users] problems with netgroups cached values

hi, in sssd.conf I have this regarding netgroup caching info: entry_cache_netgroup_timeout = 300 After the file was modified, the sssd daemon was reloaded. However, the values are still being cached for 90 minutes (default entry_cache_timeout value). Running sss_cache --netgroup does not help

Re: [Freeipa-users] ipa admin tool error "ipa: ERROR: Client is not configured. Run ipa-client-install."

On 01/07/2013 11:00 AM, Natxo Asenjo wrote: hi, on a workstation *not* joined to the IPA domain but with the the ipa admin tools installed I get this error when trying to modify dns settings and I have a kerberos ticket of an admin user: $ kinit user.ad...@unix.domain.tld Password for user.ad..

Re: [Freeipa-users] problems with netgroups cached values

On Mon, Jan 7, 2013 at 12:18 PM, Natxo Asenjo wrote: > How could I troubleshoot this? i have upped the debugging on sssd.conf debug_level = 9 en reloaded sssd. When I run # getent netgroup nagios nagios [root@ipaclient01 ~]# grep -i nagios /var/log/sssd/*.log /var/log/sssd/sssd_unix.domain.t

Re: [Freeipa-users] problems with netgroups cached values

On Mon, Jan 07, 2013 at 12:18:12PM +0100, Natxo Asenjo wrote: > hi, > > in sssd.conf I have this regarding netgroup caching info: > > entry_cache_netgroup_timeout = 300 > > After the file was modified, the sssd daemon was reloaded. > > However, the values are still being cached for 90 minutes (

Re: [Freeipa-users] problems with netgroups cached values

On Mon, Jan 7, 2013 at 1:07 PM, Jakub Hrozek wrote: > On Mon, Jan 07, 2013 at 12:18:12PM +0100, Natxo Asenjo wrote: >> hi, >> >> in sssd.conf I have this regarding netgroup caching info: >> >> entry_cache_netgroup_timeout = 300 >> >> After the file was modified, the sssd daemon was reloaded. >> >>

Re: [Freeipa-users] problems with netgroups cached values

On Mon, Jan 07, 2013 at 01:17:21PM +0100, Natxo Asenjo wrote: > On Mon, Jan 7, 2013 at 1:07 PM, Jakub Hrozek wrote: > > On Mon, Jan 07, 2013 at 12:18:12PM +0100, Natxo Asenjo wrote: > >> hi, > >> > >> in sssd.conf I have this regarding netgroup caching info: > >> > >> entry_cache_netgroup_timeout

Re: [Freeipa-users] problems with netgroups cached values

hi, On Mon, Jan 7, 2013 at 3:20 PM, Jakub Hrozek wrote: > On Mon, Jan 07, 2013 at 01:17:21PM +0100, Natxo Asenjo wrote: >> On Mon, Jan 7, 2013 at 1:07 PM, Jakub Hrozek wrote: >> > On Mon, Jan 07, 2013 at 12:18:12PM +0100, Natxo Asenjo wrote: >> > Which sssd version is this? >> >> 1.8.0, the cli

Re: [Freeipa-users] authentication with latest putty fails

I just had a long and fruitfull debugging session with Sumit and this is what we discovered. The default settings do run fine for linux machines but for windows hosts they do not suffice. Sumit is submitting bug reports and hopefully they will be applied to the next 2.2.x release. This problem doe

Re: [Freeipa-users] authentication with latest putty fails

On Mon, Jan 07, 2013 at 05:00:09PM +0100, Han Boetes wrote: > I just had a long and fruitfull debugging session with Sumit and this is > what we discovered. Thank you for your patience and help to debug this issue. > > The default settings do run fine for linux machines but for windows hosts > t

Re: [Freeipa-users] problems with netgroups cached values

On Mon, Jan 07, 2013 at 03:55:49PM +0100, Natxo Asenjo wrote: > hi, > > On Mon, Jan 7, 2013 at 3:20 PM, Jakub Hrozek wrote: > > On Mon, Jan 07, 2013 at 01:17:21PM +0100, Natxo Asenjo wrote: > >> On Mon, Jan 7, 2013 at 1:07 PM, Jakub Hrozek wrote: > >> > On Mon, Jan 07, 2013 at 12:18:12PM +0100,

Re: [Freeipa-users] problems with netgroups cached values

On Mon, Jan 7, 2013 at 8:20 PM, Jakub Hrozek wrote: > On Mon, Jan 07, 2013 at 03:55:49PM +0100, Natxo Asenjo wrote: >> hi, >> >> On Mon, Jan 7, 2013 at 3:20 PM, Jakub Hrozek wrote: >> > On Mon, Jan 07, 2013 at 01:17:21PM +0100, Natxo Asenjo wrote: >> >> On Mon, Jan 7, 2013 at 1:07 PM, Jakub Hroze