[Freeipa-users] Very Odd Fedora 21 Auth Issue (Server: IPA 4.1.0)

Hi, This is one odd issue?! Red Hat Enterprise Linux 7.1 #Server Side Red Hat Enterprise Linux Server release 7.1 (Maipo) ipa-server-4.1.0-18.el7_1.3.x86_64 #Client side Fedora release 21 (Twenty One) * freeipa-client-4.1.4-1.fc21.x86_64 * sssd-client-1.12.4-3.fc21.x86_64 Issue: User cannot l

Re: [Freeipa-users] Very Odd Fedora 21 Auth Issue (Server: IPA 4.1.0)

On Tue, Jun 23, 2015 at 05:24:32PM +1000, craig.red...@shakenautomotive.com.au wrote: > Hi, > This is one odd issue?! > > Red Hat Enterprise Linux 7.1 > > #Server Side > Red Hat Enterprise Linux Server release 7.1 (Maipo) > ipa-server-4.1.0-18.el7_1.3.x86_64 > > #Client side > Fedora release 2

Re: [Freeipa-users] invalid 'permission': cannot add permission "System: Read HBAC Rules" with bindtype "all" to a privilege

On 06/22/2015 10:09 PM, Rob Crittenden wrote: Nathan Peters wrote: -Original Message- From: Rob Crittenden Sent: Saturday, June 20, 2015 1:17 PM To: Nathan Peters Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] invalid 'permission': cannot add permission "System: Read HBAC Ru

Re: [Freeipa-users] Antwort: Re: Antwort: clean-run doesn't work

Hi Alexander, This is mainly replication logging. Having many instances will increase the amount of logging especially if you have updates. To create duplicate you are doing ADD in parallele of the same dn on differents servers. Do you what creates this ADD load ? Can you see MODs/DELs ? than

Re: [Freeipa-users] Antwort: Re: Antwort: clean-run doesn't work

Unfortunately I can't really say what exactly it was - all of this dups already gone by almost every IPA replica's re-initializing. But it definitely was related to heavy load due to debug mode. The system itself was working as usual - a lot of this domain enrolled servers served users logins a

[Freeipa-users] search filter with non-existent attribute

hi, This works: $ ldapsearch -LLL -x -b cn=users,cn=accounts,dc=cxn "(|(mail=admin*)(uid=admin))" uid dn: uid=admin,cn=users,cn=accounts,dc=cxn uid: admin This not: $ ldapsearch -LLL -x -b cn=users,cn=accounts,dc=cxn "(|(aaa=admin*)(uid=admin))" uid $ If there is search filter with non-

Re: [Freeipa-users] search filter with non-existent attribute

On 23.6.2015 15:41, Tamas Papp wrote: > hi, > > This works: > > $ ldapsearch -LLL -x -b cn=users,cn=accounts,dc=cxn > "(|(mail=admin*)(uid=admin))" uid > dn: uid=admin,cn=users,cn=accounts,dc=cxn > uid: admin > > > This not: > > $ ldapsearch -LLL -x -b cn=users,cn=accounts,dc=cxn > "(|(aaa=adm

[Freeipa-users] Announcing bind-dyndb-ldap version 8.0

The FreeIPA team is proud to announce bind-dyndb-ldap version 8.0. It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/ The new version has also been built for Fedora 23+ (rawhide). This version is also available from FreeIPA 4.2 COPR repo: https://copr.fedoraproject.org/

[Freeipa-users] ruv issue?

So I have 3 servers, spider01a, spider01b, and spider01o [root@spider01a]$ ipa-replica-manage list-ruv Directory Manager password: spider01a.iglass.net:389: 12 spider01o.iglass.net:389: 13 spider01b.iglass.net:389: 7 spider01a.iglass.net:389: 5 [root@spider01b]$ ipa-replica-manage list-ruv Direc

Re: [Freeipa-users] ruv issue?

On 06/23/2015 01:44 PM, Marc Wiatrowski wrote: So I have 3 servers, spider01a, spider01b, and spider01o [root@spider01a]$ ipa-replica-manage list-ruv Directory Manager password: spider01a.iglass.net:389 : 12 spider01o.iglass.net:389

Re: [Freeipa-users] Question for AD trust and Webservices

On 06/17/2015 09:56 AM, Alexander Bokovoy wrote: On Wed, 17 Jun 2015, Henry Hofmann wrote: Ok, how can I configure the map of source attributes (mail or any other) to compat tree? Go back in archives in this list and read discussions about "Single mail deployment in an FreeIPA-WindowsAD scenari

Re: [Freeipa-users] Question for AD trust and Webservices

On Tue, 23 Jun 2015, Dmitri Pal wrote: On 06/17/2015 09:56 AM, Alexander Bokovoy wrote: On Wed, 17 Jun 2015, Henry Hofmann wrote: Ok, how can I configure the map of source attributes (mail or any other) to compat tree? Go back in archives in this list and read discussions about "Single mail de

Re: [Freeipa-users] Crazy Cert problem?

On 6/22/15 7:37 AM, Rob Crittenden wrote: Janelle wrote: On 6/17/15 2:00 PM, Rob Crittenden wrote: Janelle wrote: On 6/17/15 6:21 AM, Rob Crittenden wrote: Janelle wrote: On 6/17/15 6:14 AM, Rob Crittenden wrote: Janelle wrote: Hi, Had a server - named ipa001.example.com -- it was a repli

[Freeipa-users] Integrating samba 4 to AD for authentication with an IPA enabled client.

Hi, Is this possible?I am trying to find some docs to do this but they point at sssd and/or kerberos. But looking at RHEL7.1 / samba 4 it looks to me that with an IPA enabled client sssd, kerberos and ldap files/configuration are committed to IPA's use so cannot be altered? regards Stev

Re: [Freeipa-users] Migrate from 3.0 (CentOS 6.6) to 4.1 (CentOS 7.1)

Anyone some suggestions about this ? I'm thinking about adding from my second 3.x master where I first need to split that cluster to make that happen. 2015-06-22 22:57 GMT+02:00 Matt . : > OK, > > I'm on the go here but I have some issue. > > When I install the replica server I get this error o

[Freeipa-users] sudo (sssd) hangs due to ipa install/uninstall scripts

Version: idm 4.x on rhel 7.1 Yet again, I've discovered a problem with residual state left behind by ipa client install and uninstall scripts. I was having some trouble with autofs+sssd leading to users not being mapped correctly (got nobody users for everything). So I tried theipa-client-automoun