Hi @all,
I´ve encountered a strange "error". I´ve created a user with a generated UID
from the predefined range. After creation I´ve had to manipulate the UID to fit
an old NIS configuration and set the UID to the old NIS value. FreeIPA shows
the correct UID as well as ldapsearch. But if I logo
Markus
Have you checked both the cn=accounts and cn=compat trees?. Users and
groups are stored in both, and both would need manipulation...
Ciao
Chris
From:
To:
Date: 04.08.2015 11:14
Subject:[Freeipa-users] FreeIPA user ID differs
Sent by:freeipa-users-boun...@redh
Hi folks,
Struggling with creating a sudo rule in IPA that will allow my
foreman-proxy to run specific commands. When I put the following into
/etc/sudoers.d/foreman:
[root@puppet01 ~]# cat /etc/sudoers.d/foreman
foreman-proxy ALL = NOPASSWD: /usr/bin/puppet cert *, /usr/bin/puppet
kick *
Defa
Information:
IPA server and client both running on RHEL 6.7 fully patched.
IPA server version: ipa-server-3.0.0-47.el6.x86_64
sssd client version: sssd-1.12.4-47.el6.x86_64
IPA server hosts dozens of sudo rules that work as expected. This is
the first rule, however, that needs the !requiretty
Hi Chris,
Thanks for the heads up, indeed local is 4 I see now when I add a
group from the GUI, great thanks!
But do you use Directory Manager as ldap admin user or some other
admin account ?
I'm not sure id DM is needed and it should get that deep into IPA.
Also when starting samba it cannot fi
More information:
[root@puppet01 ~]# cat /etc/sssd/sssd.conf
[domain/example.com]
cache_credentials = True
krb5_realm = EXAMPLE.COM
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = puppet01.example.com
chpass_provider = ipa
ipa_server = ipa01.e
Hi Matt
>From our smb.conf file:
[global]
security = user
passdb backend = ldapsam:ldap://xxx-ldap2.my.silly.example.com
ldap suffix = dc=my,dc=silly,dc=example,dc=com
ldap admin dn = cn=Directory Manager
So yes, we use Directory Manager, it works for us. I have not tried with a
less
On Tue, Aug 04, 2015 at 10:57:34AM +0100, Innes, Duncan wrote:
> Hi folks,
>
> Struggling with creating a sudo rule in IPA that will allow my
> foreman-proxy to run specific commands. When I put the following into
> /etc/sudoers.d/foreman:
>
> [root@puppet01 ~]# cat /etc/sudoers.d/foreman
> fo
Does anyone know how could I check if client enrolled or not?
trying to automate enrollment process by using generic tool since I am
using Ubuntu, only ipa-client-install available.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-us
Hi Chris,
A puppet run added another passdb backend, that was causing my issue.
What I still experience is:
[2015/08/04 15:29:45.477783, 3]
../source3/auth/check_samsec.c:399(check_sam_security)
check_sam_security: Couldn't find user 'username' in passdb.
[2015/08/04 15:29:45.478026, 2]
../
I too have seen this same unique "bug". My guess is, you have
compatibility mode enabled AND you used the GUI to manipulate the group
memberships. I have found this to be buggy. Using CLI based commands
did not have the same results. However, once the 2 trees - "cn=accounts"
and "cn=compat" a
Hello,
Well, I am more used to working with openssl directly, so I am a little
confused when using FreeIPA and certmonger. I assume that when a
certificate is in this state:
status: NEWLY_ADDED_NEED_KEYINFO_READ_PIN
stuck: yes
That it needs to be approved, but I am not sure where th
Trying to figure this out:
ipa host-add haproxy.example.com
ipa service-add HTTP/haproxy.example@example.com
ipa service-add LDAP/haproxy.example@example.com
ipa-getcert request -d /tmp -n haproxy-cert -K LDAP/haproxy.example.com
-N 'CN=haproxy.example.com,O=EXAMPLE.COM"
^ this is
Hey folks,
I have been using the following to adjust the Password Expiration of
accounts in IdM/IPA:
echo "$ADMIN_PASS" | kinit admin
echo -e "dn:
uid=rheluseri,cn=users,cn=accounts,dc=example,dc=com\nchangetype: modify
\nreplace: krbPasswordExpiration\nkrbPasswordExpiration: 20300
Hello again,
Just to keep your Tuesday fun, is this possible:
16 servers.
ipa-replica-manage list < shows all 16
1 of the servers broke a couple of weeks ago and was removed with
"clean-ruv" but STILL shows up in the replica list, but not a single
master has a replica agreement with it,
Janelle wrote:
Hello again,
Just to keep your Tuesday fun, is this possible:
16 servers.
ipa-replica-manage list < shows all 16
1 of the servers broke a couple of weeks ago and was removed with
"clean-ruv" but STILL shows up in the replica list, but not a single
master has a replica agree
Hi Matt
I assume [username] is a real username, identical to that in the FreeIPA
cn=accounts, cn=users tree? (i.e. you anonymised the log extract).
You user should be a member of the appropriate samba groups that you setup
in FreeIPA.
You should check that the user attribute SambaPwdLastSet is s
Hi,
Yes, log is anonymised.
It's strange, my user doesn't have a SambaPwdLastSet, also when I
change it's password it doesn't get it in ldap.
There must be something going wrong I guess.
Matt
2015-08-04 17:45 GMT+02:00 Christopher Lamb :
> Hi Matt
>
> I assume [username] is a real username, id
On 08/04/2015 05:40 PM, Rob Crittenden wrote:
Janelle wrote:
Hello again,
Just to keep your Tuesday fun, is this possible:
16 servers.
ipa-replica-manage list < shows all 16
1 of the servers broke a couple of weeks ago and was removed with
"clean-ruv" but STILL shows up in the replica l
On 8/4/15 9:06 AM, Ludwig Krispenz wrote:
On 08/04/2015 05:40 PM, Rob Crittenden wrote:
Janelle wrote:
Hello again,
Just to keep your Tuesday fun, is this possible:
16 servers.
ipa-replica-manage list < shows all 16
1 of the servers broke a couple of weeks ago and was removed with
"c
Janelle wrote:
On 8/4/15 9:06 AM, Ludwig Krispenz wrote:
On 08/04/2015 05:40 PM, Rob Crittenden wrote:
Janelle wrote:
Hello again,
Just to keep your Tuesday fun, is this possible:
16 servers.
ipa-replica-manage list < shows all 16
1 of the servers broke a couple of weeks ago and was
Hi there,
I have difficulties to follow you at this point :)
Here is what I've done and what I've understood:
## SMB Side
- Testparm OK
- I've got the same NT_STATUS_NO_SUCH_USER when I try to connect.
- pdbedit -Lv output is all successfull but I can see there is a filter :
(&(uid=*)(objectclass
Hi
On 08/04/2015 06:14 PM, Janelle wrote:
On 8/4/15 9:06 AM, Ludwig Krispenz wrote:
On 08/04/2015 05:40 PM, Rob Crittenden wrote:
Janelle wrote:
Hello again,
Just to keep your Tuesday fun, is this possible:
16 servers.
ipa-replica-manage list < shows all 16
1 of the servers broke a
On Tue, Aug 04, 2015 at 07:29:13AM -0700, Janelle wrote:
> Hello,
>
> Well, I am more used to working with openssl directly, so I am a little
> confused when using FreeIPA and certmonger. I assume that when a
> certificate is in this state:
>
> status: NEWLY_ADDED_NEED_KEYINFO_READ_PIN
>
On Wed, Jul 22, 2015 at 01:36:27PM -0400, Carlos Raúl Laguna wrote:
>
> i am using fedora 22 server with copr repos enabled for freeipa 4.2,
> according with the documentation i execute sudo dnf install -y
> "*ipa-server" "*ipa-server-trust-ad" bind bind-dyndb-ldap however the
> following error o
Hi Matt, Youeen
Just to set the background properly, I did not invent this process. I know
only a little about FreeIPA, and almost nothing about Samba, but I guess I
was lucky enough to get the integration working on a Sunday afternoon. (I
did have an older FreeIPA 3.x / Samba 3.x installation as
Hi Chris,
I'm at the right path, but my issue is that:
ldapmodify -Y GSSAPI <:
> Hi Matt, Youeen
>
> Just to set the background properly, I did not invent this process. I know
> only a little about FreeIPA, and almost nothing about Samba, but I guess I
> was lucky enough to get the integration wo
Hi Matt
I also got the same result at that step, but can see nothing in Apache
Directory Studio.
As I am using existing Samba / FreeIPA groups migrated across, they
probably were migrated with all the required attributes.
Looking more closely at that LDIF: I wonder should it not be:
ldapmodify
Hi Matt
If I use Apache Directory Studio to add an attribute ipaCustomFields to
cn=ipaConfig,cn=etc, the operation it performs is a modify, as shown below:
#!RESULT OK
#!CONNECTION ldap://xxx-ldap2.my.silly.example.com:yyy
#!DATE 2015-08-05T05:45:04.608
dn: cn=ipaConfig,cn=etc,dc=my,dc=silly,dc=e
On Tue, Aug 04, 2015 at 08:01:13AM -0700, Janelle wrote:
> Trying to figure this out:
>
> ipa host-add haproxy.example.com
> ipa service-add HTTP/haproxy.example@example.com
> ipa service-add LDAP/haproxy.example@example.com
>
> ipa-getcert request -d /tmp -n haproxy-cert -K LDAP/haproxy.
30 matches
Mail list logo
