Re: [Freeipa-users] getent passwd returns usern...@domain.com for username

2016-05-12 Thread Watson, Dan
Tuned out to be the default_domain_suffix setting. It appears our RHEL 6.5 installs ignore it but RHEL 6.8 doesn't. Now that the setting actually does something I've discovered my setting was wrong. Thanks! Dan -Original Message- From: Lukas Slebodnik [mailto:lsleb...@redhat.com]

[Freeipa-users] DNSSEC NSEC3 Parameter

2016-05-12 Thread Günther J . Niederwimmer
Hello, I have the Problem to find the correct way for NSEC3PARAM ? With your Help I have this found ipa dnszone-mod example.com. --nsec3param-rec " " But it dos not work correct ? Now the question, is this the correct way ipa dnszone-mod example.com. --nsec3param-rec "1 7 100

Re: [Freeipa-users] ipa -v ping lies about the cert database

2016-05-12 Thread Harald Dunkel
On 04/26/16 17:29, Timo Aaltonen wrote: > > I guess 4.3.1 would need to be in sid first, and it just got rejected > because of the minified javascript (bug #787593). Don't know when > that'll get fixed. > Since 24beta is out without fixing https://fedorahosted.org/freeipa/ticket/5639

Re: [Freeipa-users] sssd went away, failed to restart

2016-05-12 Thread Harald Dunkel
On 05/12/16 13:48, Lukas Slebodnik wrote: > It would be nice if you could provide reliable reproducer. > I'm sorry we do not have a crystall ball and sssd log files > did not help either. They are truncated. > Thats all I got. > I would like to fix it but I do not know what to fix. > > Is

[Freeipa-users] Announcing bind-dyndb-ldap version 9.0

2016-05-12 Thread Petr Spacek
The FreeIPA team is proud to announce bind-dyndb-ldap version 9.0. It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/ The new version has also been built for Fedora 24+: https://bodhi.fedoraproject.org/updates/FEDORA-2016-6efaecbe9f Latest news: 9.0 [1]

Re: [Freeipa-users] sssd went away, failed to restart

2016-05-12 Thread Lukas Slebodnik
On (12/05/16 11:03), Harald Dunkel wrote: >On 05/12/16 10:26, Lukas Slebodnik wrote: >> On (12/05/16 09:42), Harald Dunkel wrote: >>> >>> It happened again :-(.This *really* needs to be fixed. >>> I wouldn't like to move back to ypbind. >>> >> I would like to If I knew what to fix and how to

Re: [Freeipa-users] sssd went away, failed to restart

2016-05-12 Thread Harald Dunkel
On 05/12/16 10:26, Lukas Slebodnik wrote: > On (12/05/16 09:42), Harald Dunkel wrote: >> >> It happened again :-(.This *really* needs to be fixed. >> I wouldn't like to move back to ypbind. >> > I would like to If I knew what to fix and how to reliably reproduce. > It would be very nice if sssd

Re: [Freeipa-users] krb5kdc service not starting

2016-05-12 Thread Prasun Gera
Trying to provide some additional information if it helps. Here's the timeline of events from logs: Some logs from the failure: May 11 17:34:03 localhost ns-slapd: [11/May/2016:17:34:03 -0400] dse - The configuration file /etc/dirsrv/slapd-DOMAINNAME-EDU/dse.ldif was not restored from backup

Re: [Freeipa-users] sssd went away, failed to restart

2016-05-12 Thread Lukas Slebodnik
On (12/05/16 09:42), Harald Dunkel wrote: >Hi folks, > >On 02/23/16 13:46, Lukas Slebodnik wrote: >> On (23/02/16 13:01), Harald Dunkel wrote: >>> On 02/23/2016 11:58 AM, Lukas Slebodnik wrote: I would rather focus on different thing. Why is sssd_be process blocked for long time?

Re: [Freeipa-users] krb5kdc service not starting

2016-05-12 Thread Ludwig Krispenz
On 05/12/2016 05:28 AM, Prasun Gera wrote: Hi everyone, I had a pretty similar failure on my replica yesterday. The replica was not reachable, and I asked someone to have a look at the system. They presumably rebooted it. When it came back up, ipactl wouldn't start, and the symptoms were

Re: [Freeipa-users] sssd went away, failed to restart

2016-05-12 Thread Harald Dunkel
Hi folks, On 02/23/16 13:46, Lukas Slebodnik wrote: > On (23/02/16 13:01), Harald Dunkel wrote: >> On 02/23/2016 11:58 AM, Lukas Slebodnik wrote: >>> I would rather focus on different thing. >>> Why is sssd_be process blocked for long time? >>> >> >> I have no idea. Was it really blocked? >> > It

Re: [Freeipa-users] getent passwd returns usern...@domain.com for username

2016-05-12 Thread Lukas Slebodnik
On (11/05/16 17:17), Watson, Dan wrote: >Hi All, > >I've run into some strangeness and I just haven't been able to find a solution >online. > >On my existing RHEL 6.5 servers everything runs fine. I do not use the IPA >client install but rather manually setup SSSD, LDAP and Kerberos. We've got a

Re: [Freeipa-users] Exposing LDAP attributes with hyphens in their names?

2016-05-12 Thread Jan Cholasta
Hi, see also this recent commit to get an idea how to deal with attributes with "weird" names: . On 11.5.2016 17:19, Jeffery Harrell wrote: I’ve read Extending FreeIPA back to front (several

Re: [Freeipa-users] Looking for documentation for Python API

2016-05-12 Thread Jan Cholasta
On 11.5.2016 10:52, Martin Kosek wrote: On 05/07/2016 09:07 AM, Joshua J. Kugler wrote: On Friday, May 06, 2016 09:04:59 Martin Basti wrote: since IPA4.2 web UI contains API browser (IPA Server/API Browser) So for example for caacl-add: api.Command.caacl_add(u'argument-ca-acl-name',