Hi LIst,
is there anyone faces/fixed this issue?
Regards,
BEn
On Sun, Jan 8, 2017 at 7:03 AM, Ben .T.George wrote:
> HI List,
>
> how can i solve this? is this a bug ,normal behavior or any missing
> configuration from my end,
>
> Till now i didn't get ant clue on
HI List,
how can i solve this? is this a bug ,normal behavior or any missing
configuration from my end,
Till now i didn't get ant clue on this.
Regards
Ben
On Thu, Jan 5, 2017 at 1:21 PM, Fraser Tweedale wrote:
> On Thu, Jan 05, 2017 at 01:08:58PM +0300, Ben .T.George wrote
: man:firewalld(1)
[root@zkwipamstr01 ~]# sestatus
SELinux status: disabled
On Thu, Jan 5, 2017 at 1:05 PM, Fraser Tweedale wrote:
> On Thu, Jan 05, 2017 at 12:43:47PM +0300, Ben .T.George wrote:
> > HI,
> >
> > on master server and replica server, i have enabled
l same error.
is this service restart pki-tomcatd@pki-tomcat only applicable on master
server?
Regards,
Ben
On Thu, Jan 5, 2017 at 11:12 AM, Petr Vobornik wrote:
> On 01/05/2017 07:10 AM, Ben .T.George wrote:
> > HI
> >
> > yes i did the same and still port is not liste
:12:12PM +0300, Ben .T.George wrote:
> > HI
> >
> > port 8009 is not listening in master server
> >
> > and i added ::1 localhost localhost.localdomain localhost6
> > localhost6.localdomain6 in hosts file.
> >
>
> Did you add this to the hos
HI
anyone please help me to fix this.
Regards,
Ben
On Wed, Jan 4, 2017 at 3:12 PM, Ben .T.George wrote:
> HI
>
> port 8009 is not listening in master server
>
> and i added ::1 localhost localhost.localdomain localhost6
> localhost6.localdomain6 in hosts file.
>
s
Regards,
Ben
On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik wrote:
> On 01/04/2017 10:59 AM, Ben .T.George wrote:
> > HI
> >
> > i tried the method mentioned on that document and it end up with below
> error. My
> > DNS is managed by external box and i dont
Martin Babinsky
wrote:
> On 01/04/2017 07:21 AM, Ben .T.George wrote:
>
>> HI
>>
>> while trying to create ipa replica, i am getting below error,
>>
>> Replica creation using 'ipa-replica-prepare' to generate replica file
>> is supported only i
HI
while trying to create ipa replica, i am getting below error,
Replica creation using 'ipa-replica-prepare' to generate replica file
is supported only in 0-level IPA domain.
The current IPA domain level is 1 and thus the replica must
be created by promoting an existing IPA client.
To set up a
HI,
thanks for your information. I have validated logs.
i destroyed the current kerberos ticket and re-initiated, then the issue
solved.
Regards,
Ben
On Tue, Dec 20, 2016 at 2:24 PM, Jakub Hrozek wrote:
> On Tue, Dec 20, 2016 at 01:19:15PM +0300, Ben .T.George wrote:
> >
Hi List,
please help me to implement sudo rules.
i have did below steps and still not working for me.
1. created "Sudo Command Groups"
2. Added some command (/bin/yum) and included in sudo group
3. created "sudo Rule" on that
* added sudo Option as "!authenticate"
* Added User Group.
Hi List,
please help me to implement sudo rules.
i have did below steps and still not working for me.
1. created "Sudo Command Groups"
2. Added some command (/bin/yum) and included in sudo group
3. created "sudo Rule" on that
* added sudo Option as "!authenticate"
* Added User Group.
HI
How to disable first time password change on newly created user from web UI
Regards,
Ben
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
HI List,
>From where can i get latest IPA repo for centos. the repo which i was using
on copr is not working now.
please anyone help me to sort it out.
Regards,
Ben
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http:/
Hi List,
always https://copr.fedorainfracloud.org/ is down, is there any alternative
repo were i can get IPA 4.4?
Regards,
Ben
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the proje
> On Sun, May 29, 2016 at 7:11 PM, Ben .T.George
> wrote:
>
>> Hi
>>
>> I would like to know how can i proceed with best practices
>>
>> My AD domain is : corp.examle.com.kw
>> My DNS (appliances ) : kw.test.com
>>
>> All my clients are p
Hi
I would like to know how can i proceed with best practices
My AD domain is : corp.examle.com.kw
My DNS (appliances ) : kw.test.com
All my clients are pointed to kw.test.com including AD.
How can i proceed with Free IPA installation? where i need to manage DNS of
freeipa master server?
crea
kovoy
wrote:
> On Fri, 27 May 2016, Ben .T.George wrote:
>
>> HI
>>
>> i ran some commands from AD side and the Trust status got changed.Below is
>> the command i used on AD
>>
>> netdom trust /d: /verify
>>
>>
>> Before it was : "
r group: MTC_TABS\Domain Users: trusted domain object not found *
-
Number of members added 0
-
This is what my trust properties from AD. Trust type is showing as realm
[image: Inline image 1]
How can i fix this issue.
On Thu, May 26, 2016 at 10:32 P
ar with setting up FreeIPA with an
> external DNS, but I'm sure there are some instructions out there.
>
> -Mike
>
> -Original Message-
> From: "Ben .T.George"
> Sent: May 23, 2016 2:22 PM
> To: Michael ORourke
> Cc: freeipa-users
> Subject: Re
eIPA domain into the new DNS zone.
>
> -Mike
>
> -Original Message-
> From: "Ben .T.George"
> Sent: May 23, 2016 10:44 AM
> To: Michael ORourke
> Cc: freeipa-users
> Subject: Re: [Freeipa-users] What id my AD domain user password not
> available
>
> HI
y. You don't have to be a Windows expert to do this, just ask your
> domain admin to do the steps for you. Also, you will need to setup a
> separate DNS zone and some forwarding rules. Otherwise you are going to
> have problems.
>
> -Mike
>
>
> -Original Message-
able to
> him.
>
> -Mike
>
> -----Original Message-
> From: "Ben .T.George"
> Sent: May 23, 2016 8:42 AM
> To: freeipa-users
> Subject: [Freeipa-users] What id my AD domain user password not available
>
> Hi LIst,
>
> my Windows domain Admin is not
indows are different for me.
Regards
Ben
On 23 May 2016 16:13, "Martin Babinsky" wrote:
> On 05/23/2016 02:42 PM, Ben .T.George wrote:
>
>> Hi LIst,
>>
>> my Windows domain Admin is not giving domain admin user password.
>>
>> in this case how can i proce
Hi LIst,
my Windows domain Admin is not giving domain admin user password.
in this case how can i proceed ipa trust-add
regards,
Ben
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on th
which is working fine for us.
> I wonder if you could do some sort of CIFS home dir automount with a SAN
> that is joined to an AD domain which is trusted by FreeIPA? Seems like
> this would be feasible.
>
> -Mike
>
> -Original Message-
> From: "Ben .T.George&qu
HI LIst,
Is it possible to mount home directories of AD authenticated users from
external source(like san or fileshare)
Regards,
Ben
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the
HI All
again repo is down.
Regards,
Ben
On Mon, May 2, 2016 at 2:04 PM, Alexander Bokovoy
wrote:
> On Mon, 02 May 2016, Ben .T.George wrote:
>
>> HI
>>
>> thanks
>>
>> yes now it's working and yesterday it was not.
>>
> COPR service SLA is
HI
So basically RBAC cannot apply against system user (ssh) ?
On Mon, May 16, 2016 at 11:29 AM, Alexander Bokovoy
wrote:
> On Sat, 14 May 2016, Ben .T.George wrote:
>
>> Hi List,
>>
>> i have one working setup with HBAC and sudo rules.
>>
>> I would like t
HI Marc,
thanks for the explanation.
can you please share some kind of implementation guide for this?
On Mon, May 16, 2016 at 3:45 AM, Marc Boorshtein <
marc.boorsht...@tremolosecurity.com> wrote:
> > I would like to know more about RBAC. like what is RBAC and what can be
> > achieved with RB
HI List,
anyone please help me by sending some updated documents.
On Sat, May 14, 2016 at 1:25 AM, Ben .T.George
wrote:
> Hi List,
>
> i have one working setup with HBAC and sudo rules.
>
> I would like to know more about RBAC. like what is RBAC and what can be
>
Hi List,
i have one working setup with HBAC and sudo rules.
I would like to know more about RBAC. like what is RBAC and what can be
achieved with RBAC.
anyone please share some good topics about this as i am getting so many and
the information's mentioned on those are different.
Thanks & Regar
HI
thanks
yes now it's working and yesterday it was not.
regards,
Ben
On Mon, May 2, 2016 at 1:54 PM, Martin Basti wrote:
>
>
> On 01.05.2016 10:24, Ben .T.George wrote:
>
> Hi All,
>
> again link for IPA 4.3.1 is offline
>
> https://copr.fedorainfracloud
HI All
sudo rules got worked .actually i tried after 6 hours, what is the default
time to get affect this rule affect normally, is there any way to manually
pull changes from client?
Regards,
Ben
On Sun, May 1, 2016 at 11:46 PM, Ben .T.George
wrote:
> HI
>
> i have a working setup o
HI
i have a working setup of FreeIPA 4.3 with AD integrated, I can able to
apply HBAC rules and from client side it's working.
how can i apply sudo rules to that specific POSIX group.
i have created sample rue and added 2 commands put option as !authenticate
and attached this rule to client, but
HI LIst,
i dont; know how to explain this issue. I was trying IPA 4.3.1
while adding DNS, i am getting below error
[root@global tmp]# ipa dnsforwardzone-add kwttestdc.com.kw
--forwarder=192.168.37.131 --forward-policy=only
Server will check DNS forwarder(s).
This may take some time, please wait
port 53 anwered The DNS
operation timed out.; Server 127.0.0.1 UDP port 53 anwered SERVFAIL.
this is the first time i am seeing this error.
On Sun, May 1, 2016 at 3:30 PM, Ben .T.George wrote:
> HI LIst,
>
> i dont; know how to explain this issue. I was trying IPA 4.3.1
>
> w
Hi All,
again link for IPA 4.3.1 is offline
https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-3-centos-7/
On Tue, Apr 12, 2016 at 4:19 PM, Ben .T.George
wrote:
> Hi
>
> Wow.Thanks for your fast response.
>
> Regards
> Ben
> On 12 Apr 2016 16:09,
and here is my sssd debug log from client side
http://pastebin.com/ud2q3FR5
On Sat, Apr 30, 2016 at 10:06 AM, Ben .T.George
wrote:
> Hi
>
> Adding this this.
>
> in AD i habe added 2 users , ben and jude. In my HBAC rule, i pointed this
> specific external group and (were th
hbac is working partially. How can i fix this.
Regards,
Ben
On Fri, Apr 29, 2016 at 7:27 PM, Ben .T.George
wrote:
> surprisingly i have created some local IPA users and added to same HBAC
> rule, and removed AD grop ad applied this rule to client, and that got
> worked.
>
> How
HI All
this issue has solved
On Sat, Apr 30, 2016 at 9:16 AM, Ben .T.George
wrote:
> when i am running ipa trust-fetch-domains "kwttestdc.com.kw" , i am
> getting below error in error_log
>
> [Sat Apr 30 09:14:25.107449 2016] [:error] [pid 2666] ipa: E
@IDM.LOCAL: trust_fetch_domains(u'kwttestdc.com.kw',
rights=False, all=False, raw=False, version=u'2.156'): ServerCommandError
On Sat, Apr 30, 2016 at 12:00 AM, Ben .T.George
wrote:
> Hi
>
> Anyone please help me to fix this issue.
>
> i have created new group in A
*member group: KWTTESTDC\test admins: Cannot find specified domain or
server name*
*-*
*Number of members added 0*
---------
On Fri, Apr 29, 2016 at 4:41 PM, Ben .T.George
wrote:
> Hi
>
> while issuing ipa trust-fetch-domains, i am getting bel
surprisingly i have created some local IPA users and added to same HBAC
rule, and removed AD grop ad applied this rule to client, and that got
worked.
How can i make this AD group with HBAC working?
Regards,
Ben
On Fri, Apr 29, 2016 at 7:12 PM, Ben .T.George
wrote:
> HI
>
> If
HI
If i disable allow_all <https://freeipa.idm.local/ipa/ui/#allow_all> rule,
i cannot able to login to client machine.
On Fri, Apr 29, 2016 at 7:05 PM, Ben .T.George
wrote:
> HI
>
> actually i have added Domain Admins and the user ben is not part of Domain
> Admins. But when
...@kwttestdc.com.kw *),1827801105(sudo
adm...@kwttestdc.com.kw)
On Fri, Apr 29, 2016 at 6:58 PM, Ben .T.George
wrote:
> HI
>
> while explaning here it went wrong. actually i did is"
> Added external group to POSIX group"
>
> On Fri, Apr 29, 2016 at 6:56 PM, Jakub Hrozek
HI
while explaning here it went wrong. actually i did is"
Added external group to POSIX group"
On Fri, Apr 29, 2016 at 6:56 PM, Jakub Hrozek wrote:
> On Fri, Apr 29, 2016 at 06:32:28PM +0300, Ben .T.George wrote:
> > HI,
> >
> > "The other is that the groups
failed. See details in the error_log
Thanks & Regards,
Ben
On Fri, Apr 29, 2016 at 6:33 PM, Ben .T.George
wrote:
> Hi Alex,
>
> yea my mistake.
>
> i was following u this
>
>
> http://www.freeipa.org/page/Active_Directory_trust_setup#Allow_access_for_users_from_AD_
Hi Alex,
yea my mistake.
i was following u this
http://www.freeipa.org/page/Active_Directory_trust_setup#Allow_access_for_users_from_AD_domain_to_protected_resources
On Fri, Apr 29, 2016 at 6:03 PM, Alexander Bokovoy
wrote:
> On Fri, 29 Apr 2016, Ben .T.George wrote:
>
>> Hi L
HI,
"The other is that the groups might not show up on the client (do they?)"
how can i check that.
Thanks
Ben
On Fri, Apr 29, 2016 at 5:59 PM, Jakub Hrozek wrote:
> On Fri, Apr 29, 2016 at 05:38:30PM +0300, Ben .T.George wrote:
> > Hi List,
> >
> > I have w
Hi List,
I have working setup of one AD, one IPA server and one client server. by
default i can login to client server by using AD username.
i want to apply HBAC rules against this client server. For that i have done
below steps.
1. created External group in IPA erver
2. created local POSIX grou
Hi
while issuing ipa trust-fetch-domains, i am getting below error.
i have created new security group in AD and i want to add this to external
group.
[root@freeipa ~]# ipa trust-fetch-domains "kwttestdc.com.kw"
ipa: ERROR: error on server 'freeipa.idm.local': Fetching domains from
trusted fo
HI
Thanks for your reply.
can i do this external group mapping from web UI?
On Fri, Apr 29, 2016 at 10:50 AM, Jakub Hrozek wrote:
> On Fri, Apr 29, 2016 at 12:03:42AM +0300, Ben .T.George wrote:
> > Hi List,
> >
> > i have a working setup of IPA with AD integrated
Hi List,
i have a working setup of IPA with AD integrated and one client joined.
i want to implement HBAC rules against this client. can anyone please share
me good articles of implementing HBAC from web UI.
Thanks & Regards,
Ben
--
Manage your subscription for the Freeipa-users mailing list:
Hi LIst,
getting below error while adding conditional forwarder for AD domain on IPA
[root@ipa ~]# ipa dnsforwardzone-add ad.example.com
--forwarder=192.168.37.131 --forward-policy=only
Server will check DNS forwarder(s).
This may take some time, please wait ...
ipa: ERROR: DNS check for domain a
ction in the RHEL
> documentation:
>
>
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/
>
>
>
> Josh
>
>
>
> *From:* freeipa-users-boun...@redhat.com [mailto:
> freeipa-users-boun...@redhat.com] *On Behalf Of *Ben .T.George
>
Hi List,
anyone please send me some refference to IPA server installation with
active directory integration guide.
I would like to install latest IPA version in RHEL 7.
Thanks & Regards,
Ben
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/
Hi
Wow.Thanks for your fast response.
Regards
Ben
On 12 Apr 2016 16:09, "Martin Basti" wrote:
>
>
> On 12.04.2016 14:59, Ben .T.George wrote:
>
> Hi List,
>
> Ffrom where can i get repo details for FreeIPA 4.3.1 version. the link
> provided in website is brok
Hi List,
Ffrom where can i get repo details for FreeIPA 4.3.1 version. the link
provided in website is broken.
https://www.freeipa.org/page/Releases/4.3.1
please someone give me right package details.
Regards,
Ben
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redha
; SERVER: 172.16.100.180#53(172.16.100.180)
;; WHEN: Wed Apr 08 13:54:02 AST 2015
;; MSG SIZE rcvd: 68
On Wed, Apr 8, 2015 at 1:27 PM, Traiano Welcome wrote:
> Hi Ben
>
>
>
> On Wed, Apr 8, 2015 at 12:39 PM, Ben .T.George
> wrote:
> > HI
> >
> > i a
HI
i am getting krb5kdc: Server error on ligs:
krb5kdc: Server error - while fetching master key K/M for realm SUN.LOCAL
and the ipactl status is taking long time. Web interface is not able to
athenticate.
If i issue ipactl restart, noting is happening
to solve this issue currently i am restar
no, it's because of wrong ticket i guess.
try the steps and let us know the output
On Fri, Apr 3, 2015 at 2:23 PM, Andrew Holway
wrote:
>
>
> On Friday, 3 April 2015, Ben .T.George wrote:
>
>> HI
>>
>> i was facing the same issue last week and it got fi
HI
i was facing the same issue last week and it got fixed now.
always user WUI from firefox. install Kerbros plugin and certificate from
ipa help page
check time(ntp)
Destroy and recreate ticket (Kdestroy & kinit admin)
restart krb5kdc,sssd & httpd services
restart ipactl (ipactl restart)
ch
everything is default.
but now the issue solved after many restart,kinit & ipactl restart
don't still don't know how it got fixed
Regards,
Ben
On Wed, Apr 1, 2015 at 8:31 PM, Nalin Dahyabhai wrote:
> On Wed, Apr 01, 2015 at 07:45:10PM +0300, Ben .T.George wrote:
> >
HI
i have checked from chrome and got 401 error: This is what exactly i
reported 3 weeks back :(
http://s1.postimg.org/41ik3o1hr/kerb.jpg
Regards,
Ben
On Wed, Apr 1, 2015 at 7:45 PM, Ben .T.George wrote:
> HI
>
> yes i have creared cache. tried from different browsers, tried from
&
PM, Ben .T.George wrote:
>
> Hi
>
> I have re-installed verything from RHEL 7.1 DVD and current ipa version
> is 4.0.1
>
> everything is working including AD trust.
>
> but my web interface always giving "Your session has expired. Please
> re-login."
>
>
Hi
I have re-installed verything from RHEL 7.1 DVD and current ipa version is
4.0.1
everything is working including AD trust.
but my web interface always giving "Your session has expired. Please
re-login."
i faced the issue before that time i destroyed kerbros ticket (Kdestroy)
and initiated ag
HI
i have installed latest FreeIPA 4.1.4 on RHEL 7.1
My DNS is working fine. I am getting good response
[root@kwtprsolipa01 ~]# for i in _ldap._tcp _kerberos._tcp _kerberos._udp
_kerberos-master._tcp _kerberos-master._udp _ntp._udp; do echo ""; dig
@mha.local ${i}.SUN.LOCAL srv +nocmd +noquestio
9:19 PM, Rob Crittenden wrote:
> Ben .T.George wrote:
> > please anyone share bit more information on this like real example
>
> As we've said many times before, we have very little real experience on
> Solaris. We do the best we can and sometimes that is going to be in the
please anyone share bit more information on this like real example
On Tue, Mar 24, 2015 at 9:03 PM, Rob Crittenden wrote:
> Dmitri Pal wrote:
> > On 03/24/2015 01:15 PM, Ben .T.George wrote:
> >> Hi
> >>
> >> current stage is AD users can able to login to
On 03/24/2015 07:20 AM, Ben .T.George wrote:
>
> HI
>
> i am using IPA 3.3 and my client is solaris 10.
>
> how can i give only some set of users to this client without creating
> user group in ad?
>
> thanks & Regards,
> Ben
>
>
>
> You can cre
HI
i am using IPA 3.3 and my client is solaris 10.
how can i give only some set of users to this client without creating user
group in ad?
thanks & Regards,
Ben
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://fre
HI
i created the home directory manually and copied the profile.
i tried to access the solaris box from putty and still it's not accepting
password.
On Mon, Mar 23, 2015 at 11:03 AM, Ben .T.George
wrote:
> HI List
>
> finally after soo much struggling now i can able to login
HI List
finally after soo much struggling now i can able to login solaris box as AD
user.
but auto home directory creation still have issue. for that i need to
compile some modules.
The issue i am facing is i cannot able to login to solaris box after
editing pam.conf file.here is the conf file
Alexander Bokovoy
wrote:
> On Wed, 18 Mar 2015, Ben .T.George wrote:
>
>> no,
>>
>> this is new host-name i am choosed.
>>
>> anyway how to check is there any existing solaris.com in AD, under DNS
>> management, i cannot see anything
>>
> You can
# search result
search: 2
result: 0 Success
# numResponses: 4
# numReferences: 3
You have new mail in /var/spool/mail/root
but there is no solaris.com in this output
On Wed, Mar 18, 2015 at 1:38 PM, Alexander Bokovoy
wrote:
> On Wed, 18 Mar 2015, Ben .T.George wrote:
>
>> did
no,
this is new host-name i am choosed.
anyway how to check is there any existing solaris.com in AD, under DNS
management, i cannot see anything
Regards,
Ben
On Wed, Mar 18, 2015 at 12:45 PM, Alexander Bokovoy
wrote:
> On Wed, 18 Mar 2015, Ben .T.George wrote:
>
>> HI
>
HI
i saw this ticket and' 13 months old
https://fedorahosted.org/freeipa/ticket/4202
is this fixed? i think the mentioned patch is for 3.3
Regards,
Ben
On Wed, Mar 18, 2015 at 12:24 PM, Ben .T.George
wrote:
> this is the result from AD
>
> C:\Users\Administrator>nslookup
ty = 0
weight = 100
port = 389
svr hostname = kwtpocpbis02.solaris.com
kwtpocpbis02.solaris.cominternet address = 172.16.107.135
On Wed, Mar 18, 2015 at 12:21 PM, Ben .T.George
wrote:
> HI
>
> thanks for the reply
>
> i
HI
thanks for the reply
i have created PTR record for IPA server under reverse lookup zone manually
and ipa server resolving from AD
how can i solve trhis issue.?
On Wed, Mar 18, 2015 at 12:15 PM, Alexander Bokovoy
wrote:
> On Wed, 18 Mar 2015, Ben .T.George wrote:
>
>> H
HI
i saw the this in BZ and it's closed my mentioning it's got resolved on
RHEL/Centos 7.
But i am already using 7 .
please anyone help me to fix this?
Regards,
Nem
On Wed, Mar 18, 2015 at 11:19 AM, Ben .T.George
wrote:
> Hi
>
> i am getting "ipa: ERROR: CIFS se
Hi
i am getting "ipa: ERROR: CIFS server communication error: code
"-1073741771","
while doing
[root@kwtpocpbis02 ~]# ipa trust-add --type=ad infra.com --admin
Administrator --password
Active Directory domain administrator's password:
ipa: ERROR: CIFS server communication error: code "-107374177
015] [:error] [pid 15176] raise
assess_dcerpc_exception(num=num, message=message)
[Wed Mar 18 08:10:19.541675 2015] [:error] [pid 15176] ACIError:
Insufficient access: Gettext('CIFS server denied your credentials',
domain='ipa', localedir=None)
[Wed Mar 18 08:10:19.541678 2015]
Hi all
how can i fix this issue.? even i tried to trust add AD again. that too
failed.
from where i need to troubleshoot ?
On Tue, Mar 17, 2015 at 3:02 PM, Ben .T.George
wrote:
> Hi
>
> i did kinit
>
> [root@kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab
> kinit:
wrote:
> On Tue, Mar 17, 2015 at 02:38:41PM +0300, Ben .T.George wrote:
> > here is separated logs:
> >
> > tail -f sssd_solaris.local.log
>
> Thank you, see inline:
>
> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_get_tgt_recv]
> > (0x0400): Ch
17 14:33:30 2015) [sssd[be[solaris.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[defaultNamingContext]
(Tue Mar 17 14:33:30 2015) [sssd[be[solaris.local]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN]
(Tue Mar 17 14:33:30 2015) [sssd[be[solaris.local]]]
[sdap_get_
replied to ping
On Tue, Mar 17, 2015 at 1:27 PM, Jakub Hrozek wrote:
> On Tue, Mar 17, 2015 at 12:57:27PM +0300, Ben .T.George wrote:
> > HI
> >
> > i have enabled debug
> >
> > here is my sssd.conf
> >
> > [root@kwtpocpbis01 ~]# cat
okie 'ipa_session=cf8484a2b0ee0f8f3fe2cac8c6ad7570;
Domain=kwtpocpbis01.solaris.local; Path=/ipa; Expires=Tue, 17 Mar 2015
10:27:04 GMT; Secure; HttpOnly' for principal admin@SOLARIS.LOCAL
ipa: DEBUG: Starting external process
ipa: DEBUG: args='keyctl' 'search' '
;user'
'ipa_session_cookie:admin@SOLARIS.LOCAL'
ipa: DEBUG: Process finished, return code=0
ipa: DEBUG: stdout=35095713
ipa: DEBUG: stderr=
ipa: DEBUG: Starting external process
ipa: DEBUG: args='keyctl' 'search' '@s' 'user'
'ipa_session_coo
5840]: Accepted password for
b...@infra.com from 10.18.2.130 port 64782 ssh2
Mar 17 12:44:59 kwtpocpbis01 sshd[15840]: pam_unix(sshd:session): session
opened for user b...@infra.com by (uid=0)
On Tue, Mar 17, 2015 at 12:09 PM, Jakub Hrozek wrote:
> On Tue, Mar 17, 2015 at 11:37:24AM +0300,
HI List
i was following this link :
http://www.freeipa.org/page/Active_Directory_trust_setup#Assumptions
to setup IPA server
my IPA version is 4.1.2
every setps in this tutorials was passed without any error
even "*Allow access for users from AD domain to protected resources*"
went successfully
HI
the user Ben is from Ad, how can i assign shell to that user.?
Regards,
Ben
On Sun, Mar 15, 2015 at 7:14 PM, Gianluca Cecchi
wrote:
>
> Il 15/Mar/2015 11:04 "Ben .T.George" ha scritto:
>
> >
> > here is the getent passwd:
> >
> >
> > nob
Hi LIst,
i have successfully configured my solaris 10 with AD through IPA 4.1.2
the issue i am facing is,only one AD user can able to solaris
here is the getent passwd:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
*b...@infra.com:x:531001104:531001104:ben:/home/infra.com/ben
HI
i am using free ipa 4.1.2 on centos 7.
from root user, i can able to switch to IPA user : "su ben"
but from any other user if i try that, it's asking for password. if i gave
the correct passord also, its not accepting .This is what i am getting
bash-3.2$ su jude
Password:
su: Sorry
and on l
:
>
> Hello,
>
> Is there any chance you can help this guy on the FreeIPA list?
>
> Thanks
> Dmitri
>
>
> Original Message ---- Subject: Re: [Freeipa-users] how can
> i create home directories automatically on solaris while IPA user login Date:
> Wed, 11 Ma
the /etc/auto_master file so the "mkhomedir" script runs
> at login
> /home /usr/local/adm/mkhomedir
>
> Remove original /home/ directories
> rm -rf /home/*
>
> Restart autofs so the change takes effect
> svcadm restart autofs
>
> Make sure you change you
b Crittenden
> wrote:
>
>> Ben .T.George wrote:
>> > HI
>> >
>> > thanks for the rply.
>> >
>> > even i tried native auto_master file with directory checking script. if
>> > i feed the user manually to the script, the directory is creating
but's not authenticate with AD, IPA
user can login on solaris box
On Wed, Mar 11, 2015 at 9:11 PM, Dmitri Pal wrote:
> On 03/11/2015 01:56 PM, Ben .T.George wrote:
>
> HI
>
> yea , i saw that mail thread and he claims that he achieved somehow. but
> not clear.
>
> an
sting wiki :) as there are
many solaris related documents which is pretty old.
anyway still waiting for rply
Regards,
Ben
On Wed, Mar 11, 2015 at 8:49 PM, Dmitri Pal wrote:
> On 03/11/2015 01:18 PM, Ben .T.George wrote:
>
> HI
>
> thanks for the rply.
>
> even i tried na
questions related to that.
now i am little bit confident up to this level. and if everything is
working fine, i will try to create automated script for IPA join
Regards,
Ben
On Wed, Mar 11, 2015 at 7:32 PM, Dmitri Pal wrote:
> On 03/11/2015 09:50 AM, Ben .T.George wrote:
>
> HI
>
>
1 - 100 of 144 matches
Mail list logo