Re: [Freeipa-users] ipa replica installation help

Hi LIst, is there anyone faces/fixed this issue? Regards, BEn On Sun, Jan 8, 2017 at 7:03 AM, Ben .T.George wrote: > HI List, > > how can i solve this? is this a bug ,normal behavior or any missing > configuration from my end, > > Till now i didn't get ant clue on

Re: [Freeipa-users] ipa replica installation help

HI List, how can i solve this? is this a bug ,normal behavior or any missing configuration from my end, Till now i didn't get ant clue on this. Regards Ben On Thu, Jan 5, 2017 at 1:21 PM, Fraser Tweedale wrote: > On Thu, Jan 05, 2017 at 01:08:58PM +0300, Ben .T.George wrote

Re: [Freeipa-users] ipa replica installation help

: man:firewalld(1) [root@zkwipamstr01 ~]# sestatus SELinux status: disabled On Thu, Jan 5, 2017 at 1:05 PM, Fraser Tweedale wrote: > On Thu, Jan 05, 2017 at 12:43:47PM +0300, Ben .T.George wrote: > > HI, > > > > on master server and replica server, i have enabled

Re: [Freeipa-users] ipa replica installation help

l same error. is this service restart pki-tomcatd@pki-tomcat only applicable on master server? Regards, Ben On Thu, Jan 5, 2017 at 11:12 AM, Petr Vobornik wrote: > On 01/05/2017 07:10 AM, Ben .T.George wrote: > > HI > > > > yes i did the same and still port is not liste

Re: [Freeipa-users] ipa replica installation help

:12:12PM +0300, Ben .T.George wrote: > > HI > > > > port 8009 is not listening in master server > > > > and i added ::1 localhost localhost.localdomain localhost6 > > localhost6.localdomain6 in hosts file. > > > > Did you add this to the hos

Re: [Freeipa-users] ipa replica installation help

HI anyone please help me to fix this. Regards, Ben On Wed, Jan 4, 2017 at 3:12 PM, Ben .T.George wrote: > HI > > port 8009 is not listening in master server > > and i added ::1 localhost localhost.localdomain localhost6 > localhost6.localdomain6 in hosts file. >

Re: [Freeipa-users] ipa replica installation help

s Regards, Ben On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik wrote: > On 01/04/2017 10:59 AM, Ben .T.George wrote: > > HI > > > > i tried the method mentioned on that document and it end up with below > error. My > > DNS is managed by external box and i dont

Re: [Freeipa-users] ipa replica installation help

Martin Babinsky wrote: > On 01/04/2017 07:21 AM, Ben .T.George wrote: > >> HI >> >> while trying to create ipa replica, i am getting below error, >> >> Replica creation using 'ipa-replica-prepare' to generate replica file >> is supported only i

[Freeipa-users] ipa replica installation help

HI while trying to create ipa replica, i am getting below error, Replica creation using 'ipa-replica-prepare' to generate replica file is supported only in 0-level IPA domain. The current IPA domain level is 1 and thus the replica must be created by promoting an existing IPA client. To set up a

Re: [Freeipa-users] Sudo rule implementation

HI, thanks for your information. I have validated logs. i destroyed the current kerberos ticket and re-initiated, then the issue solved. Regards, Ben On Tue, Dec 20, 2016 at 2:24 PM, Jakub Hrozek wrote: > On Tue, Dec 20, 2016 at 01:19:15PM +0300, Ben .T.George wrote: > >

[Freeipa-users] Sudo rule implementation

Hi List, please help me to implement sudo rules. i have did below steps and still not working for me. 1. created "Sudo Command Groups" 2. Added some command (/bin/yum) and included in sudo group 3. created "sudo Rule" on that * added sudo Option as "!authenticate" * Added User Group.

[Freeipa-users] How to implement sudo rules

Hi List, please help me to implement sudo rules. i have did below steps and still not working for me. 1. created "Sudo Command Groups" 2. Added some command (/bin/yum) and included in sudo group 3. created "sudo Rule" on that * added sudo Option as "!authenticate" * Added User Group.

[Freeipa-users] How to disable First time password change on IPA user

HI How to disable first time password change on newly created user from web UI Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] From where can i get latest IPA repo for centos

HI List, >From where can i get latest IPA repo for centos. the repo which i was using on copr is not working now. please anyone help me to sort it out. Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http:/

[Freeipa-users] freeipa 4.4 online repo is down

Hi List, always https://copr.fedorainfracloud.org/ is down, is there any alternative repo were i can get IPA 4.4? Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the proje

Re: [Freeipa-users] Install best practice -

> On Sun, May 29, 2016 at 7:11 PM, Ben .T.George > wrote: > >> Hi >> >> I would like to know how can i proceed with best practices >> >> My AD domain is : corp.examle.com.kw >> My DNS (appliances ) : kw.test.com >> >> All my clients are p

[Freeipa-users] Install best practice -

Hi I would like to know how can i proceed with best practices My AD domain is : corp.examle.com.kw My DNS (appliances ) : kw.test.com All my clients are pointed to kw.test.com including AD. How can i proceed with Free IPA installation? where i need to manage DNS of freeipa master server? crea

Re: [Freeipa-users] What id my AD domain user password not available

kovoy wrote: > On Fri, 27 May 2016, Ben .T.George wrote: > >> HI >> >> i ran some commands from AD side and the Trust status got changed.Below is >> the command i used on AD >> >> netdom trust /d: /verify >> >> >> Before it was : "

Re: [Freeipa-users] What id my AD domain user password not available

r group: MTC_TABS\Domain Users: trusted domain object not found * - Number of members added 0 - This is what my trust properties from AD. Trust type is showing as realm [image: Inline image 1] How can i fix this issue. On Thu, May 26, 2016 at 10:32 P

Re: [Freeipa-users] What id my AD domain user password not available

ar with setting up FreeIPA with an > external DNS, but I'm sure there are some instructions out there. > > -Mike > > -Original Message- > From: "Ben .T.George" > Sent: May 23, 2016 2:22 PM > To: Michael ORourke > Cc: freeipa-users > Subject: Re

Re: [Freeipa-users] What id my AD domain user password not available

eIPA domain into the new DNS zone. > > -Mike > > -Original Message- > From: "Ben .T.George" > Sent: May 23, 2016 10:44 AM > To: Michael ORourke > Cc: freeipa-users > Subject: Re: [Freeipa-users] What id my AD domain user password not > available > > HI

Re: [Freeipa-users] What id my AD domain user password not available

y. You don't have to be a Windows expert to do this, just ask your > domain admin to do the steps for you. Also, you will need to setup a > separate DNS zone and some forwarding rules. Otherwise you are going to > have problems. > > -Mike > > > -Original Message-

Re: [Freeipa-users] What id my AD domain user password not available

able to > him. > > -Mike > > -----Original Message- > From: "Ben .T.George" > Sent: May 23, 2016 8:42 AM > To: freeipa-users > Subject: [Freeipa-users] What id my AD domain user password not available > > Hi LIst, > > my Windows domain Admin is not

Re: [Freeipa-users] What id my AD domain user password not available

indows are different for me. Regards Ben On 23 May 2016 16:13, "Martin Babinsky" wrote: > On 05/23/2016 02:42 PM, Ben .T.George wrote: > >> Hi LIst, >> >> my Windows domain Admin is not giving domain admin user password. >> >> in this case how can i proce

[Freeipa-users] What id my AD domain user password not available

Hi LIst, my Windows domain Admin is not giving domain admin user password. in this case how can i proceed ipa trust-add regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on th

Re: [Freeipa-users] AD users home directory automount

which is working fine for us. > I wonder if you could do some sort of CIFS home dir automount with a SAN > that is joined to an AD domain which is trusted by FreeIPA? Seems like > this would be feasible. > > -Mike > > -Original Message- > From: "Ben .T.George&qu

[Freeipa-users] AD users home directory automount

HI LIst, Is it possible to mount home directories of AD authenticated users from external source(like san or fileshare) Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the

Re: [Freeipa-users] From where can i get repo details for FreeIPA 4.3.1 version

HI All again repo is down. Regards, Ben On Mon, May 2, 2016 at 2:04 PM, Alexander Bokovoy wrote: > On Mon, 02 May 2016, Ben .T.George wrote: > >> HI >> >> thanks >> >> yes now it's working and yesterday it was not. >> > COPR service SLA is

Re: [Freeipa-users] How RBAC defined.

HI So basically RBAC cannot apply against system user (ssh) ? On Mon, May 16, 2016 at 11:29 AM, Alexander Bokovoy wrote: > On Sat, 14 May 2016, Ben .T.George wrote: > >> Hi List, >> >> i have one working setup with HBAC and sudo rules. >> >> I would like t

Re: [Freeipa-users] How RBAC defined.

HI Marc, thanks for the explanation. can you please share some kind of implementation guide for this? On Mon, May 16, 2016 at 3:45 AM, Marc Boorshtein < marc.boorsht...@tremolosecurity.com> wrote: > > I would like to know more about RBAC. like what is RBAC and what can be > > achieved with RB

Re: [Freeipa-users] How RBAC defined.

HI List, anyone please help me by sending some updated documents. On Sat, May 14, 2016 at 1:25 AM, Ben .T.George wrote: > Hi List, > > i have one working setup with HBAC and sudo rules. > > I would like to know more about RBAC. like what is RBAC and what can be >

[Freeipa-users] How RBAC defined.

Hi List, i have one working setup with HBAC and sudo rules. I would like to know more about RBAC. like what is RBAC and what can be achieved with RBAC. anyone please share some good topics about this as i am getting so many and the information's mentioned on those are different. Thanks & Regar

Re: [Freeipa-users] From where can i get repo details for FreeIPA 4.3.1 version

HI thanks yes now it's working and yesterday it was not. regards, Ben On Mon, May 2, 2016 at 1:54 PM, Martin Basti wrote: > > > On 01.05.2016 10:24, Ben .T.George wrote: > > Hi All, > > again link for IPA 4.3.1 is offline > > https://copr.fedorainfracloud

Re: [Freeipa-users] Help regarding SUDo rule implementation

HI All sudo rules got worked .actually i tried after 6 hours, what is the default time to get affect this rule affect normally, is there any way to manually pull changes from client? Regards, Ben On Sun, May 1, 2016 at 11:46 PM, Ben .T.George wrote: > HI > > i have a working setup o

[Freeipa-users] Help regarding SUDo rule implementation

HI i have a working setup of FreeIPA 4.3 with AD integrated, I can able to apply HBAC rules and from client side it's working. how can i apply sudo rules to that specific POSIX group. i have created sample rue and added 2 commands put option as !authenticate and attached this rule to client, but

[Freeipa-users] dnsforwardzone-add giving error

HI LIst, i dont; know how to explain this issue. I was trying IPA 4.3.1 while adding DNS, i am getting below error [root@global tmp]# ipa dnsforwardzone-add kwttestdc.com.kw --forwarder=192.168.37.131 --forward-policy=only Server will check DNS forwarder(s). This may take some time, please wait

Re: [Freeipa-users] dnsforwardzone-add giving error

port 53 anwered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 anwered SERVFAIL. this is the first time i am seeing this error. On Sun, May 1, 2016 at 3:30 PM, Ben .T.George wrote: > HI LIst, > > i dont; know how to explain this issue. I was trying IPA 4.3.1 > > w

Re: [Freeipa-users] From where can i get repo details for FreeIPA 4.3.1 version

Hi All, again link for IPA 4.3.1 is offline https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-3-centos-7/ On Tue, Apr 12, 2016 at 4:19 PM, Ben .T.George wrote: > Hi > > Wow.Thanks for your fast response. > > Regards > Ben > On 12 Apr 2016 16:09,

Re: [Freeipa-users] HBAC with Active directory group is not working

and here is my sssd debug log from client side http://pastebin.com/ud2q3FR5 On Sat, Apr 30, 2016 at 10:06 AM, Ben .T.George wrote: > Hi > > Adding this this. > > in AD i habe added 2 users , ben and jude. In my HBAC rule, i pointed this > specific external group and (were th

Re: [Freeipa-users] HBAC with Active directory group is not working

hbac is working partially. How can i fix this. Regards, Ben On Fri, Apr 29, 2016 at 7:27 PM, Ben .T.George wrote: > surprisingly i have created some local IPA users and added to same HBAC > rule, and removed AD grop ad applied this rule to client, and that got > worked. > > How

Re: [Freeipa-users] ipa trust-fetch-domains failing.

HI All this issue has solved On Sat, Apr 30, 2016 at 9:16 AM, Ben .T.George wrote: > when i am running ipa trust-fetch-domains "kwttestdc.com.kw" , i am > getting below error in error_log > > [Sat Apr 30 09:14:25.107449 2016] [:error] [pid 2666] ipa: E

Re: [Freeipa-users] ipa trust-fetch-domains failing.

@IDM.LOCAL: trust_fetch_domains(u'kwttestdc.com.kw', rights=False, all=False, raw=False, version=u'2.156'): ServerCommandError On Sat, Apr 30, 2016 at 12:00 AM, Ben .T.George wrote: > Hi > > Anyone please help me to fix this issue. > > i have created new group in A

Re: [Freeipa-users] ipa trust-fetch-domains failing.

*member group: KWTTESTDC\test admins: Cannot find specified domain or server name* *-* *Number of members added 0* --------- On Fri, Apr 29, 2016 at 4:41 PM, Ben .T.George wrote: > Hi > > while issuing ipa trust-fetch-domains, i am getting bel

Re: [Freeipa-users] HBAC with Active directory group is not working

surprisingly i have created some local IPA users and added to same HBAC rule, and removed AD grop ad applied this rule to client, and that got worked. How can i make this AD group with HBAC working? Regards, Ben On Fri, Apr 29, 2016 at 7:12 PM, Ben .T.George wrote: > HI > > If

Re: [Freeipa-users] HBAC with Active directory group is not working

HI If i disable allow_all <https://freeipa.idm.local/ipa/ui/#allow_all> rule, i cannot able to login to client machine. On Fri, Apr 29, 2016 at 7:05 PM, Ben .T.George wrote: > HI > > actually i have added Domain Admins and the user ben is not part of Domain > Admins. But when

Re: [Freeipa-users] HBAC with Active directory group is not working

...@kwttestdc.com.kw *),1827801105(sudo adm...@kwttestdc.com.kw) On Fri, Apr 29, 2016 at 6:58 PM, Ben .T.George wrote: > HI > > while explaning here it went wrong. actually i did is" > Added external group to POSIX group" > > On Fri, Apr 29, 2016 at 6:56 PM, Jakub Hrozek

Re: [Freeipa-users] HBAC with Active directory group is not working

HI while explaning here it went wrong. actually i did is" Added external group to POSIX group" On Fri, Apr 29, 2016 at 6:56 PM, Jakub Hrozek wrote: > On Fri, Apr 29, 2016 at 06:32:28PM +0300, Ben .T.George wrote: > > HI, > > > > "The other is that the groups

Re: [Freeipa-users] HBAC with Active directory group is not working

failed. See details in the error_log Thanks & Regards, Ben On Fri, Apr 29, 2016 at 6:33 PM, Ben .T.George wrote: > Hi Alex, > > yea my mistake. > > i was following u this > > > http://www.freeipa.org/page/Active_Directory_trust_setup#Allow_access_for_users_from_AD_

Re: [Freeipa-users] HBAC with Active directory group is not working

Hi Alex, yea my mistake. i was following u this http://www.freeipa.org/page/Active_Directory_trust_setup#Allow_access_for_users_from_AD_domain_to_protected_resources On Fri, Apr 29, 2016 at 6:03 PM, Alexander Bokovoy wrote: > On Fri, 29 Apr 2016, Ben .T.George wrote: > >> Hi L

Re: [Freeipa-users] HBAC with Active directory group is not working

HI, "The other is that the groups might not show up on the client (do they?)" how can i check that. Thanks Ben On Fri, Apr 29, 2016 at 5:59 PM, Jakub Hrozek wrote: > On Fri, Apr 29, 2016 at 05:38:30PM +0300, Ben .T.George wrote: > > Hi List, > > > > I have w

[Freeipa-users] HBAC with Active directory group is not working

Hi List, I have working setup of one AD, one IPA server and one client server. by default i can login to client server by using AD username. i want to apply HBAC rules against this client server. For that i have done below steps. 1. created External group in IPA erver 2. created local POSIX grou

[Freeipa-users] ipa trust-fetch-domains failing.

Hi while issuing ipa trust-fetch-domains, i am getting below error. i have created new security group in AD and i want to add this to external group. [root@freeipa ~]# ipa trust-fetch-domains "kwttestdc.com.kw" ipa: ERROR: error on server 'freeipa.idm.local': Fetching domains from trusted fo

Re: [Freeipa-users] HBAC implementation help

HI Thanks for your reply. can i do this external group mapping from web UI? On Fri, Apr 29, 2016 at 10:50 AM, Jakub Hrozek wrote: > On Fri, Apr 29, 2016 at 12:03:42AM +0300, Ben .T.George wrote: > > Hi List, > > > > i have a working setup of IPA with AD integrated

[Freeipa-users] HBAC implementation help

Hi List, i have a working setup of IPA with AD integrated and one client joined. i want to implement HBAC rules against this client. can anyone please share me good articles of implementing HBAC from web UI. Thanks & Regards, Ben -- Manage your subscription for the Freeipa-users mailing list:

[Freeipa-users] error while adding conditional forwarder for AD domain

Hi LIst, getting below error while adding conditional forwarder for AD domain on IPA [root@ipa ~]# ipa dnsforwardzone-add ad.example.com --forwarder=192.168.37.131 --forward-policy=only Server will check DNS forwarder(s). This may take some time, please wait ... ipa: ERROR: DNS check for domain a

Re: [Freeipa-users] Good IPA implementation guide

ction in the RHEL > documentation: > > > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/ > > > > Josh > > > > *From:* freeipa-users-boun...@redhat.com [mailto: > freeipa-users-boun...@redhat.com] *On Behalf Of *Ben .T.George >

[Freeipa-users] Good IPA implementation guide

Hi List, anyone please send me some refference to IPA server installation with active directory integration guide. I would like to install latest IPA version in RHEL 7. Thanks & Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/

Re: [Freeipa-users] From where can i get repo details for FreeIPA 4.3.1 version

Hi Wow.Thanks for your fast response. Regards Ben On 12 Apr 2016 16:09, "Martin Basti" wrote: > > > On 12.04.2016 14:59, Ben .T.George wrote: > > Hi List, > > Ffrom where can i get repo details for FreeIPA 4.3.1 version. the link > provided in website is brok

[Freeipa-users] From where can i get repo details for FreeIPA 4.3.1 version

Hi List, Ffrom where can i get repo details for FreeIPA 4.3.1 version. the link provided in website is broken. https://www.freeipa.org/page/Releases/4.3.1 please someone give me right package details. Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redha

Re: [Freeipa-users] krb5kdc: Server error

; SERVER: 172.16.100.180#53(172.16.100.180) ;; WHEN: Wed Apr 08 13:54:02 AST 2015 ;; MSG SIZE rcvd: 68 On Wed, Apr 8, 2015 at 1:27 PM, Traiano Welcome wrote: > Hi Ben > > > > On Wed, Apr 8, 2015 at 12:39 PM, Ben .T.George > wrote: > > HI > > > > i a

[Freeipa-users] krb5kdc: Server error

HI i am getting krb5kdc: Server error on ligs: krb5kdc: Server error - while fetching master key K/M for realm SUN.LOCAL and the ipactl status is taking long time. Web interface is not able to athenticate. If i issue ipactl restart, noting is happening to solve this issue currently i am restar

Re: [Freeipa-users] Your session has expired. Please re-login.

no, it's because of wrong ticket i guess. try the steps and let us know the output On Fri, Apr 3, 2015 at 2:23 PM, Andrew Holway wrote: > > > On Friday, 3 April 2015, Ben .T.George wrote: > >> HI >> >> i was facing the same issue last week and it got fi

Re: [Freeipa-users] Your session has expired. Please re-login.

HI i was facing the same issue last week and it got fixed now. always user WUI from firefox. install Kerbros plugin and certificate from ipa help page check time(ntp) Destroy and recreate ticket (Kdestroy & kinit admin) restart krb5kdc,sssd & httpd services restart ipactl (ipactl restart) ch

Re: [Freeipa-users] IPA web interface always giving "Your session has expired. Please re-login."

everything is default. but now the issue solved after many restart,kinit & ipactl restart don't still don't know how it got fixed Regards, Ben On Wed, Apr 1, 2015 at 8:31 PM, Nalin Dahyabhai wrote: > On Wed, Apr 01, 2015 at 07:45:10PM +0300, Ben .T.George wrote: > >

Re: [Freeipa-users] IPA web interface always giving "Your session has expired. Please re-login."

HI i have checked from chrome and got 401 error: This is what exactly i reported 3 weeks back :( http://s1.postimg.org/41ik3o1hr/kerb.jpg Regards, Ben On Wed, Apr 1, 2015 at 7:45 PM, Ben .T.George wrote: > HI > > yes i have creared cache. tried from different browsers, tried from &

Re: [Freeipa-users] IPA web interface always giving "Your session has expired. Please re-login."

PM, Ben .T.George wrote: > > Hi > > I have re-installed verything from RHEL 7.1 DVD and current ipa version > is 4.0.1 > > everything is working including AD trust. > > but my web interface always giving "Your session has expired. Please > re-login." > >

[Freeipa-users] IPA web interface always giving "Your session has expired. Please re-login."

Hi I have re-installed verything from RHEL 7.1 DVD and current ipa version is 4.0.1 everything is working including AD trust. but my web interface always giving "Your session has expired. Please re-login." i faced the issue before that time i destroyed kerbros ticket (Kdestroy) and initiated ag

[Freeipa-users] ipa: ERROR: Cannot find specified domain or server name

HI i have installed latest FreeIPA 4.1.4 on RHEL 7.1 My DNS is working fine. I am getting good response [root@kwtprsolipa01 ~]# for i in _ldap._tcp _kerberos._tcp _kerberos._udp _kerberos-master._tcp _kerberos-master._udp _ntp._udp; do echo ""; dig @mha.local ${i}.SUN.LOCAL srv +nocmd +noquestio

Re: [Freeipa-users] how can i give set of users to one particular host

9:19 PM, Rob Crittenden wrote: > Ben .T.George wrote: > > please anyone share bit more information on this like real example > > As we've said many times before, we have very little real experience on > Solaris. We do the best we can and sometimes that is going to be in the

Re: [Freeipa-users] how can i give set of users to one particular host

please anyone share bit more information on this like real example On Tue, Mar 24, 2015 at 9:03 PM, Rob Crittenden wrote: > Dmitri Pal wrote: > > On 03/24/2015 01:15 PM, Ben .T.George wrote: > >> Hi > >> > >> current stage is AD users can able to login to

Re: [Freeipa-users] how can i give set of users to one particular host

On 03/24/2015 07:20 AM, Ben .T.George wrote: > > HI > > i am using IPA 3.3 and my client is solaris 10. > > how can i give only some set of users to this client without creating > user group in ad? > > thanks & Regards, > Ben > > > > You can cre

[Freeipa-users] how can i give set of users to one particular host

HI i am using IPA 3.3 and my client is solaris 10. how can i give only some set of users to this client without creating user group in ad? thanks & Regards, Ben -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://fre

Re: [Freeipa-users] FreeIPA 3.3 AD<-> Solaris is working but solaris local users cannot able to login

HI i created the home directory manually and copied the profile. i tried to access the solaris box from putty and still it's not accepting password. On Mon, Mar 23, 2015 at 11:03 AM, Ben .T.George wrote: > HI List > > finally after soo much struggling now i can able to login

[Freeipa-users] FreeIPA 3.3 AD<-> Solaris is working but solaris local users cannot able to login

HI List finally after soo much struggling now i can able to login solaris box as AD user. but auto home directory creation still have issue. for that i need to compile some modules. The issue i am facing is i cannot able to login to solaris box after editing pam.conf file.here is the conf file

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

Alexander Bokovoy wrote: > On Wed, 18 Mar 2015, Ben .T.George wrote: > >> no, >> >> this is new host-name i am choosed. >> >> anyway how to check is there any existing solaris.com in AD, under DNS >> management, i cannot see anything >> > You can

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

# search result search: 2 result: 0 Success # numResponses: 4 # numReferences: 3 You have new mail in /var/spool/mail/root but there is no solaris.com in this output On Wed, Mar 18, 2015 at 1:38 PM, Alexander Bokovoy wrote: > On Wed, 18 Mar 2015, Ben .T.George wrote: > >> did

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

no, this is new host-name i am choosed. anyway how to check is there any existing solaris.com in AD, under DNS management, i cannot see anything Regards, Ben On Wed, Mar 18, 2015 at 12:45 PM, Alexander Bokovoy wrote: > On Wed, 18 Mar 2015, Ben .T.George wrote: > >> HI >

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

HI i saw this ticket and' 13 months old https://fedorahosted.org/freeipa/ticket/4202 is this fixed? i think the mentioned patch is for 3.3 Regards, Ben On Wed, Mar 18, 2015 at 12:24 PM, Ben .T.George wrote: > this is the result from AD > > C:\Users\Administrator>nslookup

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

ty = 0 weight = 100 port = 389 svr hostname = kwtpocpbis02.solaris.com kwtpocpbis02.solaris.cominternet address = 172.16.107.135 On Wed, Mar 18, 2015 at 12:21 PM, Ben .T.George wrote: > HI > > thanks for the reply > > i

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

HI thanks for the reply i have created PTR record for IPA server under reverse lookup zone manually and ipa server resolving from AD how can i solve trhis issue.? On Wed, Mar 18, 2015 at 12:15 PM, Alexander Bokovoy wrote: > On Wed, 18 Mar 2015, Ben .T.George wrote: > >> H

Re: [Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

HI i saw the this in BZ and it's closed my mentioning it's got resolved on RHEL/Centos 7. But i am already using 7 . please anyone help me to fix this? Regards, Nem On Wed, Mar 18, 2015 at 11:19 AM, Ben .T.George wrote: > Hi > > i am getting "ipa: ERROR: CIFS se

[Freeipa-users] ipa: ERROR: CIFS server communication error: code "-1073741771",

Hi i am getting "ipa: ERROR: CIFS server communication error: code "-1073741771"," while doing [root@kwtpocpbis02 ~]# ipa trust-add --type=ad infra.com --admin Administrator --password Active Directory domain administrator's password: ipa: ERROR: CIFS server communication error: code "-107374177

Re: [Freeipa-users] Only one AD user can able to login to IPA server

015] [:error] [pid 15176] raise assess_dcerpc_exception(num=num, message=message) [Wed Mar 18 08:10:19.541675 2015] [:error] [pid 15176] ACIError: Insufficient access: Gettext('CIFS server denied your credentials', domain='ipa', localedir=None) [Wed Mar 18 08:10:19.541678 2015]

Re: [Freeipa-users] Only one AD user can able to login to IPA server

Hi all how can i fix this issue.? even i tried to trust add AD again. that too failed. from where i need to troubleshoot ? On Tue, Mar 17, 2015 at 3:02 PM, Ben .T.George wrote: > Hi > > i did kinit > > [root@kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab > kinit:

Re: [Freeipa-users] Only one AD user can able to login to IPA server

wrote: > On Tue, Mar 17, 2015 at 02:38:41PM +0300, Ben .T.George wrote: > > here is separated logs: > > > > tail -f sssd_solaris.local.log > > Thank you, see inline: > > > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_get_tgt_recv] > > (0x0400): Ch

Re: [Freeipa-users] Only one AD user can able to login to IPA server

17 14:33:30 2015) [sssd[be[solaris.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext] (Tue Mar 17 14:33:30 2015) [sssd[be[solaris.local]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN] (Tue Mar 17 14:33:30 2015) [sssd[be[solaris.local]]] [sdap_get_

Re: [Freeipa-users] Only one AD user can able to login to IPA server

replied to ping On Tue, Mar 17, 2015 at 1:27 PM, Jakub Hrozek wrote: > On Tue, Mar 17, 2015 at 12:57:27PM +0300, Ben .T.George wrote: > > HI > > > > i have enabled debug > > > > here is my sssd.conf > > > > [root@kwtpocpbis01 ~]# cat

Re: [Freeipa-users] Only one AD user can able to login to IPA server

okie 'ipa_session=cf8484a2b0ee0f8f3fe2cac8c6ad7570; Domain=kwtpocpbis01.solaris.local; Path=/ipa; Expires=Tue, 17 Mar 2015 10:27:04 GMT; Secure; HttpOnly' for principal admin@SOLARIS.LOCAL ipa: DEBUG: Starting external process ipa: DEBUG: args='keyctl' 'search' '

Re: [Freeipa-users] Only one AD user can able to login to IPA server

;user' 'ipa_session_cookie:admin@SOLARIS.LOCAL' ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=35095713 ipa: DEBUG: stderr= ipa: DEBUG: Starting external process ipa: DEBUG: args='keyctl' 'search' '@s' 'user' 'ipa_session_coo

Re: [Freeipa-users] Only one AD user can able to login to IPA server

5840]: Accepted password for b...@infra.com from 10.18.2.130 port 64782 ssh2 Mar 17 12:44:59 kwtpocpbis01 sshd[15840]: pam_unix(sshd:session): session opened for user b...@infra.com by (uid=0) On Tue, Mar 17, 2015 at 12:09 PM, Jakub Hrozek wrote: > On Tue, Mar 17, 2015 at 11:37:24AM +0300,

[Freeipa-users] Only one AD user can able to login to IPA server

HI List i was following this link : http://www.freeipa.org/page/Active_Directory_trust_setup#Assumptions to setup IPA server my IPA version is 4.1.2 every setps in this tutorials was passed without any error even "*Allow access for users from AD domain to protected resources*" went successfully

Re: [Freeipa-users] solaris 10 ad authentication happening with only one user

HI the user Ben is from Ad, how can i assign shell to that user.? Regards, Ben On Sun, Mar 15, 2015 at 7:14 PM, Gianluca Cecchi wrote: > > Il 15/Mar/2015 11:04 "Ben .T.George" ha scritto: > > > > > here is the getent passwd: > > > > > > nob

[Freeipa-users] solaris 10 ad authentication happening with only one user

Hi LIst, i have successfully configured my solaris 10 with AD through IPA 4.1.2 the issue i am facing is,only one AD user can able to solaris here is the getent passwd: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: *b...@infra.com:x:531001104:531001104:ben:/home/infra.com/ben

[Freeipa-users] solaris to free IPA user issue

HI i am using free ipa 4.1.2 on centos 7. from root user, i can able to switch to IPA user : "su ben" but from any other user if i try that, it's asking for password. if i gave the correct passord also, its not accepting .This is what i am getting bash-3.2$ su jude Password: su: Sorry and on l

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

: > > Hello, > > Is there any chance you can help this guy on the FreeIPA list? > > Thanks > Dmitri > > > Original Message ---- Subject: Re: [Freeipa-users] how can > i create home directories automatically on solaris while IPA user login Date: > Wed, 11 Ma

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

the /etc/auto_master file so the "mkhomedir" script runs > at login > /home /usr/local/adm/mkhomedir > > Remove original /home/ directories > rm -rf /home/* > > Restart autofs so the change takes effect > svcadm restart autofs > > Make sure you change you

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

b Crittenden > wrote: > >> Ben .T.George wrote: >> > HI >> > >> > thanks for the rply. >> > >> > even i tried native auto_master file with directory checking script. if >> > i feed the user manually to the script, the directory is creating

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

but's not authenticate with AD, IPA user can login on solaris box On Wed, Mar 11, 2015 at 9:11 PM, Dmitri Pal wrote: > On 03/11/2015 01:56 PM, Ben .T.George wrote: > > HI > > yea , i saw that mail thread and he claims that he achieved somehow. but > not clear. > > an

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

sting wiki :) as there are many solaris related documents which is pretty old. anyway still waiting for rply Regards, Ben On Wed, Mar 11, 2015 at 8:49 PM, Dmitri Pal wrote: > On 03/11/2015 01:18 PM, Ben .T.George wrote: > > HI > > thanks for the rply. > > even i tried na

Re: [Freeipa-users] how can i create home directories automatically on solaris while IPA user login

questions related to that. now i am little bit confident up to this level. and if everything is working fine, i will try to create automated script for IPA join Regards, Ben On Wed, Mar 11, 2015 at 7:32 PM, Dmitri Pal wrote: > On 03/11/2015 09:50 AM, Ben .T.George wrote: > > HI > >

  1   2   >