enden :
> Matt . wrote:
>> The issue you get here is that the IPA client is not enrolled anymore
>> when you did an uninstall of the client before the IPA install on that
>> "previous" client which needs to be client again after the IPA install
>> on it.
>>
OK, cname does it's thing :)
2017-04-09 0:36 GMT+02:00 Matt . :
> As far as I can find out I need a _ldap._tcp SRV 0 100 389
> ipa-01.mydomain.tld. in my subdomain, is there no more "general" way
> to catch them all ?
>
> 2017-04-08 23:51 GMT+02:00 Matt . :
>&
As far as I can find out I need a _ldap._tcp SRV 0 100 389
ipa-01.mydomain.tld. in my subdomain, is there no more "general" way
to catch them all ?
2017-04-08 23:51 GMT+02:00 Matt . :
> I have tested this but the hosts don't get an enrolled status. I have
> tried _kerberos T
I have tested this but the hosts don't get an enrolled status. I have
tried _kerberos TXT "MYREAL.DOMAIN.TLD" and without the quotes. I
can't see any logging about it. Any idea ?
Thanks!
Matt
2017-04-04 20:50 GMT+02:00 Matt . :
> Hi Alexander,
>
> Superb, th
raccess
on systems.
2017-04-07 23:24 GMT+02:00 Rob Crittenden :
> Matt . wrote:
>> Nope, I provision my servers and they are added to my FreeIPA
>> environment which auths my systeadmins. But on a server I provisioned
>> I need to install FreeIPA as well, but without dns and
with the network at all but I think it's nice when I don't have to
maintain my local users there to login to the box for maintenance so I
thought it would be nice when SSSD checked my default IPA-environment
server for that.
2017-04-07 23:24 GMT+02:00 Rob Crittenden :
> Matt . wrote
;s
installed with FreeIPA and the clientconfig for sssd is not there
anymore because of the 'ipa-client-install --uninstall'
2017-04-07 23:11 GMT+02:00 Rob Crittenden :
> Matt . wrote:
>> When I have a full ipa setup and I want to add a host to it that is
>> installed or
faster the IPA LDAP only server is installed ?
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hi Alexander,
Superb, thanks a lot for this quick fix!
Matt
2017-04-04 20:48 GMT+02:00 Alexander Bokovoy :
> On ti, 04 huhti 2017, Matt . wrote:
>>
>> Hi guys,
>>
>> Is it possible to create in a simple way the SRV domains for kerberos
>> on subdomains ? it&
Hi guys,
Is it possible to create in a simple way the SRV domains for kerberos
on subdomains ? it's a pain to add them all manually when you have a
lot of subdomains.
I hope someone has a solution.
Thanks!
Matt
--
Manage your subscription for the Freeipa-users mailing list:
Hi Rob,
I have this solved, I think it was an issue in the foreman-proxy.
The reason why there are two users in the role was to test other
usernames, as you cannot use foreman-proxy for this for an example.
I need to update the Foreman ticket about it.
Thanks for helping out.
Cheers,
Matt
Hi Rob,
Thanks for the update, the same error happens when I add a new host,
so I'm lost, the same for the Foreman devs.
What can I check/test further ?
Thanks,
Matt
2017-03-10 21:20 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> Hi Rob,
>>
>> Thanks, but what do y
Hi Rob,
Thanks, but what do you mean here ? The Foreman has a script which
should be OK for it:
https://github.com/theforeman/smart-proxy/blob/develop/sbin/foreman-prepare-realm
Can you check this maybe ?
Thanks,
Matt
2017-03-10 17:21 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> I
d
Bind rule type: permission
Subtree: cn=computers,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld
Type: host
Permission flags: V2, MANAGED, SYSTEM
Number of entries returned 3
Can anyone help me out as I'm unsure where this
r2.lci.devdomain.com
IPA CA renewal master: server1.lci.devdomain.com
On Thu, Mar 2, 2017 at 12:39 AM Martin Basti wrote:
>
>
> On 01.03.2017 22:00, Matt Wells wrote:
>
> I have two new IPA 4.4 servers on CentOS7 installed in a lab. I built the
> first, joined the second and
I have two new IPA 4.4 servers on CentOS7 installed in a lab. I built the
first, joined the second and promoted it to be a master. Thus far all went
well.
I then ran the ipa-ca-install and when I log back in I see that it has
"domain,CA" attached to it. However when I hit the main IPA page it
i
Hi Flo,
Yes it does! Thanks for that. Is it not possible to remove a
certificate fully as it always syncs this way ? Or remove it from
/etc/httpd/alias, then from ldap and then sync again ?
Cheers,
Matt
2017-02-21 9:03 GMT+01:00 Florence Blanc-Renaud :
> On 02/20/2017 04:09 PM, Matt . wr
Oh sorry, I thought I did, must have been some conceptmail then :)
2017-02-20 21:21 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> Hi All,
>>
>> Yes as I stated I see software, multiple, having issues with usernames
>> larger then 28 characters.
>
> You didn&#x
Hi All,
Yes as I stated I see software, multiple, having issues with usernames
larger then 28 characters.
Cheers,
Matt
2017-02-20 15:53 GMT+01:00 Rob Crittenden :
> David Kupka wrote:
>> On Sat, Feb 18, 2017 at 03:06:21PM +0100, Matt . wrote:
>>> Hi Guys,
>>>
>&g
Hi Rob,
Yes it does, I understood that there was some reason the duplicate
might exist, but I wonder more why does the RootCA show up when I
removed it and comes back after adding the two intermediates ?
Thanks
Matt
2017-02-20 15:20 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> Hi,
Hi,
The install seems to be OK this way, but I'm still confused about the
duplicated and the RootCA.
Cheers,
Matt
2017-02-18 14:47 GMT+01:00 Matt . :
> Hi Florance,
>
>
> I'm actually stil investigating this as the following occurs.
>
> I have removed all unneed
Hi Guys,
Does anyone know what the max length is for a sysaccount username is ?
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
?
I'm also curious about what IPA syncs between all hosts, it seems to
be only the Intermediate certs and not the install domains
certificate, this needs to be installed manually after a local
#ipa-certupdate on each node ?
I hope you can clearify this out.
Thanks,
Matt
2017-02-17 0:15 GM
Hi Flo,
Sure I can, I will look through the steps closely tomorrow and will
create some lineup here.
Cheers,
Matt
2017-02-16 23:55 GMT+01:00 Florence Blanc-Renaud :
> On 02/16/2017 09:55 PM, Matt . wrote:
>>
>> Hi Flo! (if I may call you like that, saves some characters in typ
Hi Flo! (if I may call you like that, saves some characters in typing
but with this extra line it doesn't anymore :))
This works perfectly, thank you very much.
No questions further actually :)
Cheers,
Matt
2017-02-16 11:17 GMT+01:00 Florence Blanc-Renaud :
> On 02/15/2017 05:40
Hi,
Is there any update on this ? I need to install 3 other instances but
I would like to know upfront if it might be a bug.
Thanks,
Matt
2017-02-14 17:59 GMT+01:00 Matt . :
> Hi Florance,
>
> Sure I can, here you go:
>
> Fedora 24
> Freeipa VERSION: 4.4.2, API_VERSION: 2.2
Hi Florance,
Sure I can, here you go:
Fedora 24
Freeipa VERSION: 4.4.2, API_VERSION: 2.215
I installed this server as self-signed CA
Cheers,
Matt
2017-02-14 17:54 GMT+01:00 Florence Blanc-Renaud :
> On 02/14/2017 05:43 PM, Matt . wrote:
>>
>> Hi Florance,
>>
>
same issues still exist, the Server-Cert is
removed again on ipa-certupdate and fails.
I have tried this with setenforce 0
Cheers,
Matt
2017-02-14 17:24 GMT+01:00 Florence Blanc-Renaud :
> On 02/14/2017 02:54 PM, Matt . wrote:
>>
>> Certs are valid, I will check what you menti
Certs are valid, I will check what you mentioned.
I'm also no fan of bundles, more the seperate files but this doesn't
seem to work always. At least for the CAroot a bundle was required.
Matt
2017-02-14 14:51 GMT+01:00 Sullivan, Daniel [CRI] :
> Have you validated the cert (a
Hi Dan,
Ues i have tried that and I get the message that it misses the full
chain for the certificate.
My issue is more, why is the Server-Cert being removed on a certupdate ?
Cheers,
Matt
2017-02-14 2:18 GMT+01:00 Sullivan, Daniel [CRI] :
> Is the chain in mydomain_com_bundle.crt? Have
e.crt
Directory Manager password:
Enter private key unlock password:
list index out of range
The ipa-server-certinstall command failed.
If I do a #ipa-certupdate the Server-Cert is removed from
/etc/httpd/alias and the install fails because of this.
What can I do to solve this ?
Thanks,
Matt
--
M
Hi,
Is it possible to create a user that can/is allowed (to) only add
hosts using the ipa-client-install ?
Would be nice to know.
Cheers,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for
synced users
so they can login on both environments (servers).
Would there be some way to accomplish this ?
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Doesn't get the user a default mailaddress when you add him under the
REALM domain ?
2017-01-02 17:50 GMT+01:00 Petr Vobornik :
> On 01/02/2017 05:00 PM, nirajkumar.si...@accenture.com wrote:
>> Hi Team,
>>
>> Is there any way to make email as mandatory field before creating any user
>> from
>> W
and fine. I also had some weird
DNS error and bind didn't want to start anymore because of expecting a
; I thought this had something todo with a forwarder which wasn't.
For now I'm good, but do you want extra info ?
Thanks,
Matt
2016-10-18 7:49 GMT+02:00 Martin Babinsky :
> On 1
Hi Guys,
I'm having a failure on my upgrade for 4.4.2-1 on Fedora 24
I already checked some info and:
ldapsearch -Y GSSAPI -b cn=CAcert,cn=ipa,cn=etc,$SUFFIX
Gives me TU instead of MII as expected.
Any suggestions further ?
Thanks,
Matt
2016-10-17T22:19:10Z DEBUG Starting external pr
t; DNS/ipa03.example@example.com)
> Oct 7 18:39:16 ipa01.example.com named-pkcs11[15697]: ldap_syncrepl
> will reconnect in 60 seconds
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
,u,u
auditSigningCert cert-pki-ca u,u,Pu
caSigningCert cert-pki-caCTu,Cu,Cu
COMODORSAAddTrustCA C,C,C
I hope this helps.
Cheers,
Matt
2016-10-01 17:04 GMT+02:00 Matt . :
> Hi guys,
&g
TED_ISSUER) Peer's certificate
issuer has been marked as not trusted by the user.)
What can cause this ?
I'm on FreeIPA, version: 4.4.1
I hope we can sort this out.
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo
Hey all I hoped anyone may be able to assist. I had 2 dead replica's and
use the cleanallruv.pl as they refused to leave otherwise.
` /usr/sbin/cleanallruv.pl -v -D "cn=directory manager" -w - -b
'dc=mosaic451,dc=com' -r 17 `
17 being the bad guy. Well it ran `woohoo` but deleted all of my
replic
nstall and
that works, FreeIPA itself is now trusted. But how to do this for
other webservices no matter what software I use ?
I hope someone can give me direction here.
Thanks!
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-u
Hi all!
I had a question about something that I'm sure has been covered. I promise
that I'm trying to find those articles but thus far I've found some pieces
but nothing 100%; however I'm still looking.
I have two networks
- ad.example.com ( active directory )
- linux.example.com ( IPA )
A
And then allow the ip of the ipa server for update or tranfser on the slave ?
Because I don't see anything coming in.
2016-08-23 12:47 GMT+02:00 Petr Spacek :
> On 23.8.2016 12:43, Matt . wrote:
>> OK, but what kind of records are you talking about then ?
>
> I'm not su
OK, but what kind of records are you talking about then ?
2016-08-23 12:25 GMT+02:00 Petr Spacek :
> On 23.8.2016 09:07, Martin Basti wrote:
>>
>>
>> On 23.08.2016 02:08, Matt . wrote:
>>> Hi Guys,
>>>
>>> What is the way to notify o
Hi Guys,
What is the way to notify or update a Bind slave which is not an IPA server ?
Do I need to manuallu add an also-notify to the /etc/bind.conf on the
IPA master or is there a different way how to accomplish this ?
I hope this is possible and anyone can explain me how.
Thanks!
Matt
through the AD through a Forest Trust.
FWIW, I'm using CentOS 7 with FreeIPA 4 (tried Ubuntu 16.04, but couldn't get
Trust established at all) and Server 2012 for AD.
I also can't see anyone else doing it this way round... is what I'm trying to
do impossible?
Thanks in advanced f
Hi,
I have some issue with the ipa-server-upgrade command where PKI fails.
This seems to be a known issue but I'm unsure where to report it as
it's fixed in FC
https://bugzilla.redhat.com/show_bug.cgi?id=1328522
Does someone have a clue how to get around this ?
Thanks!
Matt
--
M
nent.
On Wed, Mar 9, 2016 at 12:37 AM Petr Spacek wrote:
> On 8.3.2016 15:29, Matt Wells wrote:
> > For my use case it is. Essentially the system will be application auth
> for
> > separate groups that have no need to know of one another, almost a
> > multi-tenant mo
you can read /etc/passwd file
> which has info about all users on that box. This doesn't cause issues.
>
> On 8 March 2016 at 03:03, Matt Wells wrote:
>
>> Hi all, I had a quick question. I swear I had this before but that could
>> be the voices telling me it'
Hi all, I had a quick question. I swear I had this before but that could
be the voices telling me it's true
A normal user is logging into IPA (4.2.0) and filling in their phone number
and info no problem. However when that user clicks on accounts above they
are then able to peruse the entire
as errors because
it just does it that way.
2016-02-18 16:08 GMT+01:00 Rob Crittenden :
> David Kupka wrote:
>> On 17/02/16 10:47, Matt . wrote:
>>> Hi David,
>>>
>>> I have tested your way out and it seems to be OK.
>>>
>>> The reason why I need
check that out further.
An ipactl start is not needed it seems as the ipa-backup command seems
to start ipa at any time again.
Do you understand/agree here ?
2016-02-17 8:00 GMT+01:00 David Kupka :
> On 16/02/16 20:26, Matt . wrote:
>>
>> Hi,
>>
>> I'm fugiring o
Hi,
I'm fugiring out if it's possible to strip the ipa start and stop from
the backup method and actually do a fullbackup manually started.
Any idea ?
Thanks!
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
My fault from the maxfail, I was referencing some doc from
side_control and mixed it up.
For the sysaccount part sounds doable. I will report back for that!
thanks a lot!
2016-01-14 19:06 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> OK, this looks good, but keeps the user locked fro
-01-14 16:58 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> OK, nice,but this user failed on kinit but is in the group where the
>> policy is set to 0.
>>
>> Can I check on the commandline if it applies to that setting by
>> querying ldap in some way ? It could be that
too many
logins, and this concerns me as they are not POSIX.
2016-01-14 15:16 GMT+01:00 Rob Crittenden :
> Matt . wrote:
>> Hi Guys,
>>
>> I'm having an issue that a user which I use for the API is getting
>> locked out from time to time.
>>
>> I have
out in any way
by lots of logins or tries, etc and be able to test it functions
allright ?
Thanks.
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
test in minutes :)
Thanks and have a great new year ! (With MIT!)
Matt
2015-12-30 16:38 GMT+01:00 Alexander Bokovoy :
> On Wed, 30 Dec 2015, Matt . wrote:
>>
>> Hi John,
>>
>> With which OS, package version and config ? On Ubuntu 15.10 I'm not
>> able i
Hi John,
With which OS, package version and config ? On Ubuntu 15.10 I'm not
able it seems.
Thanks!
2015-12-30 9:43 GMT+01:00 John Obaterspok :
> Hi Matt,
>
> It already works fine to use kerberos ticket to access samba shares.
>
> -- john
>
> 2015-12-28 14:01 GMT+01
Hi guys,
How is the progres on the Samba (Share) Authentication for FreeIpa ?
I hope we already have some work around to use the FreeIPA credentials
for authing network shares.
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo
Hi,
Yes I found that out using some blof of Alexander.
Thanks! as I thought we needed a combination of the issues also, but I
saw one some tetsmachine this was not needed anymore, cannot say about
the past anymore.
Cheers,
Matt
2015-11-09 0:04 GMT+01:00 Fraser Tweedale :
> On Fri, Nov
Hi guys,
I'm testing out some installation and want to update my docs.
I'm using a self signed cert and need to talk to the json/api.
Which certs do I need to combine for my request, as I need an issuer too.
The /etc/ipa/ca.crt combined with an export of the webcert ?
Matt
--
M
Hi all, I hoped I may glean some brilliance from the group.
I have a Freeipa Server sitting atop a Fedora 21 server. The initial plan
was to replicate users+passwords with Windows 2012R2 server but following
some of the information in the other posts and docs we've moved to a
trust. The trust has
omeone can make this more clear as I think this is good
knowledge to have upfront anything and any case.
Thanks!
matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hi Guys,
Please keep this topic updated as many people seem to have this question.
What's the status at your side ?
Cheers,
Matt
2015-09-04 15:27 GMT+02:00 Matt . :
> Hi,
>
> Does everyone have this working or gived up on it ?
>
> Chers,
>
> Matt
>
>
Is the fix in CentOS or RHEL yet?
On Fri, Sep 11, 2015 at 1:34 PM, Alexander Bokovoy
wrote:
> On Fri, 11 Sep 2015, Matt Wells wrote:
>
>> I've been working on an AD trust with our freeipa servers but have run
>> into
>> some of the same issues others have had.
I've been working on an AD trust with our freeipa servers but have run into
some of the same issues others have had.
It's well documented here however I feel I've mitigated these -
https://bugzilla.redhat.com/show_bug.cgi?id=1219832
Freeipa Servers are Fedora 22 / freeipa-server-4.2.0
The Samba ve
Hi,
Does everyone have this working or gived up on it ?
Chers,
Matt
2015-08-26 20:07 GMT+02:00 Matt . :
> Chris,
>
> How far are you on this ? I'm stuck atm :(
>
> I hope you have some reference notes to follow and check out.
>
> Thanks!
>
> Matt
>
> 201
Chris,
How far are you on this ? I'm stuck atm :(
I hope you have some reference notes to follow and check out.
Thanks!
Matt
2015-08-20 22:15 GMT+02:00 Matt . :
> Hi Chris,
>
> Would be great to see!
>
> If I have it working and we have 2-3 testcases I think we can add
Hi Chris,
Would be great to see!
If I have it working and we have 2-3 testcases I think we can add it
to the IPA docs!
Keep me updated!
Thanks
Matt
2015-08-20 8:49 GMT+02:00 Christopher Lamb :
> Matt
>
> Once I got Samba and FreeIPA integrated (by the "good old extensions"
HI Guys,
Anyone still a working clue/test here ?
I didn't came further as it seems there need to be some domain join /
match following the freeipa devs.
Thanks!
Matt
2015-08-13 13:09 GMT+02:00 Matt . :
> Hi,
>
> I might have found somthing which I already seen in the log
start a fresh discussion about "what's best", What's best ?
The ksetup as known on the IPA pages doesn't let me login on Windows
10, so if people can share their working ways for the current version
with would be great!
Thanks,
Matt
--
Manage your subscription for
ssing!
Thanks so far guys!
Cheers,
Matt
2015-08-13 12:02 GMT+02:00 Matt . :
> Hi Youenn,
>
> OK thanks! this takes me a little but futher now and I see some good
> stuff in my logging.
>
> I'm testing on a Windows 10 Machine which is not member of an AD or
> so, so that might
mb-01 ~]$ smbclient //smb-01.domain.local/shares
...
Checking NTLMSSP password for MSP\myusername failed: NT_STATUS_WRONG_PASSWORD
...
SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
Maybe I have an issue with encrypted passwords ?
When we have this all working, I think we have a howto :D
Thanks!
Matt
20
DOMAIN\username
as username
So, the IPA way should work.
Any comments here ?
Cheers,
Matt
2015-08-12 19:00 GMT+02:00 Matt . :
> HI GUys,
>
> I'm testing this out and I think I almost setup, this on a CentOS samba
> server.
>
> I'm using the ipa-adtrust way of Youeen b
HI GUys,
I'm testing this out and I think I almost setup, this on a CentOS samba server.
I'm using the ipa-adtrust way of Youeen but it seems we still need to
add (objectclass=sambaSamAccount)) ?
Info is welcome!
I will report back when I have it working.
Thanks!
Matt
2015-08-10
Hi Chris,
Okay this is good to hear.
But don't we want a IPA managed Scheme ?
When I did a "ipa-adtrust-install --add-sids" it also wanted a local
installed Samba and I wonder why.
Good that we make some progres on making it all clear.
Cheers,
Matt
2015-08-10 6:12 GMT+02:00 C
Hi,
Yes I know about "anything" but which way did you use now ?
2015-08-09 20:56 GMT+02:00 Christopher Lamb :
> Hi Matt
>
> I am on OEL 7.1. - so anything that works on that should be good for RHEL
> and Centos 7.x
>
> I intend to add a how-to to the FreeIPA Wiki o
Hi Chris,
This sounds great!
What are you using now, both CentOS ? So Samba and FreeIPA ?
Maybe it's good to explain which way you used now in steps too, so we
can combine or create multiple howto's ?
At least we are going somewhere!
Thanks,
Matt
2015-08-09 14:54 GMT+02:00 Christ
Hi,
Yes I understood, but this seems to take at least some months before
it will be "usable".
There is no release target date yet ?
Cheers,
Matt
2015-08-09 12:33 GMT+02:00 Jakub Hrozek :
> On Sun, Aug 09, 2015 at 10:23:50AM +0200, Matt . wrote:
>> Hi,
>>
>>
Hi,
Yes that is known for SSSD, but there must be another way maybe ?
I wonder what the future is there, as it seems there is non when this
is not changed I guess.
2015-08-09 9:11 GMT+02:00 Jakub Hrozek :
> On Fri, Aug 07, 2015 at 11:49:24PM +0200, Matt . wrote:
>> Hi Alexander,
>
OK,
This is known, as this is RHEL based.
But I wonder what "the best" was should be for Debian/Ubuntu based
systems for now where we can simply migrate to the via SSSD and
NTLMSSP solution in the past.
That is my concern to the options given above.
Matt
2015-08-08 11:49 GMT+02:00
Hi Alexander,
Yes I'm on the same path, but for now I would like to get it working
on Ubuntu for the time being.
Are you sure Ubuntu is no MIT ? We have discusses that some time ago
on IRC and it seemed to be that Ubuntu was build against MIT.
Cheers,
Matt
2015-08-07 23:37 GMT+02:00 Alex
Hi Alexander,
Yes this is know, but it's not usable yet, at least not on an Ubuntu
Samba server as far as I know ?
If so, maybe you can help us out here to clear this up how to do it.
Thanks!
Matt
2015-08-07 23:09 GMT+02:00 Alexander Bokovoy :
> On Thu, 06 Aug 2015, Christopher La
Hi Chris,
OK, than we might create two different versions of the wiki, I think
this is nice.
I'm still figuring out why I get that:
IPA Error 4205: ObjectclassViolation
missing attribute "sambaGroupType" required by object class "sambaGroupMapping"
Matt
2015-08-06 16
Hi,
OK, this sounds already quite logical, but I'm still refering to the
old howto we found earlier, does that one still apply somewhere or not
at all ?
Thanks,
Matt
2015-08-06 12:23 GMT+02:00 Youenn PIOLET :
> Hey guys,
>
> I'll try to make a tutorial soon, sorry I'
Hi,
This sounds great to me too, but a howto would help to make it more
clear about what you have done here. The thread confuses me a little
bit.
Can you paste your commands so we can test out too and report back ?
Thanks!
Matt
2015-08-05 15:18 GMT+02:00 Christopher Lamb :
> Hi You
also see "class" as fielname under my "Last name", this is not OK also.
We sure need to make some howto, I think we can nail this down :)
Thanks for the heads up!
Matthijs
2015-08-05 7:51 GMT+02:00 Christopher Lamb :
> Hi Matt
>
> If I use Apache Directory Studio t
Hi Chris,
I'm at the right path, but my issue is that:
ldapmodify -Y GSSAPI <:
> Hi Matt, Youeen
>
> Just to set the background properly, I did not invent this process. I know
> only a little about FreeIPA, and almost nothing about Samba, but I guess I
> was lucky enough
Hi,
Yes, log is anonymised.
It's strange, my user doesn't have a SambaPwdLastSet, also when I
change it's password it doesn't get it in ldap.
There must be something going wrong I guess.
Matt
2015-08-04 17:45 GMT+02:00 Christopher Lamb :
> Hi Matt
>
> I assume
9:45.478026, 2]
../source3/auth/auth.c:288(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [username] ->
[username] FAILED with error NT_STATUS_NO_SUCH_USER
I also wonder if I shall still sync the users local, or is it needed ?
Thanks again,
Matt
2015-08-04 14:16 GMT
annot find "such user" as that sounds
quite known as it has no UID.
>From your config I see you use DM, this should work ?
Thanks!
Matt
2015-08-04 13:15 GMT+02:00 Matt . :
> Hi Chris,
>
> Thanks for the heads up, indeed local is 4 I see now when I add a
> group from the
roup(names) ?
Thanks again!
Matt
2015-08-03 13:20 GMT+02:00 Christopher Lamb :
> HI Matt
>
> It looks like I skipped that step ... (And as we already had samba groups
> in place, did not need to make new ones via the WebUI).
>
> However a quick google trawled up this old thread
In my previous reply, I ment "no group.js at all" .
2015-08-03 12:17 GMT+02:00 Matt . :
> Hi Chris,
>
> Thanks for that verification!
>
> It seems that:
>
> /usr/share/ipa/ui/group.js
>
> Is not there on IPA.4.1, also there is no .js at all on the whole sy
Hi Chris,
Thanks for that verification!
It seems that:
/usr/share/ipa/ui/group.js
Is not there on IPA.4.1, also there is no .js at all on the whole system.
Any idea there ?
Thanks again!
Matt
2015-08-03 9:53 GMT+02:00 Christopher Lamb :
> Hi Matt
>
> Thankfully I saved the ou
ndeed what
> happends when we "need" to move because integration has been improved.
>
> I try to keep IPA as native as I can.
>
> So this is the best way to go for now, even when this thread is such "old" ?
>
> Thanks!
>
> Matt
>
>
> 2015-08-
t has to be in
> one of those 2 places.
>
> ~J
>
>
> On 8/1/15 1:26 PM, Matt . wrote:
>>
>> kinit admin works perfectly, that is such strange.
>>
>> 2015-08-01 22:15 GMT+02:00 Janelle :
>>>
>>> lastly -- on the master - do you get the same
kinit admin works perfectly, that is such strange.
2015-08-01 22:15 GMT+02:00 Janelle :
> lastly -- on the master - do you get the same error if you "kinit admin"?
> ~J
>
>
> On 8/1/15 1:05 PM, Matt . wrote:
>>
>> This actually the most important
nelle :
> What is in the logs on the machine that is failing? Can you login to admin
> from anywhere? Logs are you best friend.
> Also, a simply "ssh -vvv" will help.
>
> ~J
>
>
> On 8/1/15 12:51 PM, Matt . wrote:
>>
>> Hi,
>>
>> This didn&#
Hi,
This didn't fix it yet.
I wonder if there are any checks I can do as in the very past I was
able to do a simple replica without any issues.
Matt
2015-08-01 21:34 GMT+02:00 Janelle :
> Double check you do not have "AllowGroups" set in your /etc/ssh/sshd_config
> fil
1 - 100 of 249 matches
Mail list logo
