Hi All,
Red Hat tend to configure users by default with uid=gid when a
user is created. This means there is a corresponding private group with the
same name as the user. It is not possible to do this in AD without a bit of
trickery. Is there any way to configure sssd so it tries
On (24/06/13 22:06), Jakub Hrozek wrote:
>On Sat, Jun 22, 2013 at 01:55:51PM +0200, Lukas Slebodnik wrote:
>> On (21/06/13 20:45), Jakub Hrozek wrote:
>> >On Thu, Jun 20, 2013 at 11:11:17AM +0200, Lukas Slebodnik wrote:
>> >> Rewritten patches are attached.
>> >>
>> >> LS
>> >
>> >Two nitpicks:
>>
On Sat, Jun 22, 2013 at 01:55:51PM +0200, Lukas Slebodnik wrote:
> On (21/06/13 20:45), Jakub Hrozek wrote:
> >On Thu, Jun 20, 2013 at 11:11:17AM +0200, Lukas Slebodnik wrote:
> >> Rewritten patches are attached.
> >>
> >> LS
> >
> >Two nitpicks:
> >
> >> +static char * get_ccache_name_by_principa
On Mon, Jun 24, 2013 at 04:28:10PM +0100, David Woodhouse wrote:
> On Mon, 2013-06-24 at 17:01 +0200, Jakub Hrozek wrote:
> > On Mon, Jun 24, 2013 at 04:59:33PM +0200, Jakub Hrozek wrote:
> > > On Mon, Jun 24, 2013 at 04:23:46PM +0200, Sumit Bose wrote:
> > > > Hi,
> > > >
> > > > David Woodhouse
On Mon, 2013-06-24 at 16:47 +0100, David Woodhouse wrote:
> My existing TGT is for dwood...@ger.corp.intel.com, so trying to renew
> a TGT for david.woodhouse\@intel@ger.corp.intel.com doesn't work.
My userPrincipalName in ldap really is 'david.woodho...@intel.com',
which would appear to be wr
On Mon, 2013-06-24 at 16:28 +0100, David Woodhouse wrote:
> Then it does actually seem to be *trying* to renew, but I get the
> following:
From krb5_child.log:
(Mon Jun 24 16:15:32 2013) [[sssd[krb5_child[5790 [sss_child_krb5_trace_cb]
(0x4000): [5790] 1372086932.966801: Retrieving
david.wo
On Mon, 2013-06-24 at 17:01 +0200, Jakub Hrozek wrote:
> On Mon, Jun 24, 2013 at 04:59:33PM +0200, Jakub Hrozek wrote:
> > On Mon, Jun 24, 2013 at 04:23:46PM +0200, Sumit Bose wrote:
> > > Hi,
> > >
> > > David Woodhouse identified an issue with Kerberos ticket renewal.
> > > Attached two patches
While working on #1814 i noticed that there's a dead switch statement
(with no case/default), attached patch fixes this issue.
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech
From 4b622895d2873ce59f74178b82f3fdc1a51361a9 Mon Sep 17 00:00:00 2001
From: Ond
The problem here wasn't in returned error code, but in faultly read DBUS
message, due to condition in sss_authtok_set_string.
When password is empty, it passes 0 as length, which is misinterpreted,
and the function tries to determine the length of string by itself,
reaching over boundaries of
On Mon, Jun 24, 2013 at 04:59:33PM +0200, Jakub Hrozek wrote:
> On Mon, Jun 24, 2013 at 04:23:46PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > David Woodhouse identified an issue with Kerberos ticket renewal.
> > Attached two patches fix two issues related to the authtok refactoring
> > which make re
On Mon, Jun 24, 2013 at 04:23:46PM +0200, Sumit Bose wrote:
> Hi,
>
> David Woodhouse identified an issue with Kerberos ticket renewal.
> Attached two patches fix two issues related to the authtok refactoring
> which make renewal for me working again.
>
> bye,
> Sumit
Works for me, too. Ack.
___
On Mon, Jun 24, 2013 at 04:54:28PM +0200, Jakub Hrozek wrote:
> On Mon, Jun 24, 2013 at 08:53:24AM -0400, Stephen Gallagher wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On Mon 24 Jun 2013 08:48:57 AM EDT, Jakub Hrozek wrote:
> > > On Mon, Jun 24, 2013 at 08:04:34AM -0400, S
On Mon, Jun 24, 2013 at 08:53:24AM -0400, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Mon 24 Jun 2013 08:48:57 AM EDT, Jakub Hrozek wrote:
> > On Mon, Jun 24, 2013 at 08:04:34AM -0400, Stephen Gallagher wrote:
> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On Mon, Jun 24, 2013 at 01:28:28PM +0200, Sumit Bose wrote:
> On Mon, Jun 24, 2013 at 11:04:40AM +0200, Jakub Hrozek wrote:
> > I think we didn't synchronize our changes with Sumit. The SID code
> > doesn't retry correctly when looking up users-or-groups by SID. The
> > attached patch fixes that.
>
On Mon, Jun 24, 2013 at 03:14:38PM +0200, Jakub Hrozek wrote:
> On Mon, Jun 24, 2013 at 02:01:32PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > this patch fixes an issue Jakub found when using IPA user and HBAC rules
> > with current SSSD master tree. Please see commit message for details.
> >
> > I'
Hi,
David Woodhouse identified an issue with Kerberos ticket renewal.
Attached two patches fix two issues related to the authtok refactoring
which make renewal for me working again.
bye,
Sumit
From 0f2fb036a9f3b7ef0a64fdfc17869b2d6b673334 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Mon, 24 J
On Jun 24, 2013, at 3:11 PM, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 06/24/2013 09:08 AM, Steve Traylen wrote:
>>
>> On Jun 24, 2013, at 2:52 PM, Stephen Gallagher wrote:
>>
[sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP
>>>
On Mon, 2013-06-24 at 14:57 +0200, Jakub Hrozek wrote:
> On Mon, Jun 24, 2013 at 08:53:24AM -0400, Stephen Gallagher wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On Mon 24 Jun 2013 08:48:57 AM EDT, Jakub Hrozek wrote:
> > > On Mon, Jun 24, 2013 at 08:04:34AM -0400, Stephen
On Mon, Jun 24, 2013 at 08:53:24AM -0400, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Mon 24 Jun 2013 08:48:57 AM EDT, Jakub Hrozek wrote:
> > On Mon, Jun 24, 2013 at 08:04:34AM -0400, Stephen Gallagher wrote:
> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On Mon, Jun 24, 2013 at 03:34:19PM +0200, Pavel Březina wrote:
> https://fedorahosted.org/sssd/ticket/1959
>
> Is there anyway how to achieve this in systemd?
Yes, see EnvironmentFile
> Do we want the path
> configurable?
Yes, we do.
___
sssd-devel ma
https://fedorahosted.org/sssd/ticket/1959
Is there anyway how to achieve this in systemd? Do we want the path
configurable?
From 1f0af3a2f0d101cb1e80952a2fbe3968b5e6347c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Mon, 24 Jun 2013 15:30:04 +0200
Subject: [PATCH] init s
https://fedorahosted.org/sssd/ticket/1959
Is there anyway how to achieve this in systemd? Do we want the path
configurable?
From 1f0af3a2f0d101cb1e80952a2fbe3968b5e6347c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Mon, 24 Jun 2013 15:30:04 +0200
Subject: [PATCH] init s
On Mon, Jun 24, 2013 at 01:41:44PM +0200, Sumit Bose wrote:
> On Mon, Jun 24, 2013 at 11:12:33AM +0200, Jakub Hrozek wrote:
> > On Mon, Jun 24, 2013 at 11:04:40AM +0200, Jakub Hrozek wrote:
> > > I think we didn't synchronize our changes with Sumit. The SID code
> > > doesn't retry correctly when l
On Mon, Jun 24, 2013 at 02:01:32PM +0200, Sumit Bose wrote:
> Hi,
>
> this patch fixes an issue Jakub found when using IPA user and HBAC rules
> with current SSSD master tree. Please see commit message for details.
>
> I've opened https://fedorahosted.org/sssd/ticket/1996 to improve the
> update
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/24/2013 09:08 AM, Steve Traylen wrote:
>
> On Jun 24, 2013, at 2:52 PM, Stephen Gallagher wrote:
>
>>>
>>> [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP
>>> error code: 1 errno: 11 error message: Fast reply - offline
>>> (Mon
On Jun 24, 2013, at 2:52 PM, Stephen Gallagher wrote:
>>
>> [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP
>> error code: 1 errno: 11 error message: Fast reply - offline (Mon
>> Jun 24 09:52:18 2013) [sssd[nss]] [nss_cmd_getpwnam_dp_callback]
>> (0x0040): Unable to get informatio
Unfortunately, the reported did not provide logs from the time of crash.
The backtrace only says that it occurred in nsupdate_child_handler() but
I'm very confident that the root cause was that the dyndns update
reached timeout.
The first patch fixes dyndns unit tests to actually reveal the cr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon 24 Jun 2013 08:48:57 AM EDT, Jakub Hrozek wrote:
> On Mon, Jun 24, 2013 at 08:04:34AM -0400, Stephen Gallagher wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>
>> On 06/23/2013 03:12 PM, Jakub Hrozek wrote:
>>> The attached patch appl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/24/2013 08:23 AM, Steve Traylen wrote:
>
> Hi
>
> sssd-1.9.2-82.7.el6_4
>
> I've a few Error messages that I'd like to understand , if you have
> some comments that would be great.
>
>
> * sssd_CERN.log
>
> sssd[be[CERN]]] [sysdb_search_use
On Mon, Jun 24, 2013 at 08:04:34AM -0400, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 06/23/2013 03:12 PM, Jakub Hrozek wrote:
> > The attached patch applies on both master and sssd-1-9 and fixes:
> > https://fedorahosted.org/sssd/ticket/1806
> >
> > The IPA
Hi
sssd-1.9.2-82.7.el6_4
I've a few Error messages that I'd like to understand , if you have some
comments that would be great.
* sssd_CERN.log
sssd[be[CERN]]] [sysdb_search_user_by_uid] (0x0400): No such entry
sssd[be[CERN]]] [sysdb_delete_group] (0x0400): Error: 2 (No such file or
direct
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/23/2013 03:12 PM, Jakub Hrozek wrote:
> The attached patch applies on both master and sssd-1-9 and fixes:
> https://fedorahosted.org/sssd/ticket/1806
>
> The IPA provider attempted to store the original value of member
> attribute to the cache.
Hi,
this patch fixes an issue Jakub found when using IPA user and HBAC rules
with current SSSD master tree. Please see commit message for details.
I've opened https://fedorahosted.org/sssd/ticket/1996 to improve the
update scheme.
bye,
Sumit
From afe1a01914ee5e3dd91d8f8c887cbaba19f17117 Mon Sep
On Mon, Jun 24, 2013 at 11:12:33AM +0200, Jakub Hrozek wrote:
> On Mon, Jun 24, 2013 at 11:04:40AM +0200, Jakub Hrozek wrote:
> > I think we didn't synchronize our changes with Sumit. The SID code
> > doesn't retry correctly when looking up users-or-groups by SID. The
> > attached patch fixes that.
On Mon, Jun 24, 2013 at 11:04:40AM +0200, Jakub Hrozek wrote:
> I think we didn't synchronize our changes with Sumit. The SID code
> doesn't retry correctly when looking up users-or-groups by SID. The
> attached patch fixes that.
ACK
bye,
Sumit
___
sssd
On Mon, Jun 24, 2013 at 11:04:40AM +0200, Jakub Hrozek wrote:
> I think we didn't synchronize our changes with Sumit. The SID code
> doesn't retry correctly when looking up users-or-groups by SID. The
> attached patch fixes that.
btw I was wondering whether it would make change to reverse the orde
I think we didn't synchronize our changes with Sumit. The SID code
doesn't retry correctly when looking up users-or-groups by SID. The
attached patch fixes that.
>From 5a28cf82146326cd45a63e57b0bbda2f4b2adfa9 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek
Date: Mon, 24 Jun 2013 10:46:53 +0200
Subject
37 matches
Mail list logo