On (25/06/13 11:40), Jakub Hrozek wrote:
>On Mon, Jun 24, 2013 at 10:54:30PM +0200, Lukas Slebodnik wrote:
>> On (24/06/13 22:06), Jakub Hrozek wrote:
>> >On Sat, Jun 22, 2013 at 01:55:51PM +0200, Lukas Slebodnik wrote:
>> >> On (21/06/13 20:45), Jakub Hrozek wrote:
>> >> >On Thu, Jun 20, 2013 at 1
On (25/06/13 15:16), Jakub Hrozek wrote:
>On Tue, Jun 25, 2013 at 10:36:14AM +0200, Lukas Slebodnik wrote:
>> ehlo,
>>
>> Attached patches should fix https://fedorahosted.org/sssd/ticket/1980
>>
>> The first patch adds check after sysdb_getnetgr. If sysdb_getnetgr returns
>> more
>> result than
https://fedorahosted.org/sssd/ticket/1693
The reason why sudo show different messages is that SSSD crashes
(SIGABRT from talloc) when out of band refresh is finished. For some
reason, Nikolai's test is much more likely to reveal this on rhel
systems than on fedora, however the SSSD crashes on
On (25/06/13 15:20), Ondrej Kos wrote:
>On 06/25/2013 03:01 PM, Lukas Slebodnik wrote:
>>On (25/06/13 10:48), Ondrej Kos wrote:
>>>On 06/24/2013 05:06 PM, Ondrej Kos wrote:
While working on #1814 i noticed that there's a dead switch statement
(with no case/default), attached patch fixes thi
On Wed, Jun 26, 2013 at 10:23:59AM +0200, Lukas Slebodnik wrote:
> On (25/06/13 11:40), Jakub Hrozek wrote:
> >On Mon, Jun 24, 2013 at 10:54:30PM +0200, Lukas Slebodnik wrote:
> >> On (24/06/13 22:06), Jakub Hrozek wrote:
> >> >On Sat, Jun 22, 2013 at 01:55:51PM +0200, Lukas Slebodnik wrote:
> >> >
On 06/26/2013 10:49 AM, Pavel Březina wrote:
https://fedorahosted.org/sssd/ticket/1693
The reason why sudo show different messages is that SSSD crashes
(SIGABRT from talloc) when out of band refresh is finished. For some
reason, Nikolai's test is much more likely to reveal this on rhel
systems t
Hi,
with this patch the PAC responder is not started automatically if the AD
provider is configured, because there are configurations, e.g.
ldap_id_mapping = False, which are not handled properly by the PAC
responder. When this is fixed it might be enabled again.
bye,
Sumit
From ef7814c7ad1ea5624
On Wed, Jun 26, 2013 at 01:15:00PM +0200, Sumit Bose wrote:
> Hi,
>
> with this patch the PAC responder is not started automatically if the AD
> provider is configured, because there are configurations, e.g.
> ldap_id_mapping = False, which are not handled properly by the PAC
> responder. When thi
On (26/06/13 10:56), Sumit Bose wrote:
>On Wed, Jun 26, 2013 at 10:23:59AM +0200, Lukas Slebodnik wrote:
>> On (25/06/13 11:40), Jakub Hrozek wrote:
>> >On Mon, Jun 24, 2013 at 10:54:30PM +0200, Lukas Slebodnik wrote:
>> >> On (24/06/13 22:06), Jakub Hrozek wrote:
>> >> >On Sat, Jun 22, 2013 at 01:
On (26/06/13 10:56), Sumit Bose wrote:
>On Wed, Jun 26, 2013 at 10:23:59AM +0200, Lukas Slebodnik wrote:
>> On (25/06/13 11:40), Jakub Hrozek wrote:
>> >On Mon, Jun 24, 2013 at 10:54:30PM +0200, Lukas Slebodnik wrote:
>> >> On (24/06/13 22:06), Jakub Hrozek wrote:
>> >> >On Sat, Jun 22, 2013 at 01:
On Wed, 2013-06-26 at 13:55 +0200, Jakub Hrozek wrote:
> On Wed, Jun 26, 2013 at 01:15:00PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > with this patch the PAC responder is not started automatically if the AD
> > provider is configured, because there are configurations, e.g.
> > ldap_id_mapping = Fal
Hi,
Attached find a patch addressing sssd trac issue
https://fedorahosted.org/sssd/ticket/1778
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech
From 09cb8ba0f8d0965e3e66cf04b68f2ec56505785c Mon Sep 17 00:00:00 2001
From: Ondrej Kos
Date: Wed, 26 Jun 201
On Wed, Jun 26, 2013 at 08:57:24AM -0400, Simo Sorce wrote:
> On Wed, 2013-06-26 at 13:55 +0200, Jakub Hrozek wrote:
> > On Wed, Jun 26, 2013 at 01:15:00PM +0200, Sumit Bose wrote:
> > > Hi,
> > >
> > > with this patch the PAC responder is not started automatically if the AD
> > > provider is conf
On (26/06/13 10:49), Pavel Březina wrote:
>https://fedorahosted.org/sssd/ticket/1693
>
>The reason why sudo show different messages is that SSSD crashes
>(SIGABRT from talloc) when out of band refresh is finished. For some
>reason, Nikolai's test is much more likely to reveal this on rhel
>systems
Hello,
We are trying to setup Kerberos authentication for our linux VMs on an
Active Directory.
We use Red Hat 6.2, the sssd version is 1.5.1.-66.el6.
getent retrieve the domain users and groups.
If I try to ssh into the VM I am disconnected with "pam_sss(sshd:account)
access denied for user".
On Wed, Jun 26, 2013 at 06:10:55PM +0200, Mathieu Bouillaguet wrote:
> Hello,
>
> We are trying to setup Kerberos authentication for our linux VMs on an
> Active Directory.
>
> We use Red Hat 6.2, the sssd version is 1.5.1.-66.el6.
>
> getent retrieve the domain users and groups.
>
> If I try t
The attached patch should fix trouble we had with SRV discovery and
trusts.
We tried to use the GC address even for kinit which gave us errors like:
"Realm not local to KDC while getting initial credentials".
This patch adds a new AD_GC service that is only used for ID lookups,
any sort of Kerber
On Wed, Jun 26, 2013 at 01:55:28PM +0200, Jakub Hrozek wrote:
> On Wed, Jun 26, 2013 at 01:15:00PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > with this patch the PAC responder is not started automatically if the AD
> > provider is configured, because there are configurations, e.g.
> > ldap_id_mappin
On Wed, Jun 26, 2013 at 02:54:19PM +0200, Lukas Slebodnik wrote:
> On (26/06/13 10:56), Sumit Bose wrote:
> >On Wed, Jun 26, 2013 at 10:23:59AM +0200, Lukas Slebodnik wrote:
> >> On (25/06/13 11:40), Jakub Hrozek wrote:
> >> >On Mon, Jun 24, 2013 at 10:54:30PM +0200, Lukas Slebodnik wrote:
> >> >>
Hi,
in contrast to other services the global catalog must be looked up with
the help of the forest name and not with a domain name, this patch takes
care of it and fixes part of https://fedorahosted.org/sssd/ticket/1973.
Currently any GC is taken and no one from the local domain is preferred.
bye
On Wed, Jun 26, 2013 at 06:55:46PM +0200, Jakub Hrozek wrote:
> With this iteration of the patches, all my testcases passed. I only see
> a typo in one of the comments that will be OK to fix before pushing.
>
> ACK.
>
> Great work, thank you for not giving up on the issue.
Pushed to master.
On Wed, Jun 26, 2013 at 07:01:43PM +0200, Sumit Bose wrote:
> Hi,
>
> in contrast to other services the global catalog must be looked up with
> the help of the forest name and not with a domain name, this patch takes
> care of it and fixes part of https://fedorahosted.org/sssd/ticket/1973.
> Curre
On Wed, Jun 26, 2013 at 07:01:43PM +0200, Sumit Bose wrote:
> Hi,
>
> in contrast to other services the global catalog must be looked up with
> the help of the forest name and not with a domain name, this patch takes
> care of it and fixes part of https://fedorahosted.org/sssd/ticket/1973.
> Curre
On Wed, Jun 26, 2013 at 07:56:38PM +0200, Jakub Hrozek wrote:
> On Wed, Jun 26, 2013 at 07:01:43PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > in contrast to other services the global catalog must be looked up with
> > the help of the forest name and not with a domain name, this patch takes
> > care
I solved my problem thanks to your reply :-)
For the others, my access provider is ldap and I didn't configured the
ldap_access_filter. If ldap_access_filter isn't configured and filter is in
the ldap_access_order (which is the default when it's not specified) all
users are denied access.
After h
On Wed, Jun 26, 2013 at 06:47:00PM +0200, Jakub Hrozek wrote:
> The attached patch should fix trouble we had with SRV discovery and
> trusts.
>
> We tried to use the GC address even for kinit which gave us errors like:
> "Realm not local to KDC while getting initial credentials".
>
> This patch a
On Wed, Jun 26, 2013 at 08:23:40PM +0200, Mathieu Bouillaguet wrote:
> I solved my problem thanks to your reply :-)
>
> For the others, my access provider is ldap and I didn't configured the
> ldap_access_filter. If ldap_access_filter isn't configured and filter is in
> the ldap_access_order (whic
I'm sorry for this bug, I initially tested on a VM where I manually
created the domain-realm mappings but then forgot to remove them. The
attached patches install domain-realm mappings in the same way IPA
provider does.
If these patches are accepted, I will open a bug for realmd to include
the /va
On Wed, Jun 26, 2013 at 09:44:07PM +0200, Sumit Bose wrote:
> On Wed, Jun 26, 2013 at 06:47:00PM +0200, Jakub Hrozek wrote:
> > The attached patch should fix trouble we had with SRV discovery and
> > trusts.
> >
> > We tried to use the GC address even for kinit which gave us errors like:
> > "Real
29 matches
Mail list logo