a
> group of linux machines and used security filtering, it messed up other
> polices applying. I can't remember the specifics now though.
>
> Todd
>
> -Original Message-
> From: Max DiOrio
> Sent: Thursday, June 21, 2018 9:29 AM
> To: End-user discussions
om the GPO from above level and then add a user to the list,
> but if the "Deny log on locally"
> does not change in the new GPO than you do not need to copy it from the above
> GPO). So the GPOs are "sort of"
> cumulative.
>
> But I agree that copying te whole G
a single group policy per server, which seems awful.
> On May 29, 2018, at 12:18 PM, Max DiOrio wrote:
>
> Attached are the logs. It seems that even after removing the GPO’s, it is
> still being blocked from logging in.
>
> From secure.
>
> May 29 12:17:24 la-1potp
ns:
> - if you remove the single computer policy, does the "generic" policy
> apply as expected to the affected computer in question?
>
> Michal
>
> On 05/25/2018 08:58 PM, Max DiOrio wrote:
>> Hi!
>> So it seems that I’m having an issue with GPO processin
Hi!
So it seems that I’m having an issue with GPO processing. I have an OU
(Servers/Infrastructure) that contains a few servers. In this OU, I have a few
GPO’s applied.
Once is “generic” that should applied to every server in this OU - which allows
Remote Interactive Login and Logon Locally
If you read the entire bug report, the issue was incorrect security settings on
the user account, not being able to read the right info from AD. This wasn’t a
bug in SSSD. Maybe you’re not seeing the same symptoms?
> On May 18, 2018, at 11:19 AM, Spike White wrote:
oved
> from the 1.15 to 1.16 COPR repos and haven't had a problem for a while.
>
> https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-15/
> https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-16/
>
> Cheers
> L.
>
>
>
>
>
>> On 05/04/2018 09:12 AM, Max DiOrio wro
Any thoughts? This issue seems to be rippling through all our AD Domain Joined
servers. The group randomly goes missing and nobody can log into the server.
After some time, it eventually starts working again.
> On Apr 24, 2018, at 9:08 AM, Max DiOrio <mdio...@gmail.com> wrote:
&
again. Is there some other cache that needs to be
cleared that doesn’t get populated often?
> On Apr 24, 2018, at 9:35 AM, Max DiOrio <mdio...@gmail.com> wrote:
>
> I did upgrade to 1.16.0 on one server, restarted the service, invalidated the
> sssd cache (sss_cache
I did upgrade to 1.16.0 on one server, restarted the service, invalidated the
sssd cache (sss_cache -E) and did an 'id username | grep tech' and the group is
still missing altogether. I thought it might be a token size issue, but it
shouldn’t be, unless sssd doesn’t come close to handling the
We’re running SSSD 1.15.2
> On Apr 23, 2018, at 6:29 PM, Lachlan Musicman <data...@gmail.com> wrote:
>
> On 24 April 2018 at 03:01, Max DiOrio <mdio...@gmail.com
> <mailto:mdio...@gmail.com>> wrote:
> So we are having issues with a couple servers where users
. And nothing I
do necessarily fixes it per se.
On Mon, Apr 23, 2018, 6:29 PM Lachlan Musicman <data...@gmail.com> wrote:
> On 24 April 2018 at 03:01, Max DiOrio <mdio...@gmail.com> wrote:
>
>> So we are having issues with a couple servers where users suddenly won't
>&g
So we are having issues with a couple servers where users suddenly won't be
able to log in. All our auth is done through AD and not a thing has
changed.
On a working server, I can do 'id username' and get back the proper list of
groups the user is a member of.
On the non-working server, 'id
> On Apr 5, 2018, at 3:22 PM, Jakub Hrozek <jhro...@redhat.com> wrote:
>
>
>
>> On 5 Apr 2018, at 19:56, Max DiOrio <mdio...@gmail.com> wrote:
>>
>> I’m guessing someone was thinking that the group lookup was case sensitive
>> and entered it
I fixed it. Here’s more from the sssd_domain log. A single line revealed the
issue. When storing the DevTest rule it said a value is provided more than
once. When I looked at the entry in AD, the attribute sudoUser had the same
group entered twice. Once as %GS-Technology, once as
I've got a few dozen servers using SSSD to authenticate and retrieve SUDO
rules stored in AD and GPO. Everything works perfectly except for a new
RHEL 6.8 server I brought up. sssd version 1.13.3 on both the working 6.8
and non-working 6.8 server. I literally copied the nsswitch, sssd.conf and
Regarding your group issue, do you or have you had trusted domains and the
mystery group is from another domain? Long shot, it we had the same error
when it was trying to resolve the foreign group memberships.
On Wed, Mar 14, 2018, 11:19 AM wrote:
> Hi All
>
> We've got
Is your dns server set to secure updates only?
On Tue, Mar 13, 2018, 5:40 AM Roger Martensson
wrote:
> After som serious digging I caved in and upgraded dnsutils on my Ubuntu.
> Seems that the future Ubuntu 18.04 has a non-working install of nsupdate.
> When
Is there a doc out there for setting up autofs and ad? Our devs would
appreciate this, but they want to automount a CIFS volume.
On Fri, Mar 2, 2018, 10:01 AM Roger Martensson
wrote:
> Thanks for your answer. Then it was as i expected.
>
> Will use the workaround to
We're using 1.15.2 of sssd. Thanks!
Max
On Tue, Dec 19, 2017 at 5:16 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
> On Mon, Dec 18, 2017 at 11:11:25PM +0000, Max DiOrio wrote:
> > Hey guys? Any thoughts on this? It's impacting our production
> environment.
> >
> &g
Hey guys? Any thoughts on this? It's impacting our production environment.
Thanks!
On Mon, Dec 11, 2017, 11:11 AM Max DiOrio <mdio...@gmail.com> wrote:
> Hi Pavel,
>
> We're using 1.15.2 of sssd. Attached are the dubug logs.
>
> Hopefully they show something useful.
>
&
Hi,
We use Active Directory to manage our Linux access including SUDO
permissions.
We need to have a particular account run a passwordless command. I created
a new sudoRule in AD, added the following:
sudoCommand /bin/systemctl restart wildfly.service
sudoHost +DevTestLinuxServer
after I joined to the
domain and the gpo_cache was empty until this morning.
On Fri, Feb 24, 2017 at 6:49 AM, Michal Židek <mzi...@redhat.com> wrote:
>
>
> On 02/24/2017 12:44 PM, Lukas Slebodnik wrote:
>
>> On (23/02/17 14:23), Max DiOrio wrote:
>>
>>> S
23 matches
Mail list logo