Great - thank you. That worked. Unfortunately SELinux creates too much overhead on a subset of our servers, so we have it disabled.
cheers L. ------ The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 16 November 2016 at 19:39, Lukas Slebodnik <[email protected]> wrote: > On (16/11/16 11:46), Lachlan Musicman wrote: > >I don't know what I've done wrong, but when I use ipa-client-install on a > >new host to add to my one way trust domain, I now have a > >[domain/shadowutils] stanza. > > > >This first happened a couple of weeks ago, I saw this bug and thought "it > >will be solved soon". > > > >https://bugzilla.redhat.com/show_bug.cgi?id=1369118 > > > >The report says it's been resolved in a recent advisory but I'm still > >seeing the error. > > > It was fixed by reverting upstream commit which > introduced such seature. > https://git.fedorahosted.org/cgit/sssd.git/commit/?id= > 59744cff6edb106ae799b2321cb8731edadf409a > > >Is it because I'm using sssd 1.14.2-1 from COPR instead of the centrally > >supplied sssd? > > > Yes, theis feature is still available in upstream/fedora. > > A) "domain/shadowutils" should not cause any problems. > If yes then it should be also reproducible on fedora > please filae a bug. > > B) It does not happen with SELinux in enforcing mode. > Another reason for "setenforce 1" :-) > > LS >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
