On Пят, 02 лют 2024, Tomasz Torcz via FreeIPA-users wrote:
On Fri, Feb 02, 2024 at 12:11:58AM +0200, Alexander Bokovoy via FreeIPA-users
wrote:
On Чцв, 01 лют 2024, Steve Berg via FreeIPA-users wrote:
> Is there anyway to just delete all these SID requirements? My ipa
> domain doesn't have a t
On Fri, Feb 02, 2024 at 12:11:58AM +0200, Alexander Bokovoy via FreeIPA-users
wrote:
> On Чцв, 01 лют 2024, Steve Berg via FreeIPA-users wrote:
> > Is there anyway to just delete all these SID requirements? My ipa
> > domain doesn't have a trust to anything windows and there's no plan to
> > ever
On Чцв, 01 лют 2024, Steve Berg via FreeIPA-users wrote:
Is there anyway to just delete all these SID requirements? My ipa
domain doesn't have a trust to anything windows and there's no plan to
ever set that up.
No.
S4U protocol extensions for Kerberos are requiring PAC buffers presence
as p
Is there anyway to just delete all these SID requirements? My ipa
domain doesn't have a trust to anything windows and there's no plan to
ever set that up.
Been trying to add the RID and it fails but doesn't tell me why it failed.
On 2/1/24 11:43, Florence Blanc-Renaud via FreeIPA-users wrote:
Hi,
On Thu, Feb 1, 2024 at 12:51 PM Steve Berg via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Still not working. I do not have any trust set up with any active
> directory currently, we have a AD running on the network but that and my
> ipa domain don't trust each other in a
Still not working. I do not have any trust set up with any active
directory currently, we have a AD running on the network but that and my
ipa domain don't trust each other in any way.
Got two idranges setup:
---
Range name: domain_id_range
First Posix ID of the range: 82440
Ok, maybe you are missing some id range...
Let's check this page, just to point in the right direction:
https://www.linuxsysadmins.com/ipa-error-4203-databaseerror/
(I had that error, after a couple of migration: CentOS 7 -> CentOS 8
stream -> RHEL 9).
Briefly:
- "ipa idrange-find" should giv
Yep, most of the users do not have that SID. Looks like just users that
are in the ID range because they don't have an EDIPI or users that were
created recently.
Ran the --enable-sid and --add-sids but nothing changed. All the users
that were missing the SID before still are.
On 1/31/24 10
Uhm.. I had a similar problem recently (but not identical), and it
smells as a missing SID problem.
You can try:
ipa user-show admin --all | grep -i ipantsecurityidentifier
You should see the SID for user admin.
Now try the same with your account:
ipa user-show --all | grep -i ipantsecurityi
