Case example of an HBAC service ID that is not consistent across the master-master FreeIPA implementation: # ./cipa -d mws.mds.xyz -W "<PASS>" +——————–+————+————+——-+ | FreeIPA servers:   | idmipa04   | idmipa03   | STATE | +——————–+————+————+——-+ | Active Users       | 3          | 3          | […]

Fixing a broken AD trust on a FreeIPA replica in a Master-Master configuration.  Investigation: ./cipa –debug -d sub.domain.com -W "<PASSWORD>" | FreeIPA servers:   | idmipa03   | idmipa04   | STATE | +——————–+————+————+——-+ | Active Users       | 3          | 3          | OK   […]

Getting this SMB error? init_smb_request: invalid wct number 255 (size 248) Solve it using this parameter in the SMB conf file on the server: # grep -Ei "max protocol" /etc/samba/smb.conf; cat messages|grep -Ei smb|grep 255|tail         max protocol = SMB2 Cheers,

Sometimes for messages like this:   Kerberos authentication failed: kinit: Cannot read password while getting initial credentials There is a simple solution.  Reset the user's password, because it probably expired or the user account used was just created without the user having set a new password on it.  In our case, running the following FreeIPA command […]