Header Shadow Image


Archive for the 'NIX Posts' Category

User is not allowed to run sudo on server.  This incident will be reported.

Receiving the following when using FreeIPA to manage sudo rules? -sh-4.2$ sudo su – [sudo] password for tom@mds.xyz:  tom@mds.xyz is not allowed to run sudo on idmipa04.  This incident will be reported. -sh-4.2$ On a working node: # ipa-compat-manage status Directory Manager password:  Plugin Enabled and on a non-working node: # ipa-compat-manage status Directory Manager […]

CalledProcessError: Command ‘/usr/bin/kinit -n -c /var/run/ipa/ccaches/armor_12728 -X X509_anchors=FILE:/var/kerberos/krb5kdc/kdc.crt -X X509_anchors=FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem’ returned non-zero exit status 1

Getting one of these messages in the HTTPD error_log of a FreeIPA server?  [Thu Jan 28 23:32:39.440152 2021] [:error] [pid 12728] ipa: DEBUG: WSGI wsgi_dispatch.__call__: [Thu Jan 28 23:32:39.440345 2021] [:error] [pid 12728] ipa: DEBUG: WSGI login_password.__call__: [Thu Jan 28 23:32:39.442215 2021] [:error] [pid 12728] ipa: DEBUG: Obtaining armor in ccache /var/run/ipa/ccaches/armor_12728 [Thu Jan 28 […]

Low volume on Asus ROG Laptop

Low volume on your laptop?  Even when set to the maximum it's still very low?  Ensure the Loudness Equalization is checked off in Realtek HD Audio Manager.    

Decomission or Recomission a host using Cloudera 6.X API Calls: /api/v3/cm/commands/hostsOfflineOrDecommission

Need to decomission a host?  Just call this: curl -u admin:pAsS –insecure -X POST –header 'Content-Type: application/json' –header 'Accept: application/json' -d '{"items":[“cm-r01wn02.mws.mds.xyz”]}'    'https://cm-c01.mws.mds.xyz:7183/api/v3/cm/commands/hostsOfflineOrDecommission' {   "id" : 17256,   "name" : "HostsDecommission",   "startTime" : "2021-01-05T02:49:37.220Z",   "active" : true,   "children" : {     "items" : [ ]   } Need to […]

WrongHost: Peer certificate subjectAltName does not match host, expected 1.2.3.4, got DNS: host1.domain, DNS: host2.domain, DNS: host3.domain

Another form of this error is when the certificate validation produced an IP instead of a host, such as this: WrongHost: Peer certificate subjectAltName does not match host, expected 1.2.3.4, got DNS:srv-c01.earth.water.fire, DNS:cm-r01nn01.earth.water.fire, DNS:cm-r01nn02.earth.water.fire [02/Jan/2021 03:15:59 +0000] 32309 Thread-13 downloader   ERROR    Failed fetching torrent: Peer certificate subjectAltName does not match host, expected 1.2.3.4, […]

Fixing FreeIPA Replication Issues

Case example of an HBAC service ID that is not consistent across the master-master FreeIPA implementation: # ./cipa -d mws.mds.xyz -W "<PASS>" +——————–+————+————+——-+ | FreeIPA servers:   | idmipa04   | idmipa03   | STATE | +——————–+————+————+——-+ | Active Users       | 3          | 3          | […]

Fixing a broken AD trust on a FreeIPA replica in a Master-Master configuration. 

Fixing a broken AD trust on a FreeIPA replica in a Master-Master configuration.  Investigation: ./cipa –debug -d sub.domain.com -W "<PASSWORD>" | FreeIPA servers:   | idmipa03   | idmipa04   | STATE | +——————–+————+————+——-+ | Active Users       | 3          | 3          | OK   […]

init_smb_request: invalid wct number 255 (size 248)

Getting this SMB error? init_smb_request: invalid wct number 255 (size 248) Solve it using this parameter in the SMB conf file on the server: # grep -Ei "max protocol" /etc/samba/smb.conf; cat messages|grep -Ei smb|grep 255|tail         max protocol = SMB2 Cheers,

Kerberos authentication failed: kinit: Cannot read password while getting initial credentials

Sometimes for messages like this:   Kerberos authentication failed: kinit: Cannot read password while getting initial credentials There is a simple solution.  Reset the user's password, because it probably expired or the user account used was just created without the user having set a new password on it.  In our case, running the following FreeIPA command […]

User is not authorized to read Azure subscriptions. Permission elevation is required to proceed.

Getting this while trying to delete Azure Active Directory Tenants? {"errorCode":"PermissionsElevationRequiredToReadSubscriptions","localizedErrorDetails":{"permissionsElevationRequiredToReadSubscriptions":"User is not authorized to read Azure subscriptions. Permission elevation is required to proceed."},"operationResults":null,"timeStampUtc":"2020-11-23T02:38:42.————-","clientRequestId":"—————","internalTransactionId":"——————–","tenantId":"——————–","userObjectId":"—————————","exceptionType":"UnauthorizedAccessException"} Switch Directories to another one.  Then from there, click on Overview of this Active Directory, then click on Switch Tenant.  Delete the Tenant from here.  Deleting a Tenant whilst selected won't […]


     
  Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License