[Freeipa-users] Error in selinux child: libsemanage can't parse spaces in AD user names
Lachlan Musicman
datakid at gmail.com
Sun Jul 17 23:33:35 UTC 2016
Ok, I've just spoken with my colleague that has been involved in the IPA
roll out, and he said he thought that override_space wasn't compatible with
ID overrides?
Either way, since we have a working system we are reticent to make too many
changes - soon we will have a test system in place and I will be able to
check it then?
Cheers
L.
------
The most dangerous phrase in the language is, "We've always done it this
way."
- Grace Hopper
On 15 July 2016 at 20:17, Lachlan Musicman <datakid at gmail.com> wrote:
> Wont be able to check until Monday morning (Australia's weekend has
> started) but can check, yes.
>
> And the reason I reported to you is because you will have more weight with
> selinux bug tickets than I would.
>
> cheers
> L.
>
> ------
> The most dangerous phrase in the language is, "We've always done it this
> way."
>
> - Grace Hopper
>
> On 15 July 2016 at 18:05, Jakub Hrozek <jhrozek at redhat.com> wrote:
>
>> On Fri, Jul 15, 2016 at 08:59:43AM +0200, Lukas Slebodnik wrote:
>> > On (15/07/16 12:56), Lachlan Musicman wrote:
>> > >This line:
>> > >
>> > >We have SELinux disabled on all of our servers, but we hadn't disabled
>> this
>> > >check in sssd.conf. So we enabled it in sssd.conf and everything worked
>> > >fine.
>> > >
>> > >Should read that we *disabled* selinux.
>> > >
>> > >selinux_provider = none
>> > Could you also try another solution?
>> > put "override_space = _" into "sssd" section in sssd.conf
>> > and restart sssd.
>> >
>> > As a result of this space will be replaced with underscore
>> > and libsemanage should not complain.
>> >
>> > @see man sssd.conf -> override_space
>>
>> This is either a bug in semenage, we should file one and ask the
>> semanage developers if there is a proper way to quote the spaces.
>>
>> But yes, selinux_provider=none would disable this area of code.
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160718/80033c7d/attachment.htm>
More information about the Freeipa-users
mailing list