karlmdavis / justdavis-ansible Goto Github PK
View Code? Open in Web Editor NEWThe Ansible playbooks, roles, etc. used by the Davis family (justdavis.com) systems.
The Ansible playbooks, roles, etc. used by the Davis family (justdavis.com) systems.
The LDAP server is configured to require authentication. I've gone back and forth on this, but I think it's probably for the best. However, that means that ldapsearch
, nss_updatedb ldap
, etc. won't work without a Kerberos ticket:
$ sudo /usr/sbin/nss_updatedb ldap
Failed to enumerate nameservice: Connection reset by peer
passwd... nameservice unavailable.
$ ldapsearch
SASL/GSS-SPNEGO authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)
The right way to fix this is:
eddings
, e.g. ansible
.kadmin
on all workstations.
nss_updatedb
service keytab on all workstations.nss_updatedb
usage to use that service keytab.This is resolved in https://github.com/savoirfairelinux/ansible-nexus3-oss, but that fix hasn't been released. Whatever release comes out after 1.7.1 (from 2017-05) should have it. Here's the fix: savoirfairelinux/ansible-nexus3-oss#17
Was just running into this:
$ /usr/bin/ldapsearch -H ldaps://justdavis.com -x -b dc=justdavis,dc=com -d 1
ldap_url_parse_ext(ldaps://justdavis.com)
ldap_create
ldap_url_parse_ext(ldaps://justdavis.com:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP justdavis.com:636
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 96.86.32.137:636
ldap_pvt_connect: fd: 4 tm: -1 async: 0
attempting to connect:
connect success
TLS: peer cert untrusted or revoked (0x402)
TLS: can't connect: (unknown error code).
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Went away as soon as I restarted slapd
. I'm pretty sure that it's just that when the LE certs are renewed, slapd
needs to reload them.
I find myself getting prompted to authenticate as the non-LDAP local user account whenever I try to run admin actions in Gnome, e.g. connect to a wireless network.
I think this is a polkit thing: https://wiki.archlinux.org/index.php/Polkit. I suspect that adding my user to the sudo
group may work around the problem.
Seems that Samba is coming up before the private ethernet interface, and so isn't listening to it after a reboot. Restarting smbd
after each reboot works around the problem.
Just saw this in the RPS zone: the serial number had an extra character due to a typo, the zone didn't load, but the role thought everything was peachy.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.