Joanna Delaporte wrote:
I have successfully migrated some user password hashes from an NIS
domain. I am wondering if there is a similar method for migrating group
passwords. I haven't found any discussion or documentation on it.
You do it the same way as users. Note that there are no IPA
Oh wow, I see. I did some playing around with
/var/lib/sss/pubconf/krb5.include.d/localauth_plugin in search of a
minimum-change scenario and found that this:
[plugins]
localauth = {
module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so
# enable_only = sssd
}
seems to get me
Hi there,
I am still working on migrating my users from NIS to IPA. I have a lot of
it working. However, the issue I am dealing with now is that NFS UID
ownership on nfs/ipa-client machine is not updating when I change the
owner's UID and update the files ownership on the NFS server.
I refreshed
On Wed, Jul 06, 2016 at 03:30:56PM -0400, Jeffery Harrell wrote:
> I must be missing something really obvious.
>
> Our IPA server is set up in the usual way on CentOS 7.2, just a “yum
> install ipa-server” and then an “ipa-server-install.” DNS is set up
> correctly and is working.
>
> I’ve got a
I must be missing something really obvious.
Our IPA server is set up in the usual way on CentOS 7.2, just a “yum
install ipa-server” and then an “ipa-server-install.” DNS is set up
correctly and is working.
I’ve got a handful of CentOS 7.2 servers configured as IPA clients — “yum
install
On Wed, 06 Jul 2016, Konstantin M. Khankin wrote:
Yes, I had a look at the eventlog, but there are no failures and no events
at all related to failed login. Maybe I can increase verbosity level
somehow?
Try to intercept network traffic between Windows XP and IPA master.
May be it tries to use
Yes, I had a look at the eventlog, but there are no failures and no events
at all related to failed login. Maybe I can increase verbosity level
somehow?
2016-07-06 20:58 GMT+03:00 Alexander Bokovoy :
> On Wed, 06 Jul 2016, Konstantin M. Khankin wrote:
>
>> Hi!
>>
>> I'm
On Wed, 06 Jul 2016, Konstantin M. Khankin wrote:
Hi!
I'm trying to set up Windows XP to get a Kerberos ticket for the user on
login using the following docs:
* http://www.freeipa.org/page/Windows_authentication_against_FreeIPA
*
Hi!
I'm trying to set up Windows XP to get a Kerberos ticket for the user on
login using the following docs:
* http://www.freeipa.org/page/Windows_authentication_against_FreeIPA
*
http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_(Windows/Linux)_-_Step_by_step
* Discussion
I have successfully migrated some user password hashes from an NIS domain.
I am wondering if there is a similar method for migrating group passwords.
I haven't found any discussion or documentation on it.
Thanks!
Joanna
--
Joanna Delaporte
Linux Systems Administrator | Parkland College
Hi,
We are using FreeIPA's LDAP as the base for user authentication in a
different application. So far I have created a sysaccount which does the
lookup etc for a user and things are working as expected. I'm even able to
use OTP from the external app.
One problem I'm struggling to fix is the
Yeah, please enable logging in [sudo] section of sssd.
On Wed, Jul 6, 2016 at 11:03 AM, Jakub Hrozek wrote:
> On Wed, Jul 06, 2016 at 03:22:34PM +0200, Tomas Simecek wrote:
> > Hi Danila and other freeipa gurus,
> > sorry for my late answer, there is a bank holiday in CZ and
On Wed, Jul 06, 2016 at 03:22:34PM +0200, Tomas Simecek wrote:
> Hi Danila and other freeipa gurus,
> sorry for my late answer, there is a bank holiday in CZ and I am off work
> these two days.
> Yes, /etc/nsswitch.conf is fine, see:
>
> [root@spcss-2t-www ~]# cat /etc/nsswitch.conf |grep sudo
>
Hi Rob,
Hi,
is it possible that ipa-server-certinstall couldnt handle private keys
without password ?
You can file an RFE at https://fedorahosted.org/freeipa/newticket
It seems that ipa-server-certinstall couldnt handle private keys with
passwort, too. See my result below.
i would test
hi everybody
I think this was working some time ago, but for while
queries IPA's DNS forwards wound up like this:
validating @0x7f85dc00f9a0: swir.my.dom A: no valid
signature found
validating @0x7f85dc00f9a0: swir.my.dom A: bad cache hit
(swir.my.dom/DS)
error (broken trust chain)
Hi Danila and other freeipa gurus,
sorry for my late answer, there is a bank holiday in CZ and I am off work
these two days.
Yes, /etc/nsswitch.conf is fine, see:
[root@spcss-2t-www ~]# cat /etc/nsswitch.conf |grep sudo
sudoers: files sss
I think it is set up as part of freeipa-client package.
I
On 06/07/16 13:57, Rob Crittenden wrote:
lejeczek wrote:
hi users,
I'd like to ask if it possible to add (after deployment
is finished) an
AltSubjectName to fIPA master?
I don't see why not, they are just certs after all. You
would need to be careful to get the certmonger tracking
Neal Harrington | i-Neda Ltd wrote:
Hi Rob,
Thank you very much for your message. Unfortunately/fortunately after
rebooting or restarting the ssh server this morning it is all working as
I would expect. I'm not sure what I was missing yesterday but suspect a
combination of sssd caching may
Andreas Ladanyi wrote:
Hi,
is it possible that ipa-server-certinstall couldnt handle private keys
without password ?
You can file an RFE at https://fedorahosted.org/freeipa/newticket
i would test it with a self-signed certificate and test private key file
secured with password, but i dont
lejeczek wrote:
hi users,
I'd like to ask if it possible to add (after deployment is finished) an
AltSubjectName to fIPA master?
I don't see why not, they are just certs after all. You would need to be
careful to get the certmonger tracking right but it should be doable.
I shall say what
The solution was to add to root certificate to tomcat:
/var/lib/pki/pki-tomcat/alias/
Now everything seems to work.
Regards
Bjarne
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Bjarne Blichfeldt
Sent: 23. juni 2016 13:40
To:
Hi Rob,
Thank you very much for your message. Unfortunately/fortunately after rebooting
or restarting the ssh server this morning it is all working as I would expect.
I'm not sure what I was missing yesterday but suspect a combination of sssd
caching may have been confusing me as I'm sure I'd
Hi,
is it possible that ipa-server-certinstall couldnt handle private keys
without password ?
i would test it with a self-signed certificate and test private key file
secured with password, but i dont know whats happen after entering a
valid private key unlock password. Could i stop the
On 05/07/16 18:20, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Mon, 04 Jul 2016, lejeczek wrote:
On 04/07/16 07:59, Petr Spacek wrote:
On 1.7.2016 16:29, lejeczek wrote:
On 01/07/16 12:41, Petr Vobornik wrote:
On 06/30/2016 04:56 PM, lejeczek wrote:
... its own FQHN and its IP ?
hi users,
I'd like to ask if it possible to add (after deployment is
finished) an AltSubjectName to fIPA master?
I shall say what I'm hoping to achieve - having 3 servers I
hope to have in IPA's DNS a host, A record that will be
resolving to three server's IPs. Like eg. ipa-ca which seems
seems like official repos, centos at least lags a bit
behind, currently it's 4.2.0 - question - does this support
fully secure dns ?
if not would devel know when we might be able to feed
new/latest stable off the official repos?
many thanks,
L
--
Manage your subscription for the
On Wed, 06 Jul 2016, Lachlan Musicman wrote:
Can I just confirm - the IT team are about to migrate our PDC across town.
I presume that the trust relationship is with the domain, not the actual
machine itself. So our IPA server will just see the new PDC and everything
will be smooth?
No need to
Can I just confirm - the IT team are about to migrate our PDC across town.
I presume that the trust relationship is with the domain, not the actual
machine itself. So our IPA server will just see the new PDC and everything
will be smooth?
No need to change any config or create a new trust?
28 matches
Mail list logo