On Mon, Jul 11, 2016 at 07:00:04PM -0700, Harry Kashouli wrote:
>
> I have a freeipa server set up, and would like to access the Web UI
> remotely (from outside my home network).
>
> I set up a fresh Fedora 24 server install, and installed freeipa-server.
> - I own a domain, domain.com
> - The
Well, I just had the same problem, but in my case I also tried to install a ca:
“ipa-replica-install --setup-ca …..”
Without “--set-up” the installation succeeded.
Regards,
Bjarne
From: Devin Acosta [mailto:linuxguru...@gmail.com]
Sent: 12. juli 2016 21:35
To: freeipa-users@redhat.com
Tough luck! If its tricky for you (FreeIPA core developers) then its pretty
much impossible to solve it for mere mortals like me !
On 11 July 2016 at 19:43, Rob Crittenden wrote:
> Prashant Bapat wrote:
>
>> I cherrypicked the commit id
Ok, I have some logs of sssd 1.13.0 not working. Same values as before:
FreeIPA server: Centos 7, ipa 4.2, API_VERSION 2.156
Installed Packages
Name: ipa-server
Arch: x86_64
Version : 4.2.0
Release : 15.0.1.el7.centos.17
Size: 5.0 M
Repo: installed
>From
Thanks for all the info. I think I sorted out the rewrite rules now, and
the error I get is "Secure Connection Failed.
SSL_ERROR_UNRECOGNIZED_NAME_ALERT".
I'm going to try and google this, since I'm assuming I need a ServerAlias
somewhere. If someone knows the correct way, please let me know :)
Hi,
We are trying to create a new replica on RHEL 7.2
This completes but named-pkcs11 fails to start -
systemctl status named-pkcs11.service
● named-pkcs11.service - Berkeley Internet Name Domain (DNS) with native
PKCS#11
Loaded: loaded (/usr/lib/systemd/system/named-pkcs11.service;
Jakub, Justin,
Thank you both very much for taking the time to continue helping me resolve
this issue. I apologize for not replying right away; I’ve been dealing with a
production issue for most of the morning.
An invocation of ‘id
Hi, Lachlan,
Yes, I see that from here
(https://www.redhat.com/archives/freeipa-users/2016-May/msg00322.html).
Unfortunately clearing the cache and restarting SSSD is not proving to help us.
I’d be interested to know any progress you make on this issue.
Thank you for responding to me.
Sumit,
Thank you for getting back to me I really appreciate you taking the time to
help me assess this problem (I am not authorized to view this bug). In order
to test I upgraded to ipa-server 4.2.0-15.el7_2.17 and flushed the cache on
both the client and the server; the problem still
Hi Rob,
On that note, how do you handle password changes / first time logins for users
that are external to the organization?
We need to create accounts for external partners, and expose the UI to the
outside so that people can login and change their passwords / add their SSH
keys.
However,
Harry Kashouli wrote:
I tried uncommenting everything in the ipa-rewrite.conf file, but it
still changed the web address. I'll try clearing the cache, in case that
was still remembering the links.
I may be attacking my original thought badly, if this is going to be bad
for security. I'm wanting
Günther J. Niederwimmer wrote:
Hello,
some days ago I found this doc, now I like to setup a secure mail server but
the article is now missing?
Can this come back?
Thanks,
This is on the freeipa.org wiki which would have been nice to mention.
It isn't exactly missing but the contents are
Update to this one:
It has been running smoothly on 6.5
[root@dev-zlei.sec1 ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)
[root@dev-zlei.sec1 ~]# rpm -qa | grep sssd
sssd-client-1.12.4-47.el6.x86_64
sssd-ldap-1.12.4-47.el6.x86_64
sssd-ad-1.12.4-47.el6.x86_64
Thanks,
I will try. But I am afraid to update to more recent version then those in
official repos.
Thanks anyway.
T.
2016-07-13 15:39 GMT+02:00 :
> Update to at least 1.12 sssd and libsss_sudo. As I recall sudo ipa
> provider did not work under 1.11
>
> Sent from my
Update to at least 1.12 sssd and libsss_sudo. As I recall sudo ipa provider did
not work under 1.11
Sent from my iPhone
> On Jul 13, 2016, at 9:02 AM, Tomas Simecek wrote:
>
> Hi,
> versions are:
> sssd-client-1.11.6-30.el6.x86_64
> sssd-ipa-1.11.6-30.el6.x86_64
>
Hi,
versions are:
sssd-client-1.11.6-30.el6.x86_64
sssd-ipa-1.11.6-30.el6.x86_64
ipa-client-3.0.0-50.el6.centos.1.x86_64
as part of:
CentOS release 6.6 (Final)
T.
2016-07-13 14:52 GMT+02:00 :
> Again what is client version on 6.5?
>
>
> Sent from my iPhone
>
> On Jul
Again what is client version on 6.5?
Sent from my iPhone
> On Jul 13, 2016, at 8:25 AM, Tomas Simecek wrote:
>
> Thanks for your information Lukas,
> I have changed sudo_provider to ipa, restarted sssd and no difference.
> Logfile still says "Access granted by HBAC
Thanks for your information Lukas,
I have changed sudo_provider to ipa, restarted sssd and no difference.
Logfile still says "Access granted by HBAC rule..." and sudo says
simecek.to...@sd-stc.cz is not allowed to run sudo on zp-cml-test.
Btw. man sssd-sudo says:
The following example shows how
On (13/07/16 13:36), Tomas Simecek wrote:
>Lukas,
>yes, I went through that guide and I configured sssd.conf as per the doc
>(you can see it in the beginning of the thread).
>
>Actually the installation is:
>[root@zp-cml-test sssd]# cat /etc/redhat-release
>CentOS release 6.6 (Final)
>
>and
Lukas,
yes, I went through that guide and I configured sssd.conf as per the doc
(you can see it in the beginning of the thread).
Actually the installation is:
[root@zp-cml-test sssd]# cat /etc/redhat-release
CentOS release 6.6 (Final)
and versions are:
[root@zp-cml-test sssd]# rpm -qa |grep sssd
On (13/07/16 11:18), Tomas Simecek wrote:
>Dear freeIPA gurus,
>in previous thread (
>https://www.redhat.com/archives/freeipa-users/2016-July/msg00046.html) you
>helped me make sudo working for AD users on Centos 7.0 (
>spcss-2t-www.linuxdomain.cz).
>It was caused by not knowing sudo needs to be
Diky Jakube,
in domain log below I can see that rules were found properly:
(Wed Jul 13 12:05:21 2016) [sssd[be[linuxdomain.cz]]]
[hbac_service_attrs_to_rule] (0x1000): Processing PAM services for rule
[Unixari na test servery]
(Wed Jul 13 12:05:21 2016) [sssd[be[linuxdomain.cz]]]
On Wed, Jul 13, 2016 at 11:18:21AM +0200, Tomas Simecek wrote:
> Dear freeIPA gurus,
> in previous thread (
> https://www.redhat.com/archives/freeipa-users/2016-July/msg00046.html) you
> helped me make sudo working for AD users on Centos 7.0 (
> spcss-2t-www.linuxdomain.cz).
> It was caused by not
On Tue, Jul 12, 2016 at 06:40:22PM +, pgb205 wrote:
> +freeipa-users list
>
> From: pgb205
> To: Sumit Bose
> Sent: Tuesday, July 12, 2016 2:12 PM
> Subject: Re: [Freeipa-users] Unable to ssh after establishing trust
>
> Sumit, thanks for
Dear freeIPA gurus,
in previous thread (
https://www.redhat.com/archives/freeipa-users/2016-July/msg00046.html) you
helped me make sudo working for AD users on Centos 7.0 (
spcss-2t-www.linuxdomain.cz).
It was caused by not knowing sudo needs to be enabled in HBAC rules.
Now it works properly on
On Wed, Jul 13, 2016 at 08:37:44AM +0200, Jakub Hrozek wrote:
> On Wed, Jul 13, 2016 at 09:10:07AM +0300, Alexander Bokovoy wrote:
> > On Tue, 12 Jul 2016, Sullivan, Daniel [AAA] wrote:
> > > Justin,
> > >
> > > I really appreciate you taking the time to respond to me. This problem
> > > is
On Wed, Jul 13, 2016 at 09:10:07AM +0300, Alexander Bokovoy wrote:
> On Tue, 12 Jul 2016, Sullivan, Daniel [AAA] wrote:
> > Justin,
> >
> > I really appreciate you taking the time to respond to me. This problem
> > is driving me crazy and I will certainly take any help I can get. My
> >
27 matches
Mail list logo