Re: [CentOS] Freeipa sssd service
On 9/8/21 2:42 am, Gokan Atmaca wrote: I started using freeipa. Users I have given "SUDO" right cannot use this right after logging out and logging in. For the solution, I need to restart the "SSSD" service. How can I solve this? Sounds like you'll need to find a way to invalidate SSSD cache on logout using sss_cache tool: sss_cache -u https://www.rootusers.com/how-to-clear-the-sssd-cache-in-linux/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Freeipa sssd service
It does it automatically after about 10 minutes. Can I shorten this period? On Sun, Aug 8, 2021 at 6:54 PM Gokan Atmaca wrote: > > Hello > > I started using freeipa. Users I have given "SUDO" right cannot use > this right after logging out and logging in. For the solution, I need > to restart the "SSSD" service. > > How can I solve this? > > Thanks. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Freeipa sssd service
Hello I started using freeipa. Users I have given "SUDO" right cannot use this right after logging out and logging in. For the solution, I need to restart the "SSSD" service. How can I solve this? Thanks. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] freeIPA version vs RHEL's
On 8/19/19 10:42 AM, lejeczek via CentOS wrote: > On 13/08/2019 13:33, Jonathan Billings wrote: >> On Tue, Aug 13, 2019 at 01:02:58PM +0100, lejeczek via CentOS wrote: >> >>> I wonder if anybody might version of freeIPA in RHEL? >>> >>> I hear it's 4.6.6 and if that's true then when will Centos get it I >>> might ask. >> RHEL 7.7 has FreeIPA 4.6.5, and eventually CentOS will get that >> version, but it's currently got 4.6.4. freeipa 4.6.6 looks like it >> was released at the end of last month, too late to be included in >> RHEL/CentOS 7.7. Perhaps in a later release? >> > and how far behind are we Centosians with that rhel 7's 4.6.5 IPA? You aren't behind at all. You are on the latest release of what is in RHEL 7.7. This is enterprise linux. If you want the lasest versions of things then run fedora. That is what it does. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] freeIPA version vs RHEL's
On 13/08/2019 13:33, Jonathan Billings wrote: > On Tue, Aug 13, 2019 at 01:02:58PM +0100, lejeczek via CentOS wrote: > >> I wonder if anybody might version of freeIPA in RHEL? >> >> I hear it's 4.6.6 and if that's true then when will Centos get it I >> might ask. > RHEL 7.7 has FreeIPA 4.6.5, and eventually CentOS will get that > version, but it's currently got 4.6.4. freeipa 4.6.6 looks like it > was released at the end of last month, too late to be included in > RHEL/CentOS 7.7. Perhaps in a later release? > and how far behind are we Centosians with that rhel 7's 4.6.5 IPA? thanks, L ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] freeIPA version vs RHEL's
On Tue, Aug 13, 2019 at 01:02:58PM +0100, lejeczek via CentOS wrote: > I wonder if anybody might version of freeIPA in RHEL? > > I hear it's 4.6.6 and if that's true then when will Centos get it I > might ask. RHEL 7.7 has FreeIPA 4.6.5, and eventually CentOS will get that version, but it's currently got 4.6.4. freeipa 4.6.6 looks like it was released at the end of last month, too late to be included in RHEL/CentOS 7.7. Perhaps in a later release? -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] freeIPA version vs RHEL's
hi guys I wonder if anybody might version of freeIPA in RHEL? I hear it's 4.6.6 and if that's true then when will Centos get it I might ask. many thanks, L. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] freeIPA from CR repo - conflicts
hi guys do you see the same by any chance? --> Processing Dependency: ipa-server-common = 4.6.4-10.el7.centos.2 for package: python2-ipaserver-4.6.4-10.el7.centos.2.noarch --> Processing Dependency: ipa-common = 4.6.4-10.el7.centos.2 for package: python2-ipaserver-4.6.4-10.el7.centos.2.noarch --> Finished Dependency Resolution Error: Package: python2-ipaserver-4.6.4-10.el7.centos.2.noarch (updates) Requires: ipa-server-common = 4.6.4-10.el7.centos.2 Installed: ipa-server-common-4.6.4-10.el7.centos.noarch (@cr) ipa-server-common = 4.6.4-10.el7.centos Error: Package: ipa-server-4.6.4-10.el7.centos.x86_64 (@cr) Requires: python2-ipaserver = 4.6.4-10.el7.centos Removing: python2-ipaserver-4.6.4-10.el7.centos.noarch (@cr) python2-ipaserver = 4.6.4-10.el7.centos Updated By: python2-ipaserver-4.6.4-10.el7.centos.2.noarch (updates) python2-ipaserver = 4.6.4-10.el7.centos.2 Error: Package: python2-ipaclient-4.6.4-10.el7.centos.2.noarch (updates) Requires: ipa-common = 4.6.4-10.el7.centos.2 Installed: ipa-common-4.6.4-10.el7.centos.noarch (@cr) ipa-common = 4.6.4-10.el7.centos Error: Package: python2-ipaclient-4.6.4-10.el7.centos.2.noarch (updates) Requires: ipa-client-common = 4.6.4-10.el7.centos.2 Installed: ipa-client-common-4.6.4-10.el7.centos.noarch (@cr) ipa-client-common = 4.6.4-10.el7.centos Error: Package: python2-ipalib-4.6.4-10.el7.centos.2.noarch (updates) Requires: ipa-common = 4.6.4-10.el7.centos.2 Installed: ipa-common-4.6.4-10.el7.centos.noarch (@cr) ipa-common = 4.6.4-10.el7.centos Error: Package: ipa-client-4.6.4-10.el7.centos.x86_64 (@cr) Requires: python2-ipaclient = 4.6.4-10.el7.centos Removing: python2-ipaclient-4.6.4-10.el7.centos.noarch (@cr) python2-ipaclient = 4.6.4-10.el7.centos Updated By: python2-ipaclient-4.6.4-10.el7.centos.2.noarch (updates) python2-ipaclient = 4.6.4-10.el7.centos.2 Error: Package: python2-ipaserver-4.6.4-10.el7.centos.2.noarch (updates) Requires: ipa-common = 4.6.4-10.el7.centos.2 Installed: ipa-common-4.6.4-10.el7.centos.noarch (@cr) ipa-common = 4.6.4-10.el7.centos You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] FreeIPA - client/replica errors
hi, free IPA everyone? I wanted to ask if you maybe seen below errors. I'm trying regular: $ ipa-client-install --principal=admin --password="ccnR.Biotec13#diradm" --enable-dns-updates and it fails: ... Valid From: 2018-01-09 16:51:35 Valid Until: 2038-01-09 16:51:35 Enrolled in IPA realm PRIVATE.CCNR.CEB.PRIVATE.CAM.AC.UK Please make sure the following ports are opened in the firewall settings: TCP: 80, 88, 389 UDP: 88 (at least one of TCP/UDP ports 88 has to be open) Also note that following ports are necessary for ipa-client working properly after enrollment: TCP: 464 UDP: 464, 123 (if NTP enabled) Failed to obtain host TGT: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638936): Preauthentication failed Installation failed. Rolling back changes. Unconfigured automount client failed: Command 'ipa-client-automount --uninstall --debug' returned non-zero exit status 1 Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Client uninstall complete. The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information It's not time sync problem, server & client candidate are in sync. Simple install, server installed okey but client fails as above. Does your IPA VERSION: 4.5.0, API_VERSION: 2.228 install okey, with no problems? many thanks, L. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] FreeIPA 4.1.1 does not install on Cntos7
Hi, We're looking to run freeipa 4.1.1 on CentOS 7. 1. after include: * mkosek-freeipa-epel-7.repo 2. Write this: * yum install freeipa-server 3. I get this error: * Error: Package: pki-base-10.2.0-3.el7.centos.noarch (mkosek-freeipa) * Requires: jackson-jaxrs-json-provider I would appreciate any ideas. -- Cosme Faria Corrêa ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA 4.1.1 does not install on Cntos7
Am 18.11.2014 um 14:45 schrieb Cosme Faria Corrêa cosm...@gmail.com: We're looking to run freeipa 4.1.1 on CentOS 7. 1. after include: * mkosek-freeipa-epel-7.repo 2. Write this: * yum install freeipa-server 3. I get this error: * Error: Package: pki-base-10.2.0-3.el7.centos.noarch (mkosek-freeipa) * Requires: jackson-jaxrs-json-provider I would appreciate any ideas. wrong list - FreeIPA list/site/support channels are more appropriate. -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA 4.1.1 does not install on Cntos7
Am 18.11.2014 um 17:00 schrieb m.r...@5-cent.us: Leon Fauster wrote: Am 18.11.2014 um 14:45 schrieb Cosme Faria Corrêa cosm...@gmail.com: We're looking to run freeipa 4.1.1 on CentOS 7. 1. after include: * mkosek-freeipa-epel-7.repo 2. Write this: * yum install freeipa-server 3. I get this error: * Error: Package: pki-base-10.2.0-3.el7.centos.noarch (mkosek-freeipa) * Requires: jackson-jaxrs-json-provider I would appreciate any ideas. wrong list - FreeIPA list/site/support channels are more appropriate. I disagree - he's trying to yum install a package from, ahh, looks like epel, and it's got broken dependencies. If anything, it's epel that he should complain to. https://copr.fedoraproject.org/coprs/mkosek/freeipa/ -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA 4.1.1 does not install on Cntos7
On 11/18/2014 4:12 PM, Leon Fauster wrote: Am 18.11.2014 um 17:00 schriebm.r...@5-cent.us: Leon Fauster wrote: Am 18.11.2014 um 14:45 schrieb Cosme Faria Corrêacosm...@gmail.com: We're looking to run freeipa 4.1.1 on CentOS 7. 1. after include: * mkosek-freeipa-epel-7.repo 2. Write this: * yum install freeipa-server 3. I get this error: * Error: Package: pki-base-10.2.0-3.el7.centos.noarch (mkosek-freeipa) * Requires: jackson-jaxrs-json-provider I would appreciate any ideas. wrong list - FreeIPA list/site/support channels are more appropriate. I disagree - he's trying to yum install a package from, ahh, looks like epel, and it's got broken dependencies. If anything, it's epel that he should complain to. https://copr.fedoraproject.org/coprs/mkosek/freeipa/ wild guess... maybe he has to enable that repository AND epel for this to work. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA 4.1.1 does not install on Cntos7
2014-11-19 1:28 GMT+01:00 John R Pierce pie...@hogranch.com: On 11/18/2014 4:12 PM, Leon Fauster wrote: Am 18.11.2014 um 17:00 schriebm.r...@5-cent.us: Leon Fauster wrote: Am 18.11.2014 um 14:45 schrieb Cosme Faria Corrêacosm...@gmail.com: We're looking to run freeipa 4.1.1 on CentOS 7. 1. after include: * mkosek-freeipa-epel-7.repo 2. Write this: * yum install freeipa-server 3. I get this error: * Error: Package: pki-base-10.2.0-3.el7.centos.noarch (mkosek-freeipa) * Requires: jackson-jaxrs-json-provider I would appreciate any ideas. wrong list - FreeIPA list/site/support channels are more appropriate. I disagree - he's trying to yum install a package from, ahh, looks like epel, and it's got broken dependencies. If anything, it's epel that he should complain to. https://copr.fedoraproject.org/coprs/mkosek/freeipa/ wild guess... maybe he has to enable that repository AND epel for this to work. This issue has been discussed over at the freeipa-users list. The solution, for now, is to build jackson-jaxrs-json-provider yourself. - Jitse ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA on Centos 6
2012/6/26 James Hogarth james.hoga...@gmail.com: Is anybody using http://freeipa.org on a CentOS 6 server? Is it working well? Yes and yes I suggest checking out the FreeIPA mailing list and IRC channel if you have any trouble as you'll find quite a few people there. As a heads up IPA 2.2 will be coming in CentOS 6.3 which includes SSH key maintenance in IPA and form based authentication for when you don't have a kerberos token to pass to the IPA interface. Hi, deployed it at work, two (kvm) instances for HA, with DNS. Named segfaulted here and there, and when the master instance failed, takeover didn't work for whatever reason. A really nice piece of software i'd have liked to continue to use, but not yet prod ready imho. I guess I'll have another look after 6.3. HTH, Laurent. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA on Centos 6
Named segfaulted here and there, and when the master instance failed, takeover didn't work for whatever reason. I have four IPAs replicating together across two DCs with full DNS and CA integration plus using it for sudo management as well fully stable. Have never seen the behaviour you describe and there is no 'master' to take over from since it is multi master so no take over even exists much less is required ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA on Centos 6
Is there a HOWTO for this somewhere? Sounds like a very useful setup All the docs needed to set up that bit can be found on docs.redhat.com ... the identity management guide in the rhel6 section. I've written some more advanced guides on the freeipa wiki (look at how tos under documentation) covering Apache auth against IPA and IPA for httpd certificate management... will soon add my kvm/libvirt/vnc authentication against IPA doc as well - just waiting on feedback before adding it to the how to section. If there are any specific how tos you'd like to see on there feel free to suggest... and always feel free to ping me... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA on Centos 6
On Wed, Jun 27, 2012 at 8:39 AM, James Hogarth james.hoga...@gmail.comwrote: Named segfaulted here and there, and when the master instance failed, takeover didn't work for whatever reason. I have four IPAs replicating together across two DCs with full DNS and CA integration plus using it for sudo management as well fully stable. Have never seen the behaviour you describe and there is no 'master' to take over from since it is multi master so no take over even exists much less is required +1. IPA is a very nice addition to the linux environment. And getting better all the time :-) Finally we can deploy a secure, trusted network without having to hack 20 different software pieces together. TUV has really nailed this one. -- groet, natxo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA on Centos 6
On Wed, Jun 27, 2012 at 2:39 AM, James Hogarth james.hoga...@gmail.comwrote: Named segfaulted here and there, and when the master instance failed, takeover didn't work for whatever reason. I have four IPAs replicating together across two DCs with full DNS and CA integration plus using it for sudo management as well fully stable. Have never seen the behaviour you describe and there is no 'master' to take over from since it is multi master so no take over even exists much less is required ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Thanks. What's DC in this context? Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA on Centos 6
On Wed, Jun 27, 2012 at 11:15 AM, Boris Epstein borepst...@gmail.comwrote: On Wed, Jun 27, 2012 at 2:39 AM, James Hogarth james.hoga...@gmail.com wrote: Named segfaulted here and there, and when the master instance failed, takeover didn't work for whatever reason. I have four IPAs replicating together across two DCs with full DNS and CA integration plus using it for sudo management as well fully stable. Have never seen the behaviour you describe and there is no 'master' to take over from since it is multi master so no take over even exists much less is required ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Thanks. What's DC in this context? Boris. datacenters? -- groeten, natxo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA on Centos 6
datacenters? Bingo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] FreeIPA on Centos 6
Hello all, Is anybody using http://freeipa.org on a CentOS 6 server? Is it working well? Thanks. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA on Centos 6
Is anybody using http://freeipa.org on a CentOS 6 server? Is it working well? Yes and yes I suggest checking out the FreeIPA mailing list and IRC channel if you have any trouble as you'll find quite a few people there. As a heads up IPA 2.2 will be coming in CentOS 6.3 which includes SSH key maintenance in IPA and form based authentication for when you don't have a kerberos token to pass to the IPA interface. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
Craig White wrote: doing some googling, this seems to be about the most current/relevant thing I have found wrt to running freeipa server on CentOS http://howtoforge.com/how-to-build-rhel-ipa-rpms-for-centos-5 That mostly looks to be a waste of time to me, specially given that Red Hat have made it public that FreeIPA might not really ever be a RHEL product line, and if it does make it, the packaging format etc will be very different from whats out there at the moment. And to the idiot who wrote that article on howtoforge : ( how do they find such brain dead morons ? ) directly url'ing the testing repo is really not recommended. - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
I have heard rumours from some Red Hat employees that IPA will be integrated into Spacewalk this was about 1.5 months ago which would also make sense since Spacewalk is supposed to be their single point of management tool. But as I said it's rumours. Regards Per Qvindesland --- Original message follows --- SUBJECT: Re: [CentOS] FreeIPA FROM: Fabian Arrotin TO: CentOS mailing list DATE: 08-04-2009 13:26 Craig White wrote: doing some googling, this seems to be about the most current/relevant thing I have found wrt to running freeipa server on CentOS http://howtoforge.com/how-to-build-rhel-ipa-rpms-for-centos-5 which I'm not totally adverse to doing but I have to ask, is there something packaged? (I've looked in 'testing' and in 'extras' and in epel) Has anyone followed some other instructions? Craig I spoke with Simo Sorce at the Fosdem event regarding that (having IPA/FreeIPA rpms sitting in the Extras repository) Due to the fact that Red Hat made it clear now that the actual RHEIPA will be discontinued (at least in its actual form and will probably change to something else ...) we still don't know what direction to take. Rebuilding FreeIPA is probably possible too but how long will that be possible ? FreeIPA isn't looking at being backward compatible and don't focus on RHEL interopability. It can probably work for a certain time, but surely not as long as an Enterprise timelife ... That's maybe worth discussing it though. On the other hand, centos-ds is in the testing repo for a while and there were not a lot of feedback : the plan is/was to move it to extras when enough testing/reports have hit the -devel list ... -- -- Fabian Arrotin idea=`grep -i clue /dev/brain` test -z $idea echo sorry, init 6 in progress || sh ./answer.sh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
On Wed, 2009-04-08 at 13:26 +0200, Fabian Arrotin wrote: Craig White wrote: doing some googling, this seems to be about the most current/relevant thing I have found wrt to running freeipa server on CentOS http://howtoforge.com/how-to-build-rhel-ipa-rpms-for-centos-5 which I'm not totally adverse to doing but I have to ask, is there something packaged? (I've looked in 'testing' and in 'extras' and in epel) Has anyone followed some other instructions? Craig I spoke with Simo Sorce at the Fosdem event regarding that (having IPA/FreeIPA rpms sitting in the Extras repository) Due to the fact that Red Hat made it clear now that the actual RHEIPA will be discontinued (at least in its actual form and will probably change to something else ...) we still don't know what direction to take. Rebuilding FreeIPA is probably possible too but how long will that be possible ? FreeIPA isn't looking at being backward compatible and don't focus on RHEL interopability. It can probably work for a certain time, but surely not as long as an Enterprise timelife ... That's maybe worth discussing it though. On the other hand, centos-ds is in the testing repo for a while and there were not a lot of feedback : the plan is/was to move it to extras when enough testing/reports have hit the -devel list ... obviously Simo is in a position to know about these things. I guess the thing that surprises me is that I went to the Red Hat road show last September and they were promoting FreeIPA as the up and coming technology and so I was rather shocked that it seemed impossible (to me anyway) to build a reasonably current version on CentOS (and by extension, RHEL). I will install CentOS-DS but I suspect that what I will find is that it is a stable version of Fedora-DS which is fine, but I have Fedora-DS running somewhere else already and by itself, it didn't give me any goosebumps and was more painful to setup than OpenLDAP. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
On Wed, 2009-04-08 at 10:24 +0100, Karanbir Singh wrote: Craig White wrote: doing some googling, this seems to be about the most current/relevant thing I have found wrt to running freeipa server on CentOS http://howtoforge.com/how-to-build-rhel-ipa-rpms-for-centos-5 That mostly looks to be a waste of time to me, specially given that Red Hat have made it public that FreeIPA might not really ever be a RHEL product line, and if it does make it, the packaging format etc will be very different from whats out there at the moment. And to the idiot who wrote that article on howtoforge : ( how do they find such brain dead morons ? ) directly url'ing the testing repo is really not recommended. I just sort of used that as a guideline and used EPEL first, Fedora-10 source second for packages to try to build because of things I noticed in the changelogs, etc. I managed to get all the requisites handled except for popt-devel which I discussed but that didn't seem to be the deal breaker. Now that I recognize that the current version of freeipa wasn't meant to be built on RHEL, I will change course because I don't want to make that my mission if they don't. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
On Wed, 2009-04-08 at 10:31 +0200, Rainer Duffner wrote: Craig White schrieb: Sure but that's not typically the realm I play in. My typical client is 50 users and having a server just for authentication is harder to justfiy. In that case, shelling out the 7-something grand for RHE-IPA is probably also not an option, I assume. Reminds me of the old joke whose punchline goes something like, we've already determined what you are and now we're just haggling over the price. I myself have an older server which doesn't support hardware virtualization. Perhaps you're right, I set up something in virtualization and use Fedora but the churn rate of Fedora is just too much, especially for an authentication server. But maybe this is of help: http://www.howtoforge.com/how-to-build-rhel-ipa-rpms-for-centos-5 I listed that URL in my first post on this thread. I used that as a semi-guide but got build requisites from EPEL Fedora-10-SRPMS instead just to have a shot at building 1.2.0 instead of the 1.0.0 version discussed on that page. Thanks Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
Craig White wrote: On Wed, 2009-04-08 at 10:31 +0200, Rainer Duffner wrote: Craig White schrieb: Sure but that's not typically the realm I play in. My typical client is 50 users and having a server just for authentication is harder to justfiy. In that case, shelling out the 7-something grand for RHE-IPA is probably also not an option, I assume. Reminds me of the old joke whose punchline goes something like, we've already determined what you are and now we're just haggling over the price. I myself have an older server which doesn't support hardware virtualization. Perhaps you're right, I set up something in virtualization and use Fedora but the churn rate of Fedora is just too much, especially for an authentication server. But maybe this is of help: http://www.howtoforge.com/how-to-build-rhel-ipa-rpms-for-centos-5 I listed that URL in my first post on this thread. I used that as a semi-guide but got build requisites from EPEL Fedora-10-SRPMS instead just to have a shot at building 1.2.0 instead of the 1.0.0 version discussed on that page. Thanks Craig I've been watching the discussion and read the RHEL docs about IPA and thought At Last something that brings together all the bits for the little guy. Now it appears the RH is going to drop the ball. I have tried OpenLDAP and currently have a CentOS-DS running but am missing the bits that glue it all together. The actual core services (LDAP (either variant) Kerberos PAM samba etc) are simple enough to install on CentOS but the stuff that makes it just work is very difficult for me to get my head around and thus I've never actually got a setup working well enough to risk on my clients. The excellent how-to for amavis http://wiki.centos.org/HowTos/Amavisd is just wonderful. Congratulations and thanks to the author - it just works. We need more of this!! Back to secure authentication and having a single (replicated) place for all the users/groups/policy It seems enterprises have the bucks and folk to learn all the mumbo-jumbo needed to get it working, or the other scenario is integrating with microsoft based ads, neither of which fits my needs. I have purchased text books on LDAP etc and still cannot get a recipe that works for a small enterprise with maybe two or three servers, one or two locations and less than 50 people. I end up doing all the admin by hand - samba is working, the clients can simply log in once on their windoze machine but oh the back ground work to keep it going.sigh. Any good documents or apps out there? Rob begin:vcard fn:Rob Kampen n:Kampen;Rob email;internet:rkam...@kampensonline.com tel;work:407-896-9556 x6344 tel;fax:407-896-7607 tel;home:407-876-4854 tel;cell:407-341-3815 version:2.1 end:vcard ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
Rob Kampen wrote: I've been watching the discussion and read the RHEL docs about IPA and thought At Last something that brings together all the bits for the little guy. Now it appears the RH is going to drop the ball. I have tried OpenLDAP and currently have a CentOS-DS running but am missing the bits that glue it all together. The actual core services (LDAP (either variant) Kerberos PAM samba etc) are simple enough to install on CentOS but the stuff that makes it just work is very difficult for me to get my head around and thus I've never actually got a setup working well enough to risk on my clients. I have started with SME: http://wiki.contribs.org/Main_Page This is a good NT Domain + equiv on Centos 4.7 and they have Centos 5.2 (I hope now 5.3) in beta. I have not looked enough into their roadmap to see what is being done with LDAP... Another effort on Fedora is Amahi.org. This is more a home product with a WorkGroup orientation. The inclusion of home apps like streaming music makes it very attractive. SME is a well organized effort, originally back? by Mitel. Amahi started as a one-man effort (though the one man behind it has impressive credentials) and has developed a 'plugin' community. Craig well knows the efforts of a couple of k12 guys to get some SAMBA integration together (http://majen.net/smbldap/). This seems to have stagnated. I am hoping that SME continues to evolve. Their VoIP version is the perfect place to get serious with LDAP. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
On Wed, 2009-04-08 at 13:11 -0400, Robert Moskowitz wrote: Rob Kampen wrote: I've been watching the discussion and read the RHEL docs about IPA and thought At Last something that brings together all the bits for the little guy. Now it appears the RH is going to drop the ball. I have tried OpenLDAP and currently have a CentOS-DS running but am missing the bits that glue it all together. The actual core services (LDAP (either variant) Kerberos PAM samba etc) are simple enough to install on CentOS but the stuff that makes it just work is very difficult for me to get my head around and thus I've never actually got a setup working well enough to risk on my clients. I have started with SME: http://wiki.contribs.org/Main_Page This is a good NT Domain + equiv on Centos 4.7 and they have Centos 5.2 (I hope now 5.3) in beta. I have not looked enough into their roadmap to see what is being done with LDAP... Another effort on Fedora is Amahi.org. This is more a home product with a WorkGroup orientation. The inclusion of home apps like streaming music makes it very attractive. SME is a well organized effort, originally back? by Mitel. Amahi started as a one-man effort (though the one man behind it has impressive credentials) and has developed a 'plugin' community. Craig well knows the efforts of a couple of k12 guys to get some SAMBA integration together (http://majen.net/smbldap/). This seems to have stagnated. I am hoping that SME continues to evolve. Their VoIP version is the perfect place to get serious with LDAP. indeed, I do know about the k12ltsp efforts and the result was somewhat predictable. All of the networks that I have setup and maintain use LDAP for authentication (Linux/Macintosh/Windows) and use a Samba PDC/BDC, DNS, DHCP, etc. and in fact, use the same users $HOME directory regardless of which OS they log into. I have also adapted automounts for Linux Macintosh users into LDAP but Windows users mount shares via login scripts. I have also been using WPKG for automatic software installation on Windows systems. I don't have much interest in SME myself. FreeIPA seemed to have the whole bundle. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
Robert Moskowitz wrote: I've been watching the discussion and read the RHEL docs about IPA and thought At Last something that brings together all the bits for the little guy. Now it appears the RH is going to drop the ball. I have tried OpenLDAP and currently have a CentOS-DS running but am missing the bits that glue it all together. The actual core services (LDAP (either variant) Kerberos PAM samba etc) are simple enough to install on CentOS but the stuff that makes it just work is very difficult for me to get my head around and thus I've never actually got a setup working well enough to risk on my clients. I have started with SME: http://wiki.contribs.org/Main_Page This is a good NT Domain + equiv on Centos 4.7 and they have Centos 5.2 (I hope now 5.3) in beta. I have not looked enough into their roadmap to see what is being done with LDAP... Another effort on Fedora is Amahi.org. This is more a home product with a WorkGroup orientation. The inclusion of home apps like streaming music makes it very attractive. SME is a well organized effort, originally back? by Mitel. Amahi started as a one-man effort (though the one man behind it has impressive credentials) and has developed a 'plugin' community. Craig well knows the efforts of a couple of k12 guys to get some SAMBA integration together (http://majen.net/smbldap/). This seems to have stagnated. I am hoping that SME continues to evolve. Their VoIP version is the perfect place to get serious with LDAP. Has anyone looked at the version of ClarkConnect now in beta? This is similar to SME but perhaps a more modern approach (and with separate free/commercial versions...). The blurb claims that the initial setup provides LDAP authentication for easy expansion. That's something I've thought every Linux distro should have had for years, but I don't know if it actually works. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
Craig White wrote: All of the networks that I have setup and maintain use LDAP for authentication (Linux/Macintosh/Windows) and use a Samba PDC/BDC, DNS, DHCP, etc. and in fact, use the same users $HOME directory regardless of which OS they log into. I have also adapted automounts for Linux Macintosh users into LDAP but Windows users mount shares via login scripts. I have also been using WPKG for automatic software installation on Windows systems. I don't have much interest in SME myself. FreeIPA seemed to have the whole bundle. The place where SME becomes interesting is where someone who doesn't know Linux wants a server for a home or small office setting mostly running windows - and they want to install and maintain it themselves instead of having you do it for them. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
On Wed, 2009-04-08 at 12:36 -0500, Les Mikesell wrote: Craig White wrote: I don't have much interest in SME myself. FreeIPA seemed to have the whole bundle. The place where SME becomes interesting is where someone who doesn't know Linux wants a server for a home or small office setting mostly running windows - and they want to install and maintain it themselves instead of having you do it for them. makes sense to me - I'm just not interested in using it myself. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
snip Has anyone looked at the version of ClarkConnect now in beta? This is similar to SME but perhaps a more modern approach (and with separate free/commercial versions...). The blurb claims that the initial setup provides LDAP authentication for easy expansion. That's something I've thought every Linux distro should have had for years, but I don't know if it actually works. I'm waiting for it to come out of beta to see how it works. I run the previous version at home and I love it. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] FreeIPA
doing some googling, this seems to be about the most current/relevant thing I have found wrt to running freeipa server on CentOS http://howtoforge.com/how-to-build-rhel-ipa-rpms-for-centos-5 which I'm not totally adverse to doing but I have to ask, is there something packaged? (I've looked in 'testing' and in 'extras' and in epel) Has anyone followed some other instructions? Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
On Tue, 2009-04-07 at 08:24 -0700, Craig White wrote: doing some googling, this seems to be about the most current/relevant thing I have found wrt to running freeipa server on CentOS http://howtoforge.com/how-to-build-rhel-ipa-rpms-for-centos-5 which I'm not totally adverse to doing but I have to ask, is there something packaged? (I've looked in 'testing' and in 'extras' and in epel) Has anyone followed some other instructions? hmmm...no one using freeipa I think. I was able to get it to compile using the above but that was version 1.0.0 and they're up to 1.2.1 on their web site. Fedora 10 has 1.2.0 src rpm but it has a requirement of popt-devel which I couldn't find for CentOS-5. I could build the Fedora 10 version of the popt/popt-devel rpms but I couldn't install popt-devel without popt and that caused all sorts of issues with rpm/rpm-devel/rpm-build, to the point where I chickened out. When I commented out the requirement for popt-devel in the spec file, of course it wouldn't build anyway (ldapi-plugin-winsync didn't seem to me to be related to popt-devel but who knows). ;-( It would seem that if Red Hat were serious about freeipa, they would make it so that it actually could build a non-ancient version on RHEL (CentOS). Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
Hi, On Tue, Apr 7, 2009 at 23:42, Craig White craigwh...@azapple.com wrote: Fedora 10 has 1.2.0 src rpm but it has a requirement of popt-devel which I couldn't find for CentOS-5. CentOS5's popt package contains the development libraries and headers. rpm -ql popt shows that libpopt.a, libpopt.so and popt.h are there, so you should be able to safely remove that dependency from the specfile and build it from there. When I commented out the requirement for popt-devel in the spec file, of course it wouldn't build anyway (ldapi-plugin-winsync didn't seem to me to be related to popt-devel but who knows). ;-( Definitely not related. Have you looked into the CentOS Directory Server instead? http://wiki.centos.org/HowTos/DirectoryServerSetup I don't know if that one contains all the components of FreeIPA, but at least the main ones should be there. It would seem that if Red Hat were serious about freeipa, they would make it so that it actually could build a non-ancient version on RHEL (CentOS). As usual, if you want cutting-edge it will be in Fedora. If you want stable it will be in RHEL/CentOS. It seems to me that FreeIPA is a quite contained and integrated package, and it makes sense to have dedicated machines to run it. Why don't you just use FreeIPA itself instead of trying to shoehorn its packages into CentOS, ending up with something that will probably lack the advantages of both parts? HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FreeIPA
On Wed, 2009-04-08 at 00:06 -0400, Filipe Brandenburger wrote: Hi, On Tue, Apr 7, 2009 at 23:42, Craig White craigwh...@azapple.com wrote: Fedora 10 has 1.2.0 src rpm but it has a requirement of popt-devel which I couldn't find for CentOS-5. CentOS5's popt package contains the development libraries and headers. rpm -ql popt shows that libpopt.a, libpopt.so and popt.h are there, so you should be able to safely remove that dependency from the specfile and build it from there. you could be right. I checked on my Fedora system and the file list from popt-devel seemed to have a lot more than just the popt on CentOS but I didn't look at it all that closely. As I said, I just commented it out (the dependency). When I commented out the requirement for popt-devel in the spec file, of course it wouldn't build anyway (ldapi-plugin-winsync didn't seem to me to be related to popt-devel but who knows). ;-( Definitely not related. Have you looked into the CentOS Directory Server instead? http://wiki.centos.org/HowTos/DirectoryServerSetup I don't know if that one contains all the components of FreeIPA, but at least the main ones should be there. no, I haven't and I probably will. I wanted to play with freeipa because I had a little time for experimenting. I typically use OpenLDAP but have Fedora-DS running at a clients place. I think I like OpenLDAP more but I would like Fedora-DS (or CentOS-DS) more if it were integrated with kerberos, policy and audit. It would seem that if Red Hat were serious about freeipa, they would make it so that it actually could build a non-ancient version on RHEL (CentOS). As usual, if you want cutting-edge it will be in Fedora. If you want stable it will be in RHEL/CentOS. It seems to me that FreeIPA is a quite contained and integrated package, and it makes sense to have dedicated machines to run it. Why don't you just use FreeIPA itself instead of trying to shoehorn its packages into CentOS, ending up with something that will probably lack the advantages of both parts? Sure but that's not typically the realm I play in. My typical client is 50 users and having a server just for authentication is harder to justfiy. I myself have an older server which doesn't support hardware virtualization. Perhaps you're right, I set up something in virtualization and use Fedora but the churn rate of Fedora is just too much, especially for an authentication server. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Freeipa
Hell List I am trying to build freeipa by using this howto http://www.howtoforge.com/how-to-build-rhel-ipa-rpms-for-centos-5 I have managed to get most of it done but when I start compiling I get the following error: checking host system type... x86_64-redhat-linux-gnu checking for GNU linker... yes configure: not adding extra gcc warning flags because CFLAGS was set configure: enabling built in krb4 support checking which version of com_err to use... system checking for add_error_table in -lcom_err... no configure: error: cannot find add_error_table in com_err library error: Bad exit status from /var/tmp/rpm-tmp.28988 (%build) Has anyone got any idea of where I am failing? Kind regards Per Qvindesland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Freeipa
Per Qvindesland wrote: Hell List I am trying to build freeipa by using this howto http://www.howtoforge.com/how-to-build-rhel-ipa-rpms-for-centos-5 I have managed to get most of it done but when I start compiling I get the following error: checking host system type... x86_64-redhat-linux-gnu checking for GNU linker... yes configure: not adding extra gcc warning flags because CFLAGS was set configure: enabling built in krb4 support checking which version of com_err to use... system checking for add_error_table in -lcom_err... no configure: error: cannot find add_error_table in com_err library error: Bad exit status from /var/tmp/rpm-tmp.28988 (%build) Has anyone got any idea of where I am failing? have you installed e2fsprogs-devel ? # yum install e2fsprogs-devel ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos