Hi Charles,
On 11/16/17 7:59 PM, Charles Hedrick via FreeIPA-users wrote:
> I’ve seen the same thing. Or at least I think it seems like it’s related.
>
> We have three servers, all on Centos. The initial one was installed under
> 7.3, using defaults. That caused it to generate a self-signed CA.
Hello the list,
Is it possible to enable two-factor authentication using Google Authenticator
on FreeIPA on specific hosts or groups of hosts?
Alternatively, are there any recommendations on modifying the Pam configuration
on these 2FA required machines to grab the OTP token from FreeIPA when a
On Thu, Nov 16, 2017 at 02:04:24PM -0500, Rob Crittenden wrote:
> john.bowman--- via FreeIPA-users wrote:
> > Still looking for any ideas on this one so giving it a bump.
>
> Next time please don't wipe out all the context.
>
> Fraser, it seems to be having a problem connecting to the security do
Hi Charles,
The pwmproxy account is able to reset other user’s passwords from the command
line using `ipa passwd username`
However, it not getting permission when using the PWM API or when logged in.
Regards,
Aaron
From: Charles Hedrick [mailto:hedr...@rutgers.edu]
Sent: Frida
Apologies, I hit reply from the list's web page instead of replying from
email and it did not include the history automatically.
On Thu, Nov 16, 2017 at 1:04 PM, Rob Crittenden wrote:
> john.bowman--- via FreeIPA-users wrote:
> > Still looking for any ideas on this one so giving it a bump.
>
> N
On Thu, Nov 16, 2017 at 12:10:01PM -0500, Chris Dagdigian via FreeIPA-users
wrote:
>
> The most fragile and user-angering aspect of our complex IPA setup in AWS is
> when user AD password checks mysteriously fail and deny login. All of the
> troubleshooting stuff works fine - user is recognized a
john.bowman--- via FreeIPA-users wrote:
> Still looking for any ideas on this one so giving it a bump.
Next time please don't wipe out all the context.
Fraser, it seems to be having a problem connecting to the security domain.
The full thread is at
https://lists.fedoraproject.org/archives/list/f
I’ve seen the same thing. Or at least I think it seems like it’s related.
We have three servers, all on Centos. The initial one was installed under 7.3,
using defaults. That caused it to generate a self-signed CA. We later added a
commercial cert for HTTP and LDAP. When we upgraded to 7.4, it ge
I can’t help with PWM, but I can say that I have a self-service web app that
does “ipa passwd” to change user passwords. It works fine, though the principal
it uses has to be registered specially if you don’t want the user to be forced
to change password the first time they login.
The following
The most fragile and user-angering aspect of our complex IPA setup in
AWS is when user AD password checks mysteriously fail and deny login.
All of the troubleshooting stuff works fine - user is recognized as
valid, ipa hbactest all work fine but the user gets permission denied
when logging in
Ludwig, that was perfect. I found some entries that had seemingly had
certs added very frequently, which I think was certmonger either going
rogue or, more likely, down to a misconfiguration. Removing these and
their corresponding tombstone entries reduced the directory size from
120MB to about 2M
On to, 16 marras 2017, Justin Smith via FreeIPA-users wrote:
I was tasked with setting up FreeIPA & Active Directory and connecting
them with a trust relationship.
On FreeIPA 4.5, I created ipa.companydomain.com, set up an internal DNS
zone for companydomain.com (which my company has used for
I was tasked with setting up FreeIPA & Active Directory and connecting them
with a trust relationship.
On FreeIPA 4.5, I created ipa.companydomain.com, set up an internal DNS zone
for companydomain.com (which my company has used for both internal and external
DNS - a bad practice, I know)
Still looking for any ideas on this one so giving it a bump.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Andrew Meyer wrote:
> I guess I could fix this by putting a host entry in the /etc/hosts file?
I'm nearly certain that it uses the DNS resolver directly so that
wouldn't work.
rob
>
>
> On Wednesday, November 15, 2017 11:11 PM, Rob Crittenden via
> FreeIPA-users wrote:
>
>
> Andrew Meyer vi
I guess I could fix this by putting a host entry in the /etc/hosts file?
On Wednesday, November 15, 2017 11:11 PM, Rob Crittenden via FreeIPA-users
wrote:
Andrew Meyer via FreeIPA-users wrote:
> When I try to add puppet i am getting the following error:
>
> [andrew.meyer@asm-automation
On 11/15/2017 04:55 PM, Mike Johnson wrote:
Thank you Ludwig. I did ask on #389 on freenode. The first response I
got said lkrispen (presumably you) you were the expert in this area.
:-)
I have since cleaned up some nsTombstone/nsds5ReplConflict records
according to the docs:
https://access.
Hi folks,
a few months ago I had replaced the externally signed root
certificate on my servers (CentOS 7.3) using ipa-cacert-manage.
Problem:
ipa-client-install on a freshly bootstrapped Debian 7 (Wheezy,
freeipa 3.0.2) fails. Apparently it stumbles over the old root
certificate:
# ipa-clien
18 matches
Mail list logo