Harald Dunkel via FreeIPA-users wrote:
> Hi Rob,
>
> On 12/06/17 17:39, Rob Crittenden via FreeIPA-users wrote:
>> Harald Dunkel via FreeIPA-users wrote:
>>> See attachment.
>>>
>>> Please note the "invalid certificate". Du you remember the thread
>>> on freeipa-devel about "ipa-client-install
Stupid question, but to stop anyone from logging in anywhere - for instance
during a maintenance period - is there an easy maintenance mode in IPA?
Or is the best method to disable all HBAC rules?
cheers
L.
--
"The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic civics
is the
Hi Rob,
We figured out there were a relatively small number of id clashes between uids
and gids between users and groups and have resolved most of them, we're now
working on making gidNumber = uidNumber with a python script calling user-mod
via the FreeIPA API. It's looking good in our test
On ke, 06 joulu 2017, Bret Wortman via FreeIPA-users wrote:
Is there an online guide to turning on a CA?
We had one, which signed all our SSL Certs and such. It worked quite
nicely. Then we rolled an upgrade around our IPA servers to get them
from Fedora to Centos, and in the process, we
> Does a group with gidNumber 100019 exist in IPA? It sounds like it doesn't.
> Is that what you mean by creating the groups?
No, it's the gid of the user, so exists only as a private user group.
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Thursday, 7
We use openvpn's "auth-user-pass-verify" option to call a perl script
that queries PAM.
I can't provide all of it since it has sensitive/corporate information
but essentially OpenVPN will provide the password used during client
negotiation as an environment variable, and the perl script sends
I already had the line in there for the plugin.
On Wednesday, December 6, 2017 2:28 PM, Andrew Meyer
wrote:
I think I did see that while searching, but did not click on it. I will now!
Thank you!
On Wednesday, December 6, 2017 2:24 PM, Michael Plemmons via
I think I did see that while searching, but did not click on it. I will now!
Thank you!
On Wednesday, December 6, 2017 2:24 PM, Michael Plemmons via FreeIPA-users
wrote:
Have you taken a look at this?
Have you taken a look at this?
https://github.com/OpenVPN/openvpn/tree/master/src/plugins/auth-pam
That is a plugin we have on our OpenVPN server which is backed by FreeIPA.
In our OpenVPN server conf file we have a line that looks like this.
plugin
Hello,
I am trying to configure my openvpn setup to authenticate against FreeIPA. I
have OpenVPN configured and is accepting connections. The package for
ldap_auth is installed and configured. However I have tried to setup anonymous
ldap lookups and authenticated ldap lookups and neither
Hi Rob,
On 12/06/17 17:39, Rob Crittenden via FreeIPA-users wrote:
> Harald Dunkel via FreeIPA-users wrote:
>> See attachment.
>>
>> Please note the "invalid certificate". Du you remember the thread
>> on freeipa-devel about "ipa-client-install (3.0.2 on Wheezy) fails
>> after root certificate
Harald Dunkel via FreeIPA-users wrote:
> See attachment.
>
> Please note the "invalid certificate". Du you remember the thread
> on freeipa-devel about "ipa-client-install (3.0.2 on Wheezy) fails
> after root certificate change via ipa-cacert-manage" and the
> output of "ipa-certupdate -v" I had
See attachment.
Please note the "invalid certificate". Du you remember the thread
on freeipa-devel about "ipa-client-install (3.0.2 on Wheezy) fails
after root certificate change via ipa-cacert-manage" and the
output of "ipa-certupdate -v" I had posted?
Regards
Harri
debug.txt.gz
Is there an online guide to turning on a CA?
We had one, which signed all our SSL Certs and such. It worked quite
nicely. Then we rolled an upgrade around our IPA servers to get them
from Fedora to Centos, and in the process, we failed to migrate the CA,
so we ended up with 3 servers without
Harald Dunkel via FreeIPA-users wrote:
> Hi folks,
>
> Platform: Centos 7.4, ipa 4.5.0-21
>
> The ipa service cannot be started anymore. Error message:
>
> # systemctl status ipa
> * ipa.service - Identity, Policy, Audit
>Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled; vendor
Aaron Hicks via FreeIPA-users wrote:
> Hello the list,
>
>
>
> We imported all our users with uidnumbers from our old LDAP, but their
> gidNumber was from 4 groups. This caused us issues with users wanting to
> grant access to personal spaces to one user, but instead granting access
> to all
Hi folks,
Platform: Centos 7.4, ipa 4.5.0-21
The ipa service cannot be started anymore. Error message:
# systemctl status ipa
* ipa.service - Identity, Policy, Audit
Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled; vendor preset:
disabled)
Active: failed (Result: exit-code)
Hello everybody,
I want to know, is there possibility to change default ldap scheme, where user
and groups are storing.
For instance, I have:
cn=USER, cn=groups, cn=accounts, dc=domain,dc=net
cn=GROUP-OF-USERS, cn=groups, cn=accounts, dc=domain,dc=net
It seems to be too straightforward. Can I
18 matches
Mail list logo