On Mon, Mar 18, 2019 at 06:14:16PM +0200, Alexander Bokovoy wrote:
> On ma, 18 maalis 2019, Jelle de Jong via FreeIPA-users wrote:
> > Hello everybody,
> >
> >
> > I am looking for a way to have different authentication policy for a
> > freeia-client logout and screenlock on linux workstations.
Hi Rob,
thanks for pointing us into that direction.
Actually, I already looked into /var/log/pkg/pkg-tomcat/ca/debug, but couldn't
find anything that rang the bell. Here are the last couple of lines.
[root@ipa2 ca]# tail -40 debug
[18/Mar/2019:14:36:39][SerialNumberUpdateTask]: TCP Keep-Alive:
Hi,
thanks for coming back to this.
here is the output:
[root@ipa2 ~]# klist -ekt /etc/dirsrv/ds.keytab
Keytab name: FILE:/etc/dirsrv/ds.keytab
KVNO Timestamp Principal
--- --
2 08/15/2016 11:18:33
Robbie Harwood via FreeIPA-users wrote:
> Marisa Sandhoff via FreeIPA-users
> writes:
>
>> [18/Mar/2019:14:36:27.577557647 +0100] - ERR - set_krb5_creds - Could
>> not get initial credentials for principal
>> [ldap/ipa2.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de] in
>> keytab
On Mon, Mar 18, 2019 at 06:14:16PM +0200, Alexander Bokovoy via FreeIPA-users
wrote:
> On ma, 18 maalis 2019, Jelle de Jong via FreeIPA-users wrote:
> > Hello everybody,
> >
> >
> > I am looking for a way to have different authentication policy for a
> > freeia-client logout and screenlock on
On ma, 18 maalis 2019, Jelle de Jong via FreeIPA-users wrote:
Hello everybody,
I am looking for a way to have different authentication policy for a
freeia-client logout and screenlock on linux workstations.
When a user logs in I want to use my password+otp (this is working)!
When a user
On Mon, Mar 18, 2019 at 4:53 PM Rob Crittenden wrote:
>
>
> ipa-replica-manage del --cleanup --force will clean these
> entries up, and others.
>
> rob
Rob,
I tried this. It didn't work. The command itself failed with the same
error message:
PKINIT enabled server': all masters must have IPA
Dmitry Perets via FreeIPA-users wrote:
>>
>> Exactly as the others report, I can no longer login to the WebUI. It says
>> "invalid
>> 'PKINIT enabled server': all masters must have IPA master role enabled" and
>> then throws an exception:
>>
>
> UPDATE: To resolve it, you can delete the
Hello everybody,
I am looking for a way to have different authentication policy for a
freeia-client logout and screenlock on linux workstations.
When a user logs in I want to use my password+otp (this is working)!
When a user locks it screen I want to be able unlock it with only the
>
> Exactly as the others report, I can no longer login to the WebUI. It says
> "invalid
> 'PKINIT enabled server': all masters must have IPA master role enabled" and
> then throws an exception:
>
UPDATE: To resolve it, you can delete the following subtree entirely:
DN:
On ma, 18 maalis 2019, Dmitry Perets via FreeIPA-users wrote:
Sorry, this was actually my response to another thread, but due to some
issue, it was posted like a separate thread... I think it was caused by
GMAIL that popped up when I tried to reply. @moderators, if possible,
please delete
Dear all,
after a short power outage this morning the server hosting our virtual
machine ipa2 (running ipa-server-4.6.4-10) had lost its harddisks. After
a reboot the server and the virtual machine ipa2 are back, but the ipa
service cannot be started (it trys a long time to start pki-tomcat and
Sorry, this was actually my response to another thread, but due to some issue,
it was posted like a separate thread... I think it was caused by GMAIL that
popped up when I tried to reply. @moderators, if possible, please delete this...
___
Hi,
I have the same issue right now...
I had two working replicas, and I tried to add the third one. But due
to some issues with ansible playbook, the installation of that third
replica failed in the middle (I believe ansible lost SSH connection
somewhere in the middle). That obviously left the
On ma, 18 maalis 2019, Mateusz O via FreeIPA-users wrote:
I read information from link and resigns from idea to block users to viev
information about other users.
About password issue.
I'm creating a new user which is in default 'ipausers' group and are not
assigned to any role.
When I log
I read information from link and resigns from idea to block users to viev
information about other users.
About password issue.
I'm creating a new user which is in default 'ipausers' group and are not
assigned to any role.
When I log using new created account I can reset others password.
On 3/15/19 8:16 PM, Azim Siddiqui wrote:
HiĀ Florence,
Hope you are doing good. I tried the way you said. But still, it is
showing certificateĀ is expired.
Let me be more clear about it.
We have apache running with an expired certificate which is signed by
FreeIPA. Now I want to renew or
Hello,
I want to gave users possibility to change their password, but when I log in
using user from ipausers group I can view others account and reset their
passwords.
How to block it? I wan to set everything to block a normal user from group
ipausers view others account (he's able to see
18 matches
Mail list logo