Hello,
Recently I've been experimenting on HSM with FreeIPA, I got stuck at the CA
generation, but it's a separate issue. I somehow achieve a successful key
generation on HSM with default key_algorimth/size/ settings. RSA 3072/2048
keys showed up on the HSM even after a failed CA installation but
On 5/24/19 6:12 PM, Khurrum Maqb via FreeIPA-users wrote:
We're running IPA 4.6.4-10.el7 with a CA over 4 replicas on Centos7 and would
like to properly configure smartcard authentication. The smartcards that we're
using have been signed by an External CA controlled by a different entity. So
t
On ma, 27 touko 2019, Prashant Bapat via FreeIPA-users wrote:
Hi Alexander,
I tried the "Id View" and "User ID Overrides". Questions below.
1. Does the user Id overrides need to be setup for each user/group in
AD one per ?
Yes. You need to have an object in LDAP where to store information for
Yes, we've had a few threads about monitoring.
I was hopeful about ipactl, but I already have a monitor for failed systemd
units in all my systems (which is nice). I would add port/URL checks
easily, but I'm not sure they will add a lot of value.
On Mon, May 27, 2019 at 10:30 AM John Keates wrot
Hi Alexander,
I tried the "Id View" and "User ID Overrides". Questions below.
1. Does the user Id overrides need to be setup for each user/group in AD one
per ?
2. After uploading the SSH pub key in the web UI, how does the
sss_ssh_authorizedkeys command work ? I'm not able to get the SSH key
Actually no! Not that specific part. Let me give it a try and get back to you.
Thanks much.
Regards.
--Prashant
On 27/5/19, 5:18 pm, "Alexander Bokovoy" wrote:
On ma, 27 touko 2019, Prashant Bapat via FreeIPA-users wrote:
>Hi All,
>
>I’m to setup FreeIPA in my organization to
It’s not really doing anything more, except doing the status on all of the
units with one command. If units were to be added/removed, the command would
stay the same.
But I wouldn’t call this monitoring, it’s more like a health check, you get a
binary (good/bad). Monitoring would expect metrics
The output of ipactl looks very similar to systemctl status. Is it doing
much more than that? I'm already monitoring systemd failed units so I
wonder if it's running checking ipactl.
On Wed, Sep 19, 2018 at 1:33 PM Neal Harrington via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
>
On Sun, May 26, 2019 at 01:42:32PM +0100, lejeczek via FreeIPA-users wrote:
> On 23/05/2019 16:43, Sumit Bose via FreeIPA-users wrote:
> > On Thu, May 23, 2019 at 04:17:08PM +0100, lejeczek via FreeIPA-users wrote:
> >> On 23/05/2019 14:56, Rob Crittenden wrote:
> >>> lejeczek via FreeIPA-users wro
On Fri, May 24, 2019 at 10:30:15PM -, Khurrum Maqb via FreeIPA-users wrote:
> Strangely, it's correct. I also just did another ipa-client-install
> --request-cert and it joined correctly and placed the IPA cert in that
> location. Here is the krb5.conf file
>
> [root@gs6069-ld-i014 ~]# cat /
On ma, 27 touko 2019, Prashant Bapat via FreeIPA-users wrote:
Hi All,
I’m to setup FreeIPA in my organization to be the central directory for
users/group/SSH keys and maybe sudo rules. All the users and groups are
already present in Windows Active Directory.
So far I’ve tried setting up AD Trus
11 matches
Mail list logo