[Freeipa-users] Re: How to make ipa root certificate available system wide

On Wed, Oct 09, 2019 at 08:58:14PM -0500, Kevin Vasko wrote: > Seems to happen on both Ubuntu 16.04 and 18.04. > > $ lsb_release -a > No LSB modules are available. > Distributor ID: Ubuntu > Description:Ubuntu 16.04.6 LTS > Release:16.04 > Codename: xenial > > $ firefox

[Freeipa-users] Re: How to make ipa root certificate available system wide

Seems to happen on both Ubuntu 16.04 and 18.04. $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 16.04.6 LTS Release:16.04 Codename: xenial $ firefox --version Mozilla Firefox 67.0.4 freeipa-client/xenial,now 4.3.1-0ubuntu1 amd64

[Freeipa-users] Re: How to make ipa root certificate available system wide

On Wed, Oct 09, 2019 at 06:28:11PM -0500, Kevin Vasko via FreeIPA-users wrote: > Hello, > > I’m wanting to make our https servers use a trusted certificate within our > LAN only. So for example if I have websrv1.ny.example.com when a user uses a > machine that’s enrolled into our realm and they

[Freeipa-users] How to make ipa root certificate available system wide

Hello, I’m wanting to make our https servers use a trusted certificate within our LAN only. So for example if I have websrv1.ny.example.com when a user uses a machine that’s enrolled into our realm and they visit https://websrv1.ny.example.com they shouldn’t be prompted to accept the self

[Freeipa-users] Re: Categories vs Groups

That makes sense. Thank you! On Wed, Oct 9, 2019 at 1:02 PM Rob Crittenden wrote: > Russell Jones via FreeIPA-users wrote: > > Hi all, > > > > I am in the beginning stages of researching moving from NIS to FreeIPA. > > I am running through the workshop on the FreeIPA github, and am having > >

[Freeipa-users] Re: Categories vs Groups

Russell Jones via FreeIPA-users wrote: > Hi all, > > I am in the beginning stages of researching moving from NIS to FreeIPA. > I am running through the workshop on the FreeIPA github, and am having > difficulty understanding the difference between categories and groups. > > For example, I have

[Freeipa-users] Categories vs Groups

Hi all, I am in the beginning stages of researching moving from NIS to FreeIPA. I am running through the workshop on the FreeIPA github, and am having difficulty understanding the difference between categories and groups. For example, I have one HBAC rule that came pre-defined on my FreeIPA

[Freeipa-users] Re: How to change the timeout of 60 seconds on the login with AD users

On Thu, Oct 03, 2019 at 10:48:40AM +, SOLER SANGUESA Miguel via FreeIPA-users wrote: > Hello, > > After a primary DNS server problem, I have realized that the IDM client has a > timeout of 60 s for the log in. > As the primary DNS was not working, server used the secondary DNS and it >

[Freeipa-users] Re: /var/lib/sss/pubconf/known_hosts empty

Hello, On 9 Oct 2019, at 05:59, Jakub Hrozek via FreeIPA-users mailto:freeipa-users@lists.fedorahosted.org>> wrote: On Wed, Oct 09, 2019 at 12:25:33AM +, Vinícius Ferrão via FreeIPA-users wrote: Hello, The /var/lib/sss/pubconf/known_hosts file is empty on a new installed FreeIPA server.

[Freeipa-users] Re: Ipa user can't login via ssh

Kevin Vasko via FreeIPA-users wrote: > Have you made sure your “elham” user has the correct permissions to access > the machines? Take a look in the UI at the groups/permissions that user elham > has. Take a look at your HBAC rules as well. That would be my first > recommendation to check if it

[Freeipa-users] Re: Ipa user can't login via ssh

Have you made sure your “elham” user has the correct permissions to access the machines? Take a look in the UI at the groups/permissions that user elham has. Take a look at your HBAC rules as well. That would be my first recommendation to check if it was me. -Kevin > On Oct 9, 2019, at 7:23

[Freeipa-users] Re: Ipa user can't login via ssh

I checked it but i couldnt solve it On Wed, 9 Oct 2019, 12:30 Jakub Hrozek via FreeIPA-users, < freeipa-users@lists.fedorahosted.org> wrote: > On Wed, Oct 09, 2019 at 08:45:16AM -, Elhamsadat Azarian via > FreeIPA-users wrote: > > ### Request for enhancement > > as a Linux admin i want to

[Freeipa-users] Re: Ipa user can't login via ssh

On Wed, Oct 09, 2019 at 08:45:16AM -, Elhamsadat Azarian via FreeIPA-users wrote: > ### Request for enhancement > as a Linux admin i want to login into my ipa client with a user that is > defined in ipa-server UI. > > ### Issue > I installed Ipa-server and an Ipa-client on CentOS7.6 > I

[Freeipa-users] Re: /var/lib/sss/pubconf/known_hosts empty

On Wed, Oct 09, 2019 at 12:25:33AM +, Vinícius Ferrão via FreeIPA-users wrote: > Hello, > > The /var/lib/sss/pubconf/known_hosts file is empty on a new installed FreeIPA > server. I’ve already joined a machine to the domain but the file is still > empty. > > I can’t get it populated,

[Freeipa-users] Ipa user can't login via ssh

### Request for enhancement as a Linux admin i want to login into my ipa client with a user that is defined in ipa-server UI. ### Issue I installed Ipa-server and an Ipa-client on CentOS7.6 I defined Internal DNS on ipa-server and i defined A and PTR records for client on ipa-server. now i can