sday, March 6, 2018 1:02 PM, Rob Crittenden via FreeIPA-users
> wrote:
>
>
> Andrew Meyer via FreeIPA-users wrote:
>> After getting the feedback previously from the mailing list (thank you
>> for all your help) I have deployed a CentOS 7 image in AWS. I was able
>&
6, 2018 1:02 PM, Rob Crittenden via FreeIPA-users
wrote:
Andrew Meyer via FreeIPA-users wrote:
> After getting the feedback previously from the mailing list (thank you
> for all your help) I have deployed a CentOS 7 image in AWS. I was able
> to add teh client machine to the FreeI
I think I figured out my problem. I think its the Amazon Linux replica.
named-pkcs11 keeps dying which is causing my issues.
On Monday, March 5, 2018 3:40 PM, Andrew Meyer via FreeIPA-users
wrote:
After getting the feedback previously from the mailing list (thank you for all
your
After getting the feedback previously from the mailing list (thank you for all
your help) I have deployed a CentOS 7 image in AWS. I was able to add teh
client machine to the FreeIPA domain. The CentOS 7 instance is a t2.medium
which is a 2 proc by 4GB RAM. But when I go to promote it I get t
2018, Andrew Meyer via FreeIPA-users wrote:
>When reading about monitoring replication I see that I can get this
>setup using --setup-snmp, however on CentOS 7.x (latest) I don't have
>that option. Is it not in 4.5.0?
Can you point to your sources? It is quite hard to understand what a
When reading about monitoring replication I see that I can get this setup using
--setup-snmp, however on CentOS 7.x (latest) I don't have that option. Is it
not in 4.5.0?___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscr
; NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy Metalink
> [ec2-user@freeipa01 ~]$
It is linked against OpenSSL which won't work with IPA 4.5.x.
You'll need to use a different distro.
rob
>
>
> On Friday, March 2, 2018 3:07 PM, Rob Crittenden via FreeIPA-users
> wr
tftpFeatures: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB
SSL libz HTTP2 UnixSockets HTTPS-proxy Metalink[ec2-user@freeipa01 ~]$
On Friday, March 2, 2018 3:07 PM, Rob Crittenden via FreeIPA-users
wrote:
Andrew Meyer via FreeIPA-users wrote:
> Unfortunatel
Unfortunately I don't know if its linked with OpenSSL or NSS. How would I
tell? Is it a symlink?
On Friday, March 2, 2018 1:32 PM, Rob Crittenden via FreeIPA-users
wrote:
Andrew Meyer via FreeIPA-users wrote:
> Its Amazon Linux 2.
You didn't fully answer the quest
er@freeipa01 ~]$
What distro are you running? Is curl linked with NSS or OpenSSL?
rob
>
>
> On Thursday, March 1, 2018 3:29 PM, Rob Crittenden via FreeIPA-users
> wrote:
>
>
> Andrew Meyer via FreeIPA-users wrote:
>> While building a new freeipa server in AWS
pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre
post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
track: yes auto-renew: yes[ec2-user@freeipa01 ~]$
On Thursday, March 1, 2018 3:29 PM, Rob Crittenden via FreeIPA-users
wrote:
Andrew
While building a new freeipa server in AWS I got this
error:2018-03-01T18:15:49Z DEBUG The ipa-server-install command failed,
exception: RuntimeError: Certificate issuance failed
(CA_UNREACHABLE)2018-03-01T18:15:49Z ERROR Certificate issuance failed
(CA_UNREACHABLE)2018-03-01T18:15:49Z ERROR Th
While build a new server for my infrastructure in AWS I came across this error:
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
A while back when I created my FreeIPA servers I added locations to them. I
then added 1 more server and removed it for testing purposes. However now when
I go into my main zone I am seeing the following errors:
Some operations failed.Hide details
- _kerberos-master._tcp.AWS-us-east-1._lo
Is there a way to specify a policy for 1 zone to be on 1 server or on a set of
servers in 1 location?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Sorry,I am running the ipa-client-install script and its not auto finding the
FreeIPA server.
On Tuesday, February 20, 2018 1:00 PM, Rob Crittenden via FreeIPA-users
wrote:
Andrew Meyer via FreeIPA-users wrote:
> So I rebuilt a server tonight and gave it a new hostname but i'm
So I rebuilt a server tonight and gave it a new hostname but i'm getting the
following error when trying to add the new one.
Skip ipa.domain.local: cannot verify if this is an IPA server
Provide your IPA server name (ex: ipa.example.com): ipa.domain.local
Skip ipa.domain.local: cannot verify if
While getting my company setup to use FreeIPA and migrate from the old BIND DNS
I have setup a forward zone on our nameservers to point exmaple.net to my
FreeIPA servers.
When I try to do a query from the main DNS resolvers I get the following:client
10.1.0.66#61548: view internal: query: infr
Thank you, that will help. I don't want to have to go down that road but it's
looking more and more like I will have to.
On Tuesday, February 13, 2018 8:34 AM, Alexander Bokovoy via FreeIPA-users
wrote:
On ti, 13 helmi 2018, Andrew Meyer via FreeIPA-users wrote:
>Fis
perfectly fine, especially if you already have another instrument for
dns managing.
I haven't experienced any problems from such setup so far.
2018-02-13 17:10 GMT+03:00 Andrew Meyer via FreeIPA-users
:
Fish the entries? Can you elaborate on that a bit more?
Since FreeIPA auto-builds txt reco
add the DNS entries that FreeIPA adds to its domain
to your DNS server.
What I did was install FreeIPA in a test environment and fish the entries from
there.
On Tue, Feb 13, 2018 at 4:37 AM, Andrew Meyer via FreeIPA-users
wrote:
I know I have sent in multiple emails, but we are trying to deploy
I know I have sent in multiple emails, but we are trying to deploy FreeIPA
correctly. However I am getting asked to find out some other details.
Can FreeIPA survive w/o DNS? We would like to implement FreeIPA and still be
able to use the SSH, sudo, selinux, LDAP & krb5.
We are moving to AWS
Is it possible to have DNS forward zones only exist on servers in a specific
location?___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
If I don't have global resolver FreeIPA will fallback to using what is in
/etc/resolv.conf, correct?___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
0
> 2018-02-08T20:32:54Z DEBUG waiting for port: 8443
> 2018-02-08T20:32:54Z DEBUG Failed to connect to port 8443 tcp on 127.0.0.1
> 2018-02-08T20:32:57Z DEBUG SUCCESS: port: 8443
> 2018-02-08T20:32:57Z DEBUG Waiting until the CA is running
> 2018-02-08T20:32:57Z DEBUG request POST
&
:32:57Z
DEBUG request body ''
On Thursday, February 8, 2018 11:29 AM, Andrew Meyer via FreeIPA-users
wrote:
That's what I thought. Thank you for confirming that!
On Thursday, February 8, 2018 11:26 AM, Rob Crittenden via FreeIPA-users
wrote:
Andrew Meyer vi
That's what I thought. Thank you for confirming that!
On Thursday, February 8, 2018 11:26 AM, Rob Crittenden via FreeIPA-users
wrote:
Andrew Meyer via FreeIPA-users wrote:
> Ok, I got further this time. Now I am getting this error:
>
> [2/27]: setting up initi
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for
more information
On Thursday, February 8, 2018 8:01 AM, Andrew Meyer via FreeIPA-users
wrote:
Thank you, I also did some digging and found that there is a
eIPA-users wrote:
On 02/07/2018 10:53 PM, Andrew Meyer via FreeIPA-users wrote:
> I just got FreeIPA added as a client and then I tried to promote it as a
> replica. I got the following error:
>
> Done configuring kadmin.
> Configuring directory server (dirsrv)
> [1/3]: con
We are trying to deploy FreeIPA in our environment, this will be a mix of local
servers and server to manage auth in EC2. We have a vpn tunnel setup and are
able to communicate across it. Ina Amazon Linux 2 instance I was able to get
FreeIPA installed as a client and am now trying to promote i
I just got FreeIPA added as a client and then I tried to promote it as a
replica. I got the following error:
Done configuring kadmin.
Configuring directory server (dirsrv)
[1/3]: configuring TLS for DS instance
[error] RuntimeError: Certificate issuance failed (CA_REJECTED)
Your system may be pa
Please ignore. This is an issue w/ my proxy.
On Tuesday, January 30, 2018 10:01 AM, Andrew Meyer via FreeIPA-users
wrote:
I was just checking the web admin on my secondary node (still in testing
phase) but it won't resolve at all. I'm not sure why.
These are the only err
I was just checking the web admin on my secondary node (still in testing phase)
but it won't resolve at all. I'm not sure why.
These are the only errors I have from the Apache logs:
[Tue Jan 30 09:49:54.429727 2018] [mpm_prefork:notice] [pid 3637] AH00170:
caught SIGWINCH, shutting down gra
tenden via FreeIPA-users
wrote:
Andrew Meyer via FreeIPA-users wrote:
> Agreed. I would love to run this on a raspberry pi or better.
But why?
Is it because the hardware is so cheap? Is it better/easier/cheaper than
running it in a VM on an existing box? Is it merely for the "fun"
Agreed. I would love to run this on a raspberry pi or better.
Get Yahoo Mail for Mobile
On Mon, Jan 22, 2018 at 14:25, Alex Corcoles via
FreeIPA-users wrote:
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe
My company is looking to migrate a lot of our stuff to amazon and shut down
what we have in the data-centers. However there was no plan to migrate the
ldap system we have. I have since suggested that we look into FreeIPA. This
is well liked but my boss wants to use Route53 for split horizon
Jens,I'm not familiar w/ Python. How do I pass the url, user and realm to it?
Do I do something like this - './freeipaclient.py url=myurl user=username' ?
Thank you!
On Thursday, December 21, 2017 2:40 PM, Andrew Meyer via FreeIPA-users
wrote:
Does this script prom
Does this script prompt you to enter the data needed or do I need to hard code
it?
On Thursday, December 21, 2017 10:50 AM, Andrew Meyer via FreeIPA-users
wrote:
Thank you
On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users
wrote:
Hi Andrew,
On 20/12
Thank you
On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users
wrote:
Hi Andrew,
On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote:
> Does anyone have any examples or could share what they have written?
>
> I am trying to write a script and not
Does anyone have any examples or could share what they have written?
I am trying to write a script and not sure what components I need. ___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-l
d
session required pam_unix.so
session optional pam_sss.so
That may help.
Mike Plemmons | Senior DevOps Engineer | CrossChx
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com
On Wed, Dec 6, 2017 at 3:13 PM, Andrew Meyer via FreeIPA-users
wrote:
Hello,
>I am tryin
Senior DevOps Engineer | CrossChx
614.427.2411
mike.plemm...@crosschx.com
www.crosschx.com
On Wed, Dec 6, 2017 at 3:13 PM, Andrew Meyer via FreeIPA-users
wrote:
Hello,
>I am trying to configure my openvpn setup to authenticate against FreeIPA. I
>have OpenVPN configured and is accepti
Hello,
I am trying to configure my openvpn setup to authenticate against FreeIPA. I
have OpenVPN configured and is accepting connections. The package for
ldap_auth is installed and configured. However I have tried to setup anonymous
ldap lookups and authenticated ldap lookups and neither seem
nevermind. populated the other zones with SRV records pointing back to both
IPA servers.
On Monday, December 4, 2017 12:38 PM, Andrew Meyer via FreeIPA-users
wrote:
When I add a new server to FreeIPA, and it fails to add DNS, is there a way to
go back and rerun a script to add all
When I add a new server to FreeIPA, and it fails to add DNS, is there a way to
go back and rerun a script to add all the records needed?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-
On Friday, November 10, 2017 8:33 AM, Andrew Meyer via FreeIPA-users
wrote:
I will check this out and get back to you. thank you.
On Friday, November 10, 2017 8:04 AM, Aaron Cole via FreeIPA-users
wrote:
In IPA the Cmnd_Alias is more like the sudo command group.
Basically you
Excellent, Thank you for the help.
On Tuesday, November 21, 2017 3:01 PM, Rob Crittenden via FreeIPA-users
wrote:
Andrew Meyer via FreeIPA-users wrote:
> Ok now I am trying to add puppet to my FreeIPA environment. Following
> the instructions
> from: https://www.freeipa.org/p
Ok now I am trying to add puppet to my FreeIPA environment. Following the
instructions from:
https://www.freeipa.org/page/Howto/Using_FreeIPA_CA_for_Puppet
I am getting the following error:
[root@asm-automation01 ~]# ipa service-add
puppetmaster/asm-automation01.mgt.asm.borg.localipa: ERROR: H
f my steps.
Thank you,
On Monday, November 20, 2017 5:54 PM, Andrew Meyer via FreeIPA-users
wrote:
My apologies. asm-dns01.meyer.local is my FreeIPA master.
On Monday, November 20, 2017 5:46 PM, Rob Crittenden via FreeIPA-users
wrote:
Andrew Meyer wrote:
> my host
> What host is your IPA server? You used asm-dns01.meyer.local for the
> LDAP test and asm-rancid02.mgt.asm.borg.local for ipa-getkeytab.
>
> rob
>
>>
>>
>>
>> On Monday, November 20, 2017 4:42 PM, Rob Crittenden
>> mailto:rcrit...@redhat.
mgt.asm.borg.local for ipa-getkeytab.
rob
>
>
>
> On Monday, November 20, 2017 4:42 PM, Rob Crittenden
> wrote:
>
>
> Robbie Harwood via FreeIPA-users wrote:
>
>> Andrew Meyer via FreeIPA-users <mailto:freeipa-users@lists.fedorahosted.org>>
>>
mgt.asm.borg.local -k
/etc/krb5.keytabUnable to initialize STARTTLS sessionFailed to bind to
server!Retrying with pre-4.0 keytab retrieval method...Unable to initialize
STARTTLS sessionFailed to bind to server!Failed to get
keytab[andrew.meyer@asm-rancid02 ~]$
On Monday, November 20, 2017
ber 20, 2017 4:42 PM, Rob Crittenden
wrote:
Robbie Harwood via FreeIPA-users wrote:
> Andrew Meyer via FreeIPA-users
> writes:
>
>> [root@asm-rancid02 keytabs]# ipa-getkeytab -s
>> asm-rancid02.mgt.asm.borg.local. -p radius/asm-rancid02.mgt.asm.borg.local
>> -k /e
Not connecting to the FreeIPA server?
On Monday, November 20, 2017 4:36 PM, Robbie Harwood via FreeIPA-users
wrote:
Andrew Meyer via FreeIPA-users
writes:
> [root@asm-rancid02 keytabs]# ipa-getkeytab -s
> asm-rancid02.mgt.asm.borg.local. -p radius/asm-rancid02.mgt.asm.borg
So i'm trying to add FreeRADIUS as a service to my IPA setup. I"ve added the
service using --force and i'm trying to get the keytab for it but getting the
following error:
[root@asm-rancid02 keytabs]# ipa-getkeytab -s asm-rancid02.mgt.asm.borg.local.
-p radius/asm-rancid02.mgt.asm.borg.local -k
I guess I could fix this by putting a host entry in the /etc/hosts file?
On Wednesday, November 15, 2017 11:11 PM, Rob Crittenden via FreeIPA-users
wrote:
Andrew Meyer via FreeIPA-users wrote:
> When I try to add puppet i am getting the following error:
>
> [andrew.
When I try to add puppet i am getting the following error:
[andrew.meyer@asm-automation01 ~]$ ipa service-add
puppetmaster/asm-automation01.mgt.asm.borg.localipa: ERROR: Host
'asm-automation01.mgt.asm.borg.local' does not have corresponding DNS A/
record[andrew.meyer@asm-automation01 ~]$
I j
...@crosschx.com
www.crosschx.com
On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users
wrote:
So I was wondering if anyone has FreeIPA setup to do authentication with
wireless. We have an ArubaNetworks platform setup to do EAP-PEAP only
communicating back to the current OpenLDAP
After all the emails (thank you for your help) I have most of my Mac OS X
clients authenticating to FreeIPA over wireless. Clients running on a 2014 or
newer 10.12.5 and up won't work. I suspect this has to do with the TLS
version.
Tell me if I'm approaching this the right way.
I am trying t
to
work. We do not have SSL certs on our machine.
Mike Plemmons | Senior DevOps Engineer | CrossChx
614.427.2411mike.plemm...@crosschx.com
www.crosschx.com
On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users
wrote:
So I was wondering if anyone has FreeIPA setup to do
.
Mike Plemmons | Senior DevOps Engineer | CrossChx
614.427.2411mike.plemm...@crosschx.com
www.crosschx.com
On Fri, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users
wrote:
So I was wondering if anyone has FreeIPA setup to do authentication with
wireless. We have an ArubaNetworks platform
, Nov 10, 2017 at 11:07 AM, Andrew Meyer via FreeIPA-users
wrote:
So I was wondering if anyone has FreeIPA setup to do authentication with
wireless. We have an ArubaNetworks platform setup to do EAP-PEAP only
communicating back to the current OpenLDAP system, but would like to migrate to
Also,Is FreeIPA using TLS 1.2?
On Monday, November 13, 2017 1:46 PM, Andrew Meyer via FreeIPA-users
wrote:
Is anyone doing authentication with wireless using FreeIPA? IF so are you
using RADIUS? What wireless equipment are you using? Has anyone auth'ed
straight to LDAP?
Is anyone doing authentication with wireless using FreeIPA? IF so are you
using RADIUS? What wireless equipment are you using? Has anyone auth'ed
straight to LDAP? I am trying to set this up with Aruba Networks using MacBook
Pro running MacOS X 10.11, 10.12, and 10.13 and having minimal succ
I have not done that yet. I will do that though.
On Friday, November 10, 2017 1:54 PM, Aaron Cole via FreeIPA-users
wrote:
did you try to setup a new rule with run the user group allowed to run on
defined hosts, all commands, as those particular users, and then use sudo -u
{user} -i?
So I was wondering if anyone has FreeIPA setup to do authentication with
wireless. We have an ArubaNetworks platform setup to do EAP-PEAP only
communicating back to the current OpenLDAP system, but would like to migrate to
FreeIPA.
I was able to set this up using Meraki MR18s but I have to us
I will check this out and get back to you. thank you.
On Friday, November 10, 2017 8:04 AM, Aaron Cole via FreeIPA-users
wrote:
In IPA the Cmnd_Alias is more like the sudo command group.
Basically you have 2 options on how you want to input sudo commands for rules.
1. input each com
Yes, This is exactly what I did. However something is weird and the policy is
not being activated...maybe its a priority thing?
On Friday, November 10, 2017 7:17 AM, Aaron Cole via FreeIPA-users
wrote:
Did you try the command as defined in the sudo rule? sudo /usr/bin/su - jira
Also
ways and the requirements change a lot, then having the whole
thing in IPA would certainly be a win.
On Nov 9, 2017, at 8:48 AM, Andrew Meyer via FreeIPA-users
wrote:
Ok so I did that and the rules are coming down just like I thought:
[user1@jira02 ~]$ sudo -lMatching Defaults entries for
t.
This is all new territory for me. If you have any ideas, thank you in
advance.
On Thursday, November 9, 2017 1:47 AM, Jakub Hrozek via FreeIPA-users
wrote:
On Thu, Nov 09, 2017 at 02:07:03AM +, Andrew Meyer via FreeIPA-users wrote:
> Hello, I am trying to setup a few of my
1:43 AM, Jakub Hrozek via FreeIPA-users
wrote:
On Wed, Nov 08, 2017 at 03:52:57PM +, Andrew Meyer via FreeIPA-users wrote:
> Let's say I have a user that starts today and I forgot to add their
> username to FreeIPA. I add their username and they need to start working
> fair
Hello, I am trying to setup a few of my users to have the ability to su - jira
or another user using FreeIPA.
Here is what happens when I am logged in as the user and try to su - jira
[user1@jira02 ~]$ sudo su - process[sudo] password for user1:Sorry, user user1
is not allowed to execute '/bin/su
OK now I need help w/ another aspect of sudo. I need to setup a rule so taht
certain users in a group can su - someuser, or sudo su - someuser.
I'm having difficulty researching this. Can anyone shed light on this?
On Wednesday, November 8, 2017 2:57 PM, Andrew Meyer via FreeIPA-
...@nhkusa.com
Office #: 248 308 5624
- Original Message -
From: "Andrew Meyer via FreeIPA-users"
To: "Andrew Meyer" , "FreeIPA users list"
, "FreeIPA users list"
Cc: "Rob Crittenden" , "Andrew Meyer"
Sent: Wednesday, Nove
Nm. I fixed it.
On Wednesday, November 8, 2017 2:28 PM, Andrew Meyer via FreeIPA-users
wrote:
so looking at the logs it find a rule:
(Wed Nov 8 14:23:29 2017) [sssd[sudo]] [sudosrv_cached_rules_by_user]
(0x0400): Replacing sudoUser attribute with sudoUser: #115463(Wed Nov 8
14
sers
wrote:
Andrew Meyer via FreeIPA-users wrote:
> Hello, i'm having some trouble getting sudoers to work.
>
> I have 5 machines joined to the FreeIPA domain and I have a user group
> called ops and ops_sudoers. Both have permission to full sudo.
>
>
> [andrew
Hello, i'm having some trouble getting sudoers to work.
I have 5 machines joined to the FreeIPA domain and I have a user group called
ops and ops_sudoers. Both have permission to full sudo.
[andrew.meyer@jira02 ~]$ ipa sudorule-find ALL---1 Sudo Rule
matched-
Let's say I have a user that starts today and I forgot to add their username to
FreeIPA. I add their username and they need to start working fairly quickly.
I know that I can clear the sudo cache on each server with sss_cache -E but is
there a way to do this w/ ldap/kerberos queries to have it
i'm going to be adding a new machine next week. I'll get screenshots/text
output for you.
On Friday, November 3, 2017 1:54 PM, Rob Crittenden via FreeIPA-users
wrote:
Andrew Meyer via FreeIPA-users wrote:
> If I have a server that is in a subdomain of my tld for
If I have a server that is in a subdomain of my tld for FreeIPA and I want it
to get added into that specific zone during the client install process, the
installer errors out and says that it will only recognize 1 FreeIPA server and
failover to the other will not be possible. Is there some way
What would the equivalent of Cmnd_Alias DEVS? Is that somewhere in the
documentation? I was also trying to find something to convert my sudoers to
what it would be in IPA commands.
On Thursday, November 2, 2017 4:02 PM, Rob Crittenden via FreeIPA-users
wrote:
Andrew Meyer via
In preparation for a migration I am trying to setup sudoers within freeipa. I
have about a dozen people that will need to sudo to another user and run
commands. However I want to add all the commands for that user into my rule.
would this be best practice to add ALL the commands into 1 rule? o
Please disregard.
On Thursday, November 2, 2017 2:26 PM, Andrew Meyer via FreeIPA-users
wrote:
When installing FreeIPA (latest) on CentOS 7. If I want to take advantage of
IPA sudoers, I need that package correct? Should it not be installed when I
install freeipa server/client
When installing FreeIPA (latest) on CentOS 7. If I want to take advantage of
IPA sudoers, I need that package correct? Should it not be installed when I
install freeipa server/client?
Just wondering.___
FreeIPA-users mailing list -- freeipa-users@list
Thank you for the feedback.
On Wednesday, November 1, 2017 3:26 PM, Gordon Messmer via FreeIPA-users
wrote:
On 11/01/2017 09:46 AM, Robbie Harwood wrote:
None of that is particularly relevant unless you're specifically
supporting MSCHAPv2 authentication.
... which you shou
I am trying to research how to setup MySQL/MariaDB to authenticate against
FreeIPA/LDAP. I am running into some issues/confusion.
Do I need to add a new user account to tie mysql to?
I've been following this website:FreeIPA: Giving permissions to service
accounts. — Firstyear's blog-a-log
|
Disregard. Misconfiguration on my part.
On Tuesday, October 31, 2017 9:42 AM, Andrew Meyer via FreeIPA-users
wrote:
I am using the latest FreeIPA running on CentOS w/ Aruba wireless devices. I
want to setup 802.1X auth from the aruba to FreeIPA.
1) has anyone done that? 2) where
I am using the latest FreeIPA running on CentOS w/ Aruba wireless devices. I
want to setup 802.1X auth from the aruba to FreeIPA.
1) has anyone done that? 2) where would the logging attempts be located?
I can see the aruba making connectivity, but I think its also my keyword
filters in the aru
I am running into an issue deploying FreeIPA. I am converting from OpenLDAP.
However I have multiple sub-domain under my tld.
So let's say I own example.com
I have multiple zones under that where I have servers sitting. All of these
sub-domains are specific to VLANs as well.
mgt.$DC.example.co
I am running the latest version of FreeIPA on CentOS 7. I am testing adding
servers to the domain. I am using a tld for the FreeIPA domain, not that it
would matter. However when I join a server to the domain it is failing on
adding the DNS entries for the server.
I'm seeing the following i
cient
access: Invalid credentials[user@infra-test-ipa ~]$
On Monday, October 9, 2017, 4:10:21 PM CDT, Andrew Meyer via FreeIPA-users
wrote:
Gabriel,When I run the ipa -v migrate-ds I need to put in my OpenLDAP manager
password, correct? Not my FreeIPA admin credentials.
Thank you,
Gabriel,When I run the ipa -v migrate-ds I need to put in my OpenLDAP manager
password, correct? Not my FreeIPA admin credentials.
Thank you,
On Monday, October 9, 2017, 12:33:53 PM CDT, Andrew Meyer via FreeIPA-users
wrote:
Thank you! I will take this and change it suit my network
probably not necessary otherwise.
Gabriel
On 10/9/2017 9:24, Andrew Meyer via FreeIPA-users wrote:
I'm heading down that route as well. But I would like to have both options
available to the boss.
I'm not sure if my syntax is incorrect. That's where I need help.
built a new IPA configuration rather than try to
migrate. It's been far easier to move clients over by ripping the
OpenLDAP off and installing IPA-client than mucking with a conversion.
On 10/09/2017 11:50 AM, Andrew Meyer via FreeIPA-users wrote:
> Hello,
> I am planning to migrate fr
Hello,I am planning to migrate from a OpenLDAP installation to FreeIPA.
I have been following the directions and matching it to several blog posts
about this however I am coming up with errors.
[user@infra-test-ipa ~]$ ipa migrate-ds --user-container=users
--group-container=group --user-objectc
If I want to keep track of DNS changes in FreeIPA, is there a way to do this?___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
So I just installed foreman on my puppet and ansible instance and got it
working. After I installed it and got it working. I joined the server to the
my FreeIPA domain.
I now get the following error whenever I try to restart apache.
By the way this is CentOS 7 latest. Has any one else run in
Another question, how hard would it be to separate the this setup? FreeIPA on
one server and TACACS+ from shrubbery on another?
On Monday, June 12, 2017 3:34 PM, Andrew Meyer via FreeIPA-users
wrote:
Correct. So I would skip the adding of the pam module and just create a new
pam
Ok, well i'm going to start getting this setup soon.
On Monday, June 12, 2017 3:30 PM, Joshua D Doll via FreeIPA-users
wrote:
I don't think PAM is needed at all, but I could be wrong.
Joshua D Doll
On June 12, 2017 4:28:14 PM EDT, Andrew Meyer via FreeIPA-users
wrote:
Co
sounds like you are trying to setup a tacacs
server and using FreeIPA as your user store. In which case you'll want to look
at configuring the tacacs service to talk to FreeIPA's LDAP
Joshua D Doll
On June 12, 2017 12:12:53 PM EDT, Andrew Meyer via FreeIPA-users
wrote:
So this post is
101 - 200 of 204 matches
Mail list logo