Hi
Is there any information on how to implement IPA with yubikey duo? I had a
look and it seems straightforward enough to implement duo and ssh
https://duo.com/docs/duounix but it would be nice to be able to manage it
through ipa.
Regards
Per
Sent from my Commodore
Hi We have just migrated from LDAP to FreeIPA with no problems, the only
expected problems is the differences between UID and GID, I think I have solved
most of it by running chown --from=user:group user:group * -R since we are
using the same user and group names, so we only need to re-apply
art -Scott From: Per
Qvindesland via FreeIPA-users Sent: Wednesday,
December 22, 2021 7:22 AM To: FreeIPA users list Cc:
Per Qvindesland Subject: [Freeipa-users] SSL error after upgrade Hi All
After an update to 4.9.6-10, I am unable to view any of the certificates that the IPA server has
sig
Hi AllAfter an update to 4.9.6-10, I am unable to view any of the certificates that the IPA server has signed, I get error: An error has occurred (IPA Error 4301: CertificateOperationError) when I click on Authnticaiton -> Certificates, if I click on "Certificate Autorities" then I get popup
>>
>> On 1 Nov 2021, at 13:08, Alexander Bokovoy
>> wrote:On ma, 01 marras 2021, Per Qvindesland via FreeIPA-users
>> wrote:
https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/enabling-dns.html
but I am wondering it's a smart thing to do or should I just setup a bind DNS server
instead?RegardsPerOn 1 Nov 2021, at 13:08, Alexander Bokovoy
wrote:On ma, 01 marras 2021, Per Qvindesland via
FreeIPA-users
HiI am busy setting up Samba with Freeipa authentication, I have been following https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA and tired it on both Centos 7 and Ubuntu 20.04 but both is failing the authentication with:root@no-oslh-smb2:/home/luser# smbclient -K -L
Hi Kathy
Has anything happen to your dns? It’s reporting “ Cannot contact any KDC for
requested realm”
Which makes me think it’s either a dns or network related issue.
Regards
Per
Sent from my Commodore 64
> 22. sep. 2021 kl. 03:17 skrev Kathy Zhu via FreeIPA-users
> :
>
> Cannot
Hi There is one thing that i have never really understood, when a user goes to https://ipaserver.com/ipa/ui/ he/she get's
a Apache login prompt and has to click cancel a coulple of times before getting to the Ipa login screen.It seems to be
caused by /etc/httpd/conf.d/ipa.conf which has the
is in the DNS for sub2.example.com
I am pretty sure that i am not understanding something or missing a step but
what am I missing?
Regards
Per
On 9 September 2021 at 19:49, Rob Crittenden wrote:
Per Qvindesland via FreeIPA-users wrote:
Hi
I am using the IPA server as the CA for our
Hi
I am using the IPA server as the CA for our Apache SSL's, but I am wondering if
it's possible to have a second SSL that's not the same as the hostname,
meaning I have already sub1.mydomain.com but I would like to add also
sub2.mydomain.com for another site, is this possible?
I have
Is selinux enabled?
Sent from my Commodore 64
> 13. aug. 2021 kl. 13:29 skrev MERCIER Jonathan via FreeIPA-users
> :
>
> Dear,
>
> On Rocky Linux 8.4 I fail to install ipa server,
> firstly I encounter the issue describe here:
>
Hi
I would like to use Freeipa to sign SSL's for https use (if possible) but I am
wondering where is the CA certs located so I can distribute it via a package
rpm/deb?
Regards
Per
___
FreeIPA-users mailing list --
Hi
While running the command: echo password123 | ipa migrate-ds --with-compat
ldap://ipofldap:389 --bind-dn="cn=admin,dc=company,dc=com"
--base-dn=dc=company,dc=com --user-container=ou=people --group-container=ou=groups
--scope=subtree then it's failing with ipa:
ERROR: group LDAP search
HI
Is it possible to run ipa-client-install when the host only listens to ldaps
(636)?
We have a policy that all traffic must be sent encrypted hence using ldap (389)
is not possible.
Regards
Per
___
FreeIPA-users mailing list --
via FreeIPA-users
> wrote:
>
> Per Qvindesland via FreeIPA-users wrote:
>> Hi
>>
>> I have a centos 7 with ipa server 4.7.1-11 installed.
>>
>> When I run ipa-replica-install --setup-ca it seems to be synchronising with
>> the ipa server but f
Hi
I have a centos 7 with ipa server 4.7.1-11 installed.
When I run ipa-replica-install --setup-ca it seems to be synchronising with the
ipa server but failing the ca setup part
Has anyone seen this error before?
Regards
Per
Installation failed: server failed to restart
rote:
>
> On pe, 11 touko 2018, Per Qvindesland via FreeIPA-users wrote:
>> Hi All
>>
>> We’re getting the following entries in the error logs
>>
>> [10/May/2018:15:37:18.628665013 +0100] - ERR - ipapwd_encrypt_encode_key -
>> [file encoding.c, line 143]
Hi All
We’re getting the following entries in the error logs
[10/May/2018:15:37:18.628665013 +0100] - ERR - ipapwd_encrypt_encode_key -
[file encoding.c, line 143]: no krbPrincipalName present in this entry
[10/May/2018:15:37:18.630473873 +0100] - ERR - ipapwd_gen_hashes - [file
encoding.c,
via FreeIPA-users
>> <freeipa-users@lists.fedorahosted.org
>> <mailto:freeipa-users@lists.fedorahosted.org>> wrote:
>>
>> Per Qvindesland via FreeIPA-users wrote:
>>> HI
>>>
>>> So what can I do?
>>
>> Flo is right
update, I haven’t checked for maybe 2 weeks
Regards
Per
Sent from my Commodore 64
> On 16 Mar 2018, at 17:16, Florence Blanc-Renaud <f...@redhat.com> wrote:
>
>> On 03/16/2018 01:07 PM, Per Qvindesland via FreeIPA-users wrote:
>> HI
>> So what can I do?
> Hi,
HI
So what can I do?
Regards
Per
> On 16 Mar 2018, at 09:43, Florence Blanc-Renaud <f...@redhat.com> wrote:
>
> On 03/16/2018 09:46 AM, Per Qvindesland via FreeIPA-users wrote:
>> Hi
>> Ok so how would I go about creating it?
>> Regards
>> Per
> Hi
Hi
Ok so how would I go about creating it?
Regards
Per
> On 15 Mar 2018, at 22:06, Rob Crittenden <rcrit...@redhat.com> wrote:
>
> Per Qvindesland via FreeIPA-users wrote:
>> Hi Florence
>>
>> ipa user-show perq —all gives:
>> objectclass: top, pers
5/2018 02:35 PM, Per Qvindesland via FreeIPA-users wrote:
>> Hi Florence
>> I did that added ipa user-mod perq --addattr objectclass=eduPerson which
>> went fine then ipa user-mod perq --addattr "edupersontargetedid=value” but
>> it still gives me the erro
not much to go on, the same error: ERR -
oc_check_allowed_sv - Entry
"uid=perq,cn=users,cn=accounts,dc=domain,dc=ac,dc=uk" -- attribute
"edupersontargetedid" not allowed but nothing else.
Regards
Per
> On 03/15/2018 12:16 PM, Per Qvindesland via FreeIPA-users wrote:
>
:31, Florence Blanc-Renaud via FreeIPA-users
> <freeipa-users@lists.fedorahosted.org> wrote:
>
> On 03/15/2018 10:40 AM, Per Qvindesland via FreeIPA-users wrote:
>> Hi List
>> We are currently busy implementing freeipa with a saml idP but we noticed
>
is that expected?
Does anyone know if that article is outdated?
Regards
Per
> On 15 Mar 2018, at 09:40, Per Qvindesland via FreeIPA-users
> <freeipa-users@lists.fedorahosted.org> wrote:
>
> Hi List
>
> We are currently busy implementing freeipa with a saml idP but we notice
Hi List
We are currently busy implementing freeipa with a saml idP but we noticed that
we are missing the following attributes: edupersontargetedid,
edupersonaffiliation, displayname, and mail.
How can we add these attributes into the freeipa server?
Regards
Per
=accounts,dc=example,dc=com?uid?sub?(memberOf=cn=shareusers,cn=groups,cn=accounts,dc=example,dc=com)
> # first one is NOT authoritative
> AuthLDAPBindAuthoritative off
> AuthLDAPInitialBindAsUser On
> AuthLDAPSearchAsUser On
> AuthLDAPCompareAsUs
Hi All
I installed a custom signed certificate from quovadis, the install on the ipa
server wen’t fine but when I try to add a client (centos 6) it gives error:
LDAP Error: Connect error: TLS error -8172:Peer's certificate issuer has been
marked as not trusted by the user.
The standard google
Hi All
Is it possible to a schedule for when a user account is disabled/deleted? the
reason why I am asking is that we would like to be able to set an account to be
disabled or deleted when the user leaves the company, for the moment it can
take time until a sys admin disables or deletes the
31 matches
Mail list logo