hi all,
Nice tip, but no: not Vsphere although it might usefull later; so thanks
We need it for several self-build applications.
email handtekening privé Met vriendelijke groet,
Winfried de Heiden
w...@dds.nl
Op 10-04-2024 om 17:13 schreef Rob Crittenden:
Winfried de Heiden via FreeIPA
Hi all,
Following documentation as provided on:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/adding-custom-objclasses-groups#doc-wrapper
adding an extra objectClass (groupOfUniqueNames in this case) to
Hi all,
Using FreeIPA, 2FA can be made optional by enabling "Password" AND "Two
factor authentication (password + OTP)" for a user. For particular hosts
the 2FA now can be made mandatory by enabling "Two factor authentication
(password + OTP)"
Now, for hosts for which 2FA is NOT mandatory,
tenden <
rcrit...@redhat.com>
Onderwerp: [Freeipa-users] Re: getcert status: CA_REJECTED
Datum: Thu, 20 Aug 2020 07:58:18 -0400
Winfried de Heiden via FreeIPA-users wrote:
> Hi all,
> For some reason, I messed up with several certificates
> in FreeIPA,version: 4.8. One particular KRA c
Hi all,
For some reason, I messed up with several certificates in FreeIPA,
version: 4.8. One particular KRA cert seems problematic:
Request ID '20200820113800':status: CA_REJECTED ca-error:
Server at ":8080/ca/ee/ca/profileSubmit" replied: Missing
credential: sessionID stuck: yes
:44 schreef Winfried de Heiden via FreeIPA-users:
Hi all,
sssd 2.20 is being used.
I cannot figure out why the network might cause problems since the
"good clients" are running on the same network, switches etc.
I dived into it anyway, finding a rather large and increasing number
s and dive into that first. Nevertheless, this
hardly cannot be the cause since the issue only happens on the
IPA-server itself...
Winfried
Sumit Bose via FreeIPA-users schreef op 10-02-2020 10:46:
On Mon, Feb 10, 2020 at 09:54:04AM +0100, Winfried de Heiden via
FreeIPA-users wrote:
Hi all,
Yep, I d
vertheless, this hardly
cannot be the cause since the issue only happens on the IPA-server
itself...
Winfried
Sumit Bose via FreeIPA-users schreef op 10-02-2020 10:46:
On Mon, Feb 10, 2020 at 09:54:04AM +0100, Winfried de Heiden via
FreeIPA-users wrote:
Hi all,
Yep, I do use
FreeIPA-users:
On Sun, Feb 09, 2020 at 11:06:46PM +0200, Alexander Bokovoy via FreeIPA-users
wrote:
On su, 09 helmi 2020, Winfried de Heiden via FreeIPA-users wrote:
Hi all,
For some reason, for a particular user, sss_ssh_authorizedkeys is extremely
slow on the IPA-server:
time /usr/bin
?
Winfried
Op 09-02-2020 om 22:06 schreef Alexander Bokovoy:
On su, 09 helmi 2020, Winfried de Heiden via FreeIPA-users wrote:
Hi all,
For some reason, for a particular user, sss_ssh_authorizedkeys is
extremely slow on the IPA-server:
time /usr/bin/sss_ssh_authorizedkeys ~real 0m9.520suser
Hi all,
For some reason, for a particular user, sss_ssh_authorizedkeys is extremely
slow on the IPA-server:
time /usr/bin/sss_ssh_authorizedkeys ~real0m9.520suser
0m0.022ssys 0m0.018s
It will return all the public keys, but is is slow, causing SSH-login delays
using a ssh-keys.
On
en <
> rcrit...@redhat.com
> <mailto:rob%20crittenden%20%3crcrit...@redhat.com%3e>>*Aan*: FreeIPA
> users list freeipa%20users%20list%20%3cfreeipa-us...@lists.fedorahosted.org%3e>>
> *Cc*: Winfried de Heiden <mailto:winfried%20de%20heiden%20%3c...@dds.nl%3e>>*Onde
;
fixed it.
Winfried
-Oorspronkelijk bericht-
Van: Rob Crittenden
Aan: FreeIPA users list
Cc: Winfried de Heiden
Onderwerp: Re: [Freeipa-users] Re: ipa-server-upgrade failed
Datum: Sat, 25 Jan 2020 17:04:39 -0500
Winfried de Heiden via FreeIPA-users wrote:
> Hi all,
> /var/li
Too bad, is already the latest version:
pm -qi nssName: nssVersion : 3.44.0Release :
9.el8_1Architecture: x86_64~
Winfried
Alexander Bokovoy via FreeIPA-users schreef op za 25-01-2020 om 22:38 [+0200]:
> On la, 25 tammi 2020, Winfried de Heiden via FreeIPA-users wrote:
> &g
t time (running
on a Udoo x86 board with a celeron)
Just to be shure about dbus, I restarted the entire machine; no
success. :-(
Timing issue and/or casued by my rather slow Udoo board.?
Winfried
Rob Crittenden schreef op za 25-01-2020 om 14:53 [-0500]:
> Winfried de Heiden via
Hi all,
Using CentOS Linux release 8.1.1911 and the Stream repositories,
upgrading IPA fails:
(Upgrade ipa-server-common-4.8.0-
13.module_el8.1.0+265+e1e65be4.noarch @AppStream
Upgraded ipa-server-common-4.8.0-
11.module_el8.1.0+253+3b90c921.noarch @@System )
Running ipa-server-upgrade
Running FreeIPA 4.7.1, on CentOS 8, I configured IPA-server to use
smartcard login follwoing
reeipa1:
(ALL : ALL) ALL
Rob Crittenden schreef op 05-12-2018 14:04:
Winfried de Heiden via FreeIPA-users wrote:
Hi all,
On a brand new install, sudo for hostgroup seems not to work. Ik
create
a sudo rule for admins, only to to "averything" on all servers within
the hostgr
Hi all,
On a brand new install, sudo for hostgroup seems not to work. Ik create
a sudo rule for admins, only to to "averything" on all servers within
the hostgroup "ipaservers":
Rule name: s3_sudo_freeipa_admins
Enabled: TRUE
Command category: all
RunAs User category: all
RunAs Group
Hi all,
Mmmm, I was afraid so. Any (nearby) plans for a "feature
enhancement" on this :)
Winfried
Op 27-11-18 om 13:47 schreef Sumit
Bose:
On Tue, Nov 27, 2018 at 01:34:25PM +0100, Winfried de Heiden wrote:
Hi all,
I tried this as well, created a user for which otp and password is
both allowe to enforce OTP login on certain hosts but sudo without
otp:
ipa user-show winfried
User login: winfried
First name: Winfried
Last name: de
Tweedale ,
Rob Crittenden
Onderwerp: [Freeipa-users] Re: Replica install on RPI3
Datum: Mon, 5 Nov 2018 11:25:21 -0500
Winfried de Heiden via FreeIPA-users wrote:
Hi all,
Believe me, after modifying "startup_timeout"
in/usr/lib/python3.7/site-packages/ipalib/constants.py and/etc/ipa/de
much about
it. Run a CA-less deployment, or run a CA-ful deployment with
RaspberryPi replicas having no CA, and CA replicas running on
machines with more memory and more grunt.
Cheers,
Fraser
On Sun, Nov 04, 2018 at 04:04:27PM +0100, Winfried de Heiden via
FreeIPA-users wrote:
Hi all,
can't
[+0100]:
> Ah, so the install went fine but the CA startup is the only remaining issue?
> John
>
> > On 3 Nov 2018, at 16:39, Winfried de Heiden via FreeIPA-users
> > wrote:
> >
> > Hi all,
> > Yes, the Pi is too slow but funny enough it can work perfectl
at’s failing, you can get around that by
> running the install in an emulated ARM machine first, and then copying the
> filesystem over to the Pi.
>
> John
>
>
> > On 3 Nov 2018, at 15:53, Winfried de Heiden via FreeIPA-users
> > wrote:
> >
> > Hi
Hi all,
Just because we can and a Rapsberry Pi 3 is cheap, I'm trying to
install a FreeIPA replica on Fedora 29 ARM. It looks like the Raspberry
is a bit too slow for default installation settings:
018-11-03T12:27:12Z DEBUG stderr=WARNING: Password was garbage
collected before it was cleared.
Hi all,
Thanks! This explains a lot, I'm happy :)
Winfried
Alexander Bokovoy via FreeIPA-users schreef op 26-10-2018 11:16:
On pe, 26 loka 2018, Winfried de Heiden wrote:
Hi all,
Refering to this bit of older post,
What now the difference between a One-way or Two-Way Trust anyway?
The
Hi all,
Refering to this bit of older post,
What now the difference between a One-way or Two-Way Trust anyway? The docs
are not too clear abut it:
" Two-way trust enables AD users and groups to access resources in IdM.
However, the two-way trust in IdM does not give the users any
Alexander Bokovoy via FreeIPA-users schreef op 10-10-2018 12:47:
On ke, 10 loka 2018, Winfried de Heiden via FreeIPA-users wrote:
Hi all,
The Red Hat manual is not too clear about this
(https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single
Hi all,
The Red Hat manual is not too clear about this
(https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/#users)
IdM supports user names that can be described by the following regular
expression:
Fraser Tweedale via FreeIPA-users schreef op 08-10-2018 5:24:
On Fri, Oct 05, 2018 at 04:43:15PM +0200, Winfried de Heiden via
FreeIPA-users wrote:
Hi all,
Creating the SSL certs/keys for for example Apache can easily be done
by using the FreeIPA Dogtag CA-server. With some effort, I put
Hi all,
Creating the SSL certs/keys for for example Apache can easily be done
by using the FreeIPA Dogtag CA-server. With some effort, I put it in an
Ansible playbook which will install Apache and certficates "on demand".
Sometimes a server needs to be re-installed ("cattle-servers"); why
bother
Any progress on this issue? https://pagure.io/freeipa/issue/5569 seems
open and no progress for ages now
Winfried
Op 06-04-18 om 13:57 schreef Florence Blanc-Renaud via FreeIPA-users:
> On 04/06/2018 12:10 PM, Angus Clarke via FreeIPA-users wrote:
>> Hi
>>
>> Is there way to lock down a
aciej
On Fri, Feb 23, 2018 at 3:07 PM, Winfried de Heiden via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
>
>
>
>
> Hi al,
>
>
>
> OTP using IPA 4.5 on CentOS seems to work well. However:
.org>
Van: Alexander Bokovoy <aboko...@redhat.com>
On pe, 23 helmi 2018, Winfried de Heiden via FreeIPA-users wrote:
> Hi al,
>
> OTP using IPA 4.5 on CentOS seems to work well. However: I can force
> a user to
> use OTP and/or a host.
>
> Selecting a user, A
Hi al,
OTP using IPA 4.5 on CentOS seems to work well. However: I can
force a user to use OTP and/or a host.
Selecting a user, ALL authentication needs OTP. Since sudo in this
case will ask for OTP also, this turn out quite inconvenient. Is
Hi all,
Happy Holidays!
Running Feodra ARM on a Raspberry Pi the upgrade from Fedora 26 to
Fedora 27 fails, 389 DS refuses to start:
ec 24 16:51:18 ipa.blabla.bla systemd[1]: Starting 389 Directory
Server xxx
Dec 24 16:51:19
ud via FreeIPA-users:
On 09/11/2017 04:53 PM, Winfried de Heiden via FreeIPA-users wrote:
CS.cfg was modified so pki-tomcat can login using a password and
non-secure LDAP. At least it is working now:
< internaldb.ldapauth.authtype=BasicAuth
< int
via FreeIPA-users:
On
09/12/2017 09:10 AM, Winfried de Heiden via FreeIPA-users wrote:
Hi all,
I'll try my using the link provided. However: what is causing
"CA_UNREACHABLE"?
Request ID '2017
, Winfried de Heiden via FreeIPA-users wrote:
CS.cfg was modified so pki-tomcat can
login using a password and non-secure LDAP. At least it is
working now:
< internaldb.ldapauth.authtype=BasicAuth
< internaldb.ld
pe.certsrv.apps.CMS.init(CMS.java:188)
at com.netscape.certsrv.apps.CMS.start(CMS.java:1621)
Winfried
Op 11-09-17 om 16:18 schreef Rob
Crittenden via FreeIPA-users:
Winfried de Heiden via FreeIPA-users wrote:
Hi All,
Somewhere after an
Hi All,
Somewhere after an update (I guess) I have issues;
pki-tomcatd@pki-tomcat.service will not start since it cannot
login to LDAP. It seems I have some certificate isues:
getcert list shows:
Request ID '20170129002017':
42 matches
Mail list logo
