Cool. We'll work on this some more and let you know how The Gathering goes.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Hi ivars
Many thanks that's just what I was looking for.
Sorry about the iPad it should be ipa but it seems I am a victim of autocorrect
藍
Regards
Per
Sent from my Commodore 64
> On 8 Aug 2017, at 18:07, Ivars Strazdiņš via FreeIPA-users
> wrote:
>
On Tue, Aug 08, 2017 at 11:40:54AM -0400, Rob Crittenden wrote:
> Michael Gusek via FreeIPA-users wrote:
> > Hi Fraser,
> >
> > at the moment, i can't provide this logfile, i've moved that back to
> > have only new log lines. But a new new logfile is not created ??? In my
> > old logfile i have
On 08/07/2017 07:01 PM, Gustavo Berman via FreeIPA-users wrote:
Hello Pavel
On Mon, Aug 7, 2017 at 12:40 PM, Pavel Vomacka > wrote:
Hello Gustavo,
From what I can see, the issue would be PROTOCOL ERROR in whoami
command. Could
(Wed Aug 9 04:20:14 2017) [sssd[be[ipa.corp.example.com]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaUserOverride)(uid=supratik.goswami))][cn=Default Trust
View,cn=views,cn=accounts,dc=ipa,dc=corp,dc=example,dc=com]
What I could see here is that it is
Pavel,
Thanks for the help, that solved the problem. Now I can access the web ui.
The upgrade took place yesterday and it was a release upgrade from rhel 7.3
(last update was last week) to rhel 7.4 (so we had a lot of package
updates):
ID | Command line | Date and time|
Hello all,
I have enabled password+OTP authentication for a user and able to sync
tokens and SSH.
While ssh to server using FIPA credentials it's asking authentication in
two steps as First Factor and Second Factor .
But i just want to give it in a single line password ,Can any one suggest
how
Hi Flo,
On Wed, 2 Aug 2017 16:24:00 +0200
Florence Blanc-Renaud wrote:
> Hi,
>
> You can follow the steps described here:
>
Scott Stevson via FreeIPA-users wrote:
> Hey Rob,
>
> It's the NSSDB cert. Here's some console output that might be helpful.
>
> PROD [root@server-ns-1 var]# getcert list | grep -A10 20150827000358
> Request ID '20150827000358':
> status: MONITORING
> ca-error: Server at
>
Hi Per,
could you define “working configuration” requirements and what’s iPad specific?
Anyway, below is my setup with Centos Apache to authenticate against IPA via
LDAP using either username (uid) or e-mail. No Kerberos or GSSAPI used, just
“pure” LDAP.
Please note, IPA group “shareusers”
Hello,
we run in a problem with expired certificates:
> getcert list (sample show only one expired certificate)
...
Request ID '20170202144747':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
Certificate
You may be over complicating things by using a load balancer, IPA does a
fairly good job of balancing things
itself, for example the default SSSD config is to have this:
ipa_server = _srv_,
meaning it will select which host to communicate with via the DNS service
records, which are
saidireddy ranabothu via FreeIPA-users
writes:
> I have enabled password+OTP authentication for a user and able to sync
> tokens and SSH.
>
> While ssh to server using FIPA credentials it's asking authentication in
> two steps as First Factor and Second
On 8/7/17 1:44 AM, thierry bordaz wrote:
On 08/07/2017 09:22 AM, Florence Blanc-Renaud via FreeIPA-users wrote:
On 08/04/2017 11:02 PM, Ian Harding via FreeIPA-users wrote:
On 8/4/17 2:16 AM, Florence Blanc-Renaud wrote:
On 08/03/2017 11:13 PM, Ian Harding via FreeIPA-users wrote:
On
Thanks, Rob.
Unfortunately my test in staging resulted in an expired dogtag cert. The
staging environment didn't have any certificates that were due to expire soon
so I updated the xmlrpc_server variable on one of the four IPA hosts we have to
another one in the same AWS region and restarted
Scott Stevson via FreeIPA-users wrote:
> Thanks, Rob.
>
> Unfortunately my test in staging resulted in an expired dogtag cert. The
> staging environment didn't have any certificates that were due to expire soon
> so I updated the xmlrpc_server variable on one of the four IPA hosts we have
>
Hi All,
If you setup DNS but did not enable the reverse zone during the initial
install, is there a way to add/enable it after the fact? I can script
adding in all the PTR records, but wanted to find out how to
create/enable the reverse zone once you have already installed.
Thanks
K
Michael Gusek via FreeIPA-users wrote:
> Hi Fraser,
>
> at the moment, i can't provide this logfile, i've moved that back to
> have only new log lines. But a new new logfile is not created ??? In my
> old logfile i have some lines after switch to basic auth, but before
> setting time to past:
>
Hello,
CentOS 7.3
what is the best way to remove a installed ipa-dns-server?
I can't found any helpful Doc's for this only for installing the server I
found Docs
Thanks for the Help,
--
mit freundlichen Grüssen / best regards,
Günther J. Niederwimmer
Are you 100% sure that you have a line like "sudoers: files sss" in your
/etc/nsswitch.conf?
Am 7. August 2017 11:10:56 MESZ schrieb Alka Murali via FreeIPA-users
:
>Hello Team,
>
>Have checked all the logs, and the SSSD Logs are saying that it is
Hello Gustavo,
On 08/07/2017 04:20 PM, Gustavo Berman via FreeIPA-users wrote:
Hi there,
Today we upgraded to the latest IPA 4.5, log says it upgraded just
fine, ipa seems to authenticate allright, but web ui fails with:
Operations Error
Some operations failed.
We have host which is registered and have http service with one domain
e.g. xyz.intra.example.com.
But we want to add another site with domain intra.example.com, and we
need to enroll certificate for that domain, but we can't because the
hostname of these host is xyz.intra.example.com.
Is it
I think this has resolved itself on its own after the update to RHEL 7.4.
So that was a pleasant surprise.
On Wed, Aug 2, 2017 at 8:53 AM, Prasun Gera wrote:
> I think the path that is triggered first is from the following code:
>
> if new_cert == old_cert:
>
>
Great, thanks!
On Aug 4, 2017 11:58 PM, "Alexander Bokovoy" wrote:
> On pe, 04 elo 2017, Kristian Petersen via FreeIPA-users wrote:
>
>> Alexander,
>>
>> That was it! I had seen this before at a previous place of employment,
>> but
>> couldn't recall enough of what we'd
On 08/07/2017 09:22 AM, Florence Blanc-Renaud via FreeIPA-users wrote:
On 08/04/2017 11:02 PM, Ian Harding via FreeIPA-users wrote:
On 8/4/17 2:16 AM, Florence Blanc-Renaud wrote:
On 08/03/2017 11:13 PM, Ian Harding via FreeIPA-users wrote:
On 08/03/2017 12:28 AM, Florence Blanc-Renaud
Hi Fraser,
at the moment, i can't provide this logfile, i've moved that back to
have only new log lines. But a new new logfile is not created ??? In my
old logfile i have some lines after switch to basic auth, but before
setting time to past:
[07/Aug/2017:14:16:22][localhost-startStop-1]:
Hello,
I have created a FreeIPA solution using Red Hat’s IDM product.
FreeIPA version: 4.5.0
OS version: RHEL 7.4
I have successfully installed the server portion and can authenticate to it
using local IDM users, such as the ‘admin’ user. I have created a one-way trust
between the IPA realm
Rafał Wądołowski via FreeIPA-users wrote:
> We have host which is registered and have http service with one domain
> e.g. xyz.intra.example.com.
>
> But we want to add another site with domain intra.example.com, and we
> need to enroll certificate for that domain, but we can't because the
>
We are running FreeIPA 4.4. Even though sudo is listed as one of the
services in the HBAC rule, it seems like only the Sudo rules are what
really controls sudo. Sudo ignores what is in the HBAC rules.
Is this expected behavior? It doesn't really which way it really works, we
are more concerned
Hey Rob,
It's the NSSDB cert. Here's some console output that might be helpful.
PROD [root@server-ns-1 var]# getcert list | grep -A10 20150827000358
Request ID '20150827000358':
status: MONITORING
ca-error: Server at
On 08/08/2017 12:02 PM, Steve Weeks via FreeIPA-users wrote:
We are running FreeIPA 4.4. Even though sudo is listed as one of the
services in the HBAC rule, it seems like only the Sudo rules are what
really controls sudo. Sudo ignores what is in the HBAC rules.
Is this expected behavior?
31 matches
Mail list logo