[Freeipa-users] Re: ipa: ERROR: Failed to authenticate to CA REST API

Hi, tail -f /var/log/pki/pki-tomcat/ca/debug.2022-12-20.log 2022-12-20 08:44:38 [CertStatusUpdateTask] INFO: DBVirtualList: Searching ou=certificateRepository, ou=ca,o=ipaca 2022-12-20 08:44:38 [CertStatusUpdateTask] INFO: DBVirtualList: filter: (certStatus=INVALID) 2022-12-20 08:44:38

[Freeipa-users] Re: Grant sudo to users only on their own workstations

On Tue, 2022-12-20 at 13:08 +1000, Fraser Tweedale via FreeIPA-users wrote: > I don't see a way around it.  But I could be overlooking something. That's exactly what I was thinking. > It would be nice if you could associate workstations (hosts) to > users directly, then automatically

[Freeipa-users] Re: FreeIPA CA failing to login with new admin user

Hi, On Sun, Dec 18, 2022 at 7:10 PM Oleg Baranov via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > This stays out quite long and I faced absolutely the same behavior > adding 4.10.1 replica to 4.8.7. > > Fiddled almost a week with that so posting my solution here in order to >

[Freeipa-users] Re: ipa: ERROR: Failed to authenticate to CA REST API

Hi, On Mon, Dec 19, 2022 at 3:25 AM junhou he via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi, > tail -f /var/log/pki/pki-tomcat/localhost_access_log.2022-12-19.txt > 10.100.0.213 - - [19/Dec/2022:09:59:45 +0800] "GET /ca/rest/certs/1 > HTTP/1.1" 200 9991 > 10.100.0.213 -

[Freeipa-users] Ubuntu clients and su

Hi Everyone, When I try to run "sudo su - [user]" on an Ubuntu 20 or Ubuntu 22 client, I get the error "su: Permisison denied". Upon enabling debug_level = 6 for the domain, I saw in the log the message "Access denied by HBAC rules". Well, that's odd since my user is in a group that is allowed

[Freeipa-users] Grant sudo to users only on their own workstations

We have many users that run GNU/Linux workstations. At the moment everyone is using local accounts. We want to convert them to IPA clients and still allow them sudo privileges on their own workstations. It's easy to grant them access to their workstations by making them all a member of a

[Freeipa-users] Re: ipa: ERROR: Failed to authenticate to CA REST API

Hi, On Tue, Dec 20, 2022 at 2:20 AM junhou he via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi, > tail -f /var/log/pki/pki-tomcat/ca/debug.2022-12-20.log > 2022-12-20 08:44:38 [CertStatusUpdateTask] INFO: DBVirtualList: Searching > ou=certificateRepository, ou=ca,o=ipaca >

[Freeipa-users] Re: Grant sudo to users only on their own workstations

On ti, 20 joulu 2022, Ranbir via FreeIPA-users wrote: On Tue, 2022-12-20 at 13:08 +1000, Fraser Tweedale via FreeIPA-users wrote: I don't see a way around it.  But I could be overlooking something. That's exactly what I was thinking. It would be nice if you could associate workstations

[Freeipa-users] Re: Grant sudo to users only on their own workstations

On Mon, Dec 19, 2022 at 03:32:33PM -0500, Ranbir via FreeIPA-users wrote: > We have many users that run GNU/Linux workstations. At the moment > everyone is using local accounts. We want to convert them to IPA > clients and still allow them sudo privileges on their own workstations. > > It's easy