Currently our department uses passwords in IPA, with a few users using OTP. I'm
considering using a University radius server for most users. Are there
reliability implications? My concern is what happens if the radius server is
slow to respond or even is down. I'd like users with accounts in
ugh. It doesn't look like we can do this until this patch happens. The actual
authentication would use DUO. Since that requires the user to respond, the
delay could be significant. 10 sec is definitely not enough.
This looks like a client patch. We're using Ubuntu for our clients. (RHEL for
Ronald Wimmer via FreeIPA-users wrote:
> On 12.02.24 20:47, Alexander Bokovoy via FreeIPA-users wrote:
>> On Пан, 12 лют 2024, Ronald Wimmer via FreeIPA-users wrote:
>>> On 12.02.24 15:54, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 14:15, Christian Heimes via FreeIPA-users wrote:
mskaraca--- via FreeIPA-users wrote:
> Hi
>
> I just wanted to say thank you to this list and especially to Rob
> Crittenden..
>
> I could not log in to freeipa-users, there may be a problem in logging
> in with social network accounts. So I am sending this as an email..
>
> Firstly My issue
On Пан, 12 лют 2024, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 15:54, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 14:15, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 13.32, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 13:23, Christian Heimes via FreeIPA-users
On 12.02.24 20:47, Alexander Bokovoy via FreeIPA-users wrote:
On Пан, 12 лют 2024, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 15:54, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 14:15, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 13.32, Ronald Wimmer via FreeIPA-users
On Fri, Feb 02, 2024 at 12:11:58AM +0200, Alexander Bokovoy via FreeIPA-users
wrote:
> On Чцв, 01 лют 2024, Steve Berg via FreeIPA-users wrote:
> > Is there anyway to just delete all these SID requirements? My ipa
> > domain doesn't have a trust to anything windows and there's no plan to
> >
On Пят, 02 лют 2024, Tomasz Torcz via FreeIPA-users wrote:
On Fri, Feb 02, 2024 at 12:11:58AM +0200, Alexander Bokovoy via FreeIPA-users
wrote:
On Чцв, 01 лют 2024, Steve Berg via FreeIPA-users wrote:
> Is there anyway to just delete all these SID requirements? My ipa
> domain doesn't have a
On Пан, 12 лют 2024, Charles Hedrick via FreeIPA-users wrote:
Currently our department uses passwords in IPA, with a few users using
OTP. I'm considering using a University radius server for most users.
Are there reliability implications? My concern is what happens if the
radius server is slow
I appreciate the feedback. I added the ldap_search_timeout to both the server
and client sssd.conf files. I experimented with different values with no
additional success. Please find sanitized client and server sssd logs from my
login attempt with ldap_search_timeout = 30.
Client
On Пан, 12 лют 2024, Heidi Hough via FreeIPA-users wrote:
I appreciate the feedback. I added the ldap_search_timeout to both the server
and client sssd.conf files. I experimented with different values with no
additional success. Please find sanitized client and server sssd logs from my
On 12.02.24 23:02, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 20:47, Alexander Bokovoy via FreeIPA-users wrote:
On Пан, 12 лют 2024, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 15:54, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24
On 12.02.24 15:54, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 14:15, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 13.32, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 13:23, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 12.47, Ronald Wimmer via FreeIPA-users
On Пан, 12 лют 2024, G H via FreeIPA-users wrote:
I am using SSSD in LDAP-only mode (no kerberos at all), communicating
with FreeIPA. For certain hosts, I want to require sssd to demand OTP.
Right now, they are allowing password OR password+OTP. But my 'ipa
show-host' output for the hosts in
On 12.02.24 14:36, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 14.15, Christian Heimes wrote:
While writing the lines above another question came up in my mind:
Is there a way to forbid password modification for IPA users so that
users are forced to do that in an external sytem?
On 12.02.24 14:15, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 13.32, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 13:23, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 12.47, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 12:38, Christian via FreeIPA-users
I am using SSSD in LDAP-only mode (no kerberos at all), communicating with
FreeIPA. For certain hosts, I want to require sssd to demand OTP.
Right now, they are allowing password OR password+OTP. But my 'ipa show-host'
output for the hosts in question have "Authentication Indicators: otp". What
Hi Rob,
Thanks for confirming.
The strange thing is there aren't any users outside of the range that I can
find and there is definitely nothing with an ID of 200.
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To
Just to chime in on this.
I'm not 100% this isn't a bug, as I've also hit the same issue after an update.
In the end, I've had to re-create the effected accounts with the same UID and
GID after deletion, which is resolving the issue for me as I wasn't able to
find a solution using the
On 12.02.24 13:23, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 12.47, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 12:38, Christian via FreeIPA-users wrote:
On 11/02/2024 22.40, Ronald Wimmer via FreeIPA-users wrote:
Remark: If I set a new password for this particular user
On 12/02/2024 14.15, Christian Heimes wrote:
While writing the lines above another question came up in my mind:
Is there a way to forbid password modification for IPA users so that
users are forced to do that in an external sytem?
Yes, that's easy, remove the self service permission "Self can
On Mon, Feb 12, 2024 at 10:53:33AM -, Oliver Nixon via FreeIPA-users wrote:
> Hi Rob,
>
> Thanks for confirming.
>
> The strange thing is there aren't any users outside of the range that I can
> find and there is definitely nothing with an ID of 200.
It may be a GID of some group.
--
On 11/02/2024 22.40, Ronald Wimmer via FreeIPA-users wrote:
Remark: If I set a new password for this particular user after the
user has been activated, it works.
We are still facing this particular problem and do not have any clue why
the initial password set by the external system does not
On 12/02/2024 12.47, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 12:38, Christian via FreeIPA-users wrote:
On 11/02/2024 22.40, Ronald Wimmer via FreeIPA-users wrote:
Remark: If I set a new password for this particular user after the
user has been activated, it works.
We are still
Complete oversight by me sorry...
There was a GID of a group set to 200. After changing that and running sidgen
again all the users now have SIDs
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
On 12.02.24 12:38, Christian via FreeIPA-users wrote:
On 11/02/2024 22.40, Ronald Wimmer via FreeIPA-users wrote:
Remark: If I set a new password for this particular user after the
user has been activated, it works.
We are still facing this particular problem and do not have any clue
why the
On 12/02/2024 13.32, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 13:23, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 12.47, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 12:38, Christian via FreeIPA-users wrote:
On 11/02/2024 22.40, Ronald Wimmer via FreeIPA-users
Hi
I just wanted to say thank you to this list and especially to Rob Crittenden..
I could not log in to freeipa-users, there may be a problem in logging in with
social network accounts. So I am sending this as an email..
Firstly My issue was freeIpa was refusing to install my comodo certificate
28 matches
Mail list logo
