I have made some progress, I reverted to the version of FreeIP in Fedora 26,
and reconfigured everything, Now instead of timeout errors, I'm getting "tsig
indicates error"
Does anyone have an idea how to fix this?
___
FreeIPA-users mailing list --
It was the problem
Thank you
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
On 26.09.17, 12:19, "Jakub Hrozek via FreeIPA-users"
wrote:
On Tue, Sep 26, 2017 at 09:54:40AM +, Alessandro Perucchi via
FreeIPA-users wrote:
> Hello,
>
> We are using Freeipa to our satisfaction.
>
> We are trying to create
pgb 205 via FreeIPA-users wrote:
> any idea as to why im getting these errors?
Because the configured hostname doesn't match any configured known master?
ipactl looks in cn=masters,cn=ipa,cn=etc,$SUFFIX for the list of known
masters. It uses that to determine what services are configured for a
any idea as to why im getting these errors?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
I've been migrating a lot of our customer boxes from a local install of
our master LDAP database (yeah, I know) to our IPA servers. Nearly all
these boxes are CentOS 6 (we have a smattering of C7 and C5 boxes as
well) and I've built an ansible playbook to make the migration changes.
I've
Hey
When i tried change krbpasswordexpiration for test user i get this error
ipa user-mod test --setattr=krbPasswordExpiration=20381231011529Z
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the
'krbPasswordExpiration' attribute of entry
'uid=test,cn=users,cn=accounts,dc=sf'.
Hello,
We are using Freeipa to our satisfaction.
We are trying to create a bastion/jumphost/... and in order to do it, we want
to protect the bastion so that nobody can access it directly (except of course
some admin people).
And at the same time, we want that the users access some hosts
On Mon, Sep 25, 2017 at 11:41:38AM -0500, Jeremy Utley via FreeIPA-users wrote:
> That might be, but a quick read of the referenced document indicates it may
> not work the way we want. All users will be using 2FA to access the jump
> hosts. The way I read it, the Kerberos ticket will indicate