[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-16 Thread Chris Moody via FreeIPA-users
My reply with the log output is pending moderator approval. -Chris On 1/16/18 1:11 PM, Rob Crittenden wrote: > Robbie Harwood via FreeIPA-users wrote: >> Chris Moody via FreeIPA-users >> writes: >> >>> 2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf for IPA realm >>> IPA.XYZ.COM >>> 2018-01

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-16 Thread Rob Crittenden via FreeIPA-users
Robbie Harwood via FreeIPA-users wrote: > Chris Moody via FreeIPA-users > writes: > >> 2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf for IPA realm >> IPA.XYZ.COM >> 2018-01-15T21:55:24Z DEBUG Starting external process >> 2018-01-15T21:55:24Z DEBUG args=keyctl search @s user >> ipa_session_c

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-16 Thread Alexander Bokovoy via FreeIPA-users
On ti, 16 tammi 2018, Robbie Harwood via FreeIPA-users wrote: Chris Moody via FreeIPA-users writes: 2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf for IPA realm IPA.XYZ.COM 2018-01-15T21:55:24Z DEBUG Starting external process 2018-01-15T21:55:24Z DEBUG args=keyctl search @s user ipa_sessi

[Freeipa-users] Re: FreeIPA NFS Automount with Kerberos troubleshooting help needed

2018-01-16 Thread Robbie Harwood via FreeIPA-users
Jobka Wohin writes: > so why is it working with the home folders then? > > i thought also this gets fixed by my manual systemctl restart rpc-gssd ? I'm not really sure, sorry. You might have more luck asking NFS folks? > if this is the error i think apparmor is involved in this…. Is it possib

[Freeipa-users] Re: freeipa-client joins keep failing : Cannot find KDC for realm

2018-01-16 Thread Robbie Harwood via FreeIPA-users
Chris Moody via FreeIPA-users writes: > 2018-01-15T21:55:24Z INFO Configured /etc/krb5.conf for IPA realm > IPA.XYZ.COM > 2018-01-15T21:55:24Z DEBUG Starting external process > 2018-01-15T21:55:24Z DEBUG args=keyctl search @s user > ipa_session_cookie:host/sfca-do-1.xyz@ipa.xyz.com > 2018-01-

[Freeipa-users] Re: HBAC Lookups by host rather than user/group

2018-01-16 Thread Louis Abel via FreeIPA-users
Thank you for the information! I appreciate it. I'm assuming that feature in 1.16 won't be backported to 1.13.3, which is where some of our SOX/PCI servers live unfortunately. A server side reporting feature for this is obviously promising though. Thank you again for the links/info! __

[Freeipa-users] Re: Get user ssh key instead of fingerprint.

2018-01-16 Thread Maciej Drobniuch via FreeIPA-users
Yes, This is what I needed. Thank You guys :) Best Maciej On Tue, Jan 16, 2018 at 11:08 AM, Sumit Bose via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > On Tue, Jan 16, 2018 at 10:53:21AM +0100, Maciej Drobniuch via > FreeIPA-users wrote: > > Hi all. > > > > Is there any way t

[Freeipa-users] Re: Certificates renewing with the wrong Subject

2018-01-16 Thread Roderick Johnstone via FreeIPA-users
On 15/01/2018 20:07, Rob Crittenden via FreeIPA-users wrote: Roderick Johnstone via FreeIPA-users wrote: On 15/01/2018 16:06, Rob Crittenden via FreeIPA-users wrote: Roderick Johnstone via FreeIPA-users wrote: Hi Our freeipa certificates need to be renewed due to passing their expiry dates.

[Freeipa-users] Re: Get user ssh key instead of fingerprint.

2018-01-16 Thread Alexander Bokovoy via FreeIPA-users
On ti, 16 tammi 2018, Maciej Drobniuch via FreeIPA-users wrote: Hi all. Is there any way to get the user's ssh key (not fingerprint) via console? Maybe LDAP? Or only via a https request ? Do you mean a public ssh key associated with a user with the help of 'ipa user-mod foo --sshpubkey=...'?

[Freeipa-users] Re: Get user ssh key instead of fingerprint.

2018-01-16 Thread Sumit Bose via FreeIPA-users
On Tue, Jan 16, 2018 at 10:53:21AM +0100, Maciej Drobniuch via FreeIPA-users wrote: > Hi all. > > Is there any way to get the user's ssh key (not fingerprint) via console? if the key is store in IPA you can get the full key with ipa user-show --all username or sss_ssh_authorizedkeys us

[Freeipa-users] Get user ssh key instead of fingerprint.

2018-01-16 Thread Maciej Drobniuch via FreeIPA-users
Hi all. Is there any way to get the user's ssh key (not fingerprint) via console? Maybe LDAP? Or only via a https request ? Thanks -- Best regards Maciej Drobniuch Network Security Engineer Collective-Sense,LLC ___ FreeIPA-users mailing list -- fre