[Freeipa-users] Re: Directory manager password best practices

Ian Pilcher via FreeIPA-users wrote: > I am setting up a new IPA instance to provide DNS and CA services in a > team lab. I have to decide what to use for the Directory Manager > password — our standard, not very secure root password or something > else, which no one will ever remember. > > Any

[Freeipa-users] KDE administration not working for freeipa user

Hello, I have freeipa server (centos7) setup. I installed freeipa-client on my KDE Neon laptop. I can sign in with my freeipa user and am able to use sudo. But when asked for password whilst doing KDE administration, it does not work. Any logs I should check?

[Freeipa-users] Re: Best practice backuping freeipa in docker

> On Apr 16, 2019, at 5:58 AM, Petar Kozić via FreeIPA-users > wrote: > > Hi folks. > I’m using freeipa in docker on one VM machine and for now, I satisfied how > that works, but I worried about backup. > Can someone tell me what is best practice for backup ipa which works in > docker? One

[Freeipa-users] Directory manager password best practices

I am setting up a new IPA instance to provide DNS and CA services in a team lab. I have to decide what to use for the Directory Manager password — our standard, not very secure root password or something else, which no one will ever remember. Any thoughts? Is it still a major project to change

[Freeipa-users] Re: User's primary group set to recently deleted user group

Thank you for your time, Rob. I see what I was doing wrong, when I was running `ipa group-find` I wasn't using the `--private` flag, which won't show the primary user groups. I see that user still has a private group with the corresponding uid-matched gid, so I will go ahead and make the

[Freeipa-users] Re: User's primary group set to recently deleted user group

Devin Roark via FreeIPA-users wrote: > Hello, > > I have inherited a freeipa cluster and during a cleanup of groups.  We > discovered one of the groups that was deleted was set as a couple user's > primary gid in the past, which I'm assuming was a manual process because > it looks like the

[Freeipa-users] Re: How to move FreeIPA to new server?

Never mind. Clock was skewed. Fixed it and now it is working. On Tue, Apr 16, 2019 at 1:53 PM fujisan wrote: > Thank you for your reply. > > So i'm trying to install freeipa as a replica using the following command > until it says *LDAP error: Invalid credentials.* > What is missing? > > #

[Freeipa-users] User's primary group set to recently deleted user group

Hello, I have inherited a freeipa cluster and during a cleanup of groups. We discovered one of the groups that was deleted was set as a couple user's primary gid in the past, which I'm assuming was a manual process because it looks like the default behavior is the standard groupname/gid matching

[Freeipa-users] Best practice backuping freeipa in docker

Hi folks. I’m using freeipa in docker on one VM machine and for now, I satisfied how that works, but I worried about backup. Can someone tell me what is best practice for backup ipa which works in docker? Do I need to use backup scripts or some different method? Thank you in advance. *—*

[Freeipa-users] Re: How to move FreeIPA to new server?

Thank you for your reply. So i'm trying to install freeipa as a replica using the following command until it says *LDAP error: Invalid credentials.* What is missing? # ipa-replica-install --principal=admin --admin-password= --server=oldserver.domain.local --domain=domainlocal

[Freeipa-users] Re: Can login with non-existing user

On Tue, Apr 16, 2019 at 11:56:32AM +0200, Ronald Wimmer via FreeIPA-users wrote: > On 16.04.19 11:29, Sumit Bose via FreeIPA-users wrote: > > On Tue, Apr 16, 2019 at 11:12:18AM +0200, Ronald Wimmer via FreeIPA-users > > wrote: > > > On 16.04.19 10:50, Sumit Bose via FreeIPA-users wrote: > > > >

[Freeipa-users] Re: How to move FreeIPA to new server?

On Tue, Apr 16, 2019 at 12:09 PM Alexander Bokovoy via FreeIPA-users wrote: > > On ti, 16 huhti 2019, fujisan wrote: > >and then re-install each client with --server=new-server.my.domain? > No. You don't need to reinstall anything. Looks like you didn't install > any replica before? > >

[Freeipa-users] Re: How to move FreeIPA to new server?

On ti, 16 huhti 2019, fujisan wrote: and then re-install each client with --server=new-server.my.domain? No. You don't need to reinstall anything. Looks like you didn't install any replica before? Instructions are here for a replica installation:

[Freeipa-users] Re: Can login with non-existing user

On 16.04.19 11:29, Sumit Bose via FreeIPA-users wrote: On Tue, Apr 16, 2019 at 11:12:18AM +0200, Ronald Wimmer via FreeIPA-users wrote: On 16.04.19 10:50, Sumit Bose via FreeIPA-users wrote: On Tue, Apr 16, 2019 at 09:06:44AM +0200, Ronald Wimmer via FreeIPA-users wrote: I have managed to

[Freeipa-users] Re: How to move FreeIPA to new server?

and then re-install each client with --server=new-server.my.domain? On Tue, Apr 16, 2019 at 11:42 AM Alexander Bokovoy wrote: > On ti, 16 huhti 2019, fujisan via FreeIPA-users wrote: > >Hello, > > > >I just got a new server on which I'd like to install a FreeIPA server. > >Today it is installed

[Freeipa-users] Re: ID-View for AD group to use GECOS umask

On Mon, Apr 15, 2019 at 03:11:13PM +0200, Ronald Wimmer via FreeIPA-users wrote: > Afaik it should be possible to set a users umask by putting something like > "umask=0007" in the GECOS field in combination with pam_umask.so. > > pam_umask.so seems to be present on our systems. What I do not know

[Freeipa-users] Re: How to move FreeIPA to new server?

On ti, 16 huhti 2019, fujisan via FreeIPA-users wrote: Hello, I just got a new server on which I'd like to install a FreeIPA server. Today it is installed on the old server. I just tried to install it with ipa-server-install but of course it complained saying the DNS domain is handled by the

[Freeipa-users] How to move FreeIPA to new server?

Hello, I just got a new server on which I'd like to install a FreeIPA server. Today it is installed on the old server. I just tried to install it with ipa-server-install but of course it complained saying the DNS domain is handled by the old server. What is the best way to install FreeIPA on

[Freeipa-users] Re: Can login with non-existing user

On Tue, Apr 16, 2019 at 11:12:18AM +0200, Ronald Wimmer via FreeIPA-users wrote: > On 16.04.19 10:50, Sumit Bose via FreeIPA-users wrote: > > On Tue, Apr 16, 2019 at 09:06:44AM +0200, Ronald Wimmer via FreeIPA-users > > wrote: > > > I have managed to login to an IPA client with a non-existing

[Freeipa-users] Re: Can login with non-existing user

On 16.04.19 10:50, Sumit Bose via FreeIPA-users wrote: On Tue, Apr 16, 2019 at 09:06:44AM +0200, Ronald Wimmer via FreeIPA-users wrote: I have managed to login to an IPA client with a non-existing user. My AD user is z123...@addomain.mydomain.at and I have created a similar user called

[Freeipa-users] Re: Can login with non-existing user

On Tue, Apr 16, 2019 at 09:06:44AM +0200, Ronald Wimmer via FreeIPA-users wrote: > I have managed to login to an IPA client with a non-existing user. > > My AD user is z123...@addomain.mydomain.at and I have created a similar user > called i123...@ipadomain.mydomain.at. What happened now is that

[Freeipa-users] Can login with non-existing user

I have managed to login to an IPA client with a non-existing user. My AD user is z123...@addomain.mydomain.at and I have created a similar user called i123...@ipadomain.mydomain.at. What happened now is that I could log in with the i-User and what I get to see after logging in is this: