[Freeipa-users] Re: 3rd Party OTP for LDAP and Kerberos

On to, 14 touko 2020, Russ Long via FreeIPA-users wrote: On to, 14 touko 2020, Russ Long via FreeIPA-users wrote: Thing is, it starts working for me immediately when I get the proxy associated with the user. [root@master ~]# ipa user-add foo1bar First name: Foo1 Last name: Bar

[Freeipa-users] Re: 3rd Party OTP for LDAP and Kerberos

> Running a tcpdump on both the IPA server and RADIUS server show now traffic > between the 2 > at all when attempting to auth with the RADIUS test user. > > > I just double checked with firewalls off to ensure there wasn't some > strangeness > happening there, and I still get the same

[Freeipa-users] Re: 3rd Party OTP for LDAP and Kerberos

> On to, 14 touko 2020, Russ Long via FreeIPA-users wrote: > > Thing is, it starts working for me immediately when I get the proxy > associated with the user. > > [root@master ~]# ipa user-add foo1bar > First name: Foo1 > Last name: Bar > > Added user "foo1bar" >

[Freeipa-users] Re: How to get certificate containing full chain

On 5/8/20 4:00 PM, Leusmann, Philipp via FreeIPA-users wrote: Thanks for testing, here the same thing doesn’t work. I am using certmonger-0.78.4-12.el7.x86_64 on CentOS 7 post-save command is shown in the list of monitored certificates. Invoking manually works properly. Any further idea on

[Freeipa-users] Re: 3rd Party OTP for LDAP and Kerberos

On to, 14 touko 2020, Russ Long via FreeIPA-users wrote: On to, 14 touko 2020, Russ Long via FreeIPA-users wrote: Did you associate the radiusproxy 'duo' with the user? E.g. ipa user-mod foobar --radius duo ? You might have multiple RADIUS proxies and they would need to be explicitly

[Freeipa-users] Re: 3rd Party OTP for LDAP and Kerberos

> On to, 14 touko 2020, Russ Long via FreeIPA-users wrote: > > Did you associate the radiusproxy 'duo' with the user? > > E.g. > >ipa user-mod foobar --radius duo > > ? > > You might have multiple RADIUS proxies and they would need to be > explicitly connected with the user account. Yes,

[Freeipa-users] Re: 3rd Party OTP for LDAP and Kerberos

On to, 14 touko 2020, Russ Long via FreeIPA-users wrote: On ke, 13 touko 2020, Russ Long via FreeIPA-users wrote: I think you need to show your settings to help with that. All 2FA-related documentation is here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...

[Freeipa-users] Re: 3rd Party OTP for LDAP and Kerberos

> On ke, 13 touko 2020, Russ Long via FreeIPA-users wrote: > > I think you need to show your settings to help with that. > All 2FA-related documentation is here: > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/... Radius setup: $ ipa radiusproxy-show RADIUS proxy

[Freeipa-users] Re: HTTP service in a host with multiple cnames and kerberos authentication

I solved this as follows: 1. Create a dummy host for each cname 2. Create a service for each dummy host 3. Create keytabs for each dummy service 4. Use the specific keytabs in Apache. I am still sure that there is a better way, but for now it's OK for me.

[Freeipa-users] Re: Questions about IDM Smartcard Login

On Wed, May 13, 2020 at 01:30:26PM -, tom smith via FreeIPA-users wrote: > I ran the command: openssl x509 -noout -text -in mycertificate.pem > > This was the output: > TLS Web Client Authentication, Microsoft Smartcardlogin Hi, what is the 'key usage' for this certificate? Do you have