Hello,
sorry for a big delay.
On 06/20/2012 02:25 PM, Gavin Spurgeon wrote:
Hi All,
Just have a quick question re: $subject
I have seen some BZ's about this, but just wanted to check with the list
to see what people have to say about this.
I have an IPA Domain (example.com) and it is
On 06/19/2012 05:01 PM, george he wrote:
Hello Rob,
netstat |grep 443 returned nothing, but lsof -i :80 (or :443) returned things
like this:
httpd 4206 apache 5u IPv6 846355 TCP *:http (LISTEN)
is the IPv6 here a problem?
Thanks,
George
No route to host can mean No route to host (= no record
On Sun, 2012-06-24 at 15:10 -0700, Joe Linoff wrote:
Hi Mark:
I did not find any entries related to passwords in the LDAP record.
There were some entries that looked as though they were related to
Kerberos which might be useful.
% ldapseach -LLL -x -b
On Sun, 2012-06-24 at 15:49 -0400, Mark Reynolds wrote:
Hi Joe,
I'm not really an IPA guy, but IPA uses 389 directory server as its
backend. You would need to convert the your DB entries to LDAP
entries, but 389 supports your password type, so it should not be a
problem if you copy paste
You do not need to populate the Kerberos password fields directly. Once you
migrate your DB
users to LDAP, if you enable IPA's migration mode (see the docs on how),
the next time a
user binds to LDAP using their existing password, a pre-bind plugin on
FreeIPA will catch
the plaintext
Hi Simo:
Normally this is not actually allowed, the reason is that kerberos needs keys
generated,
and can't work with the userPasswrod hash, so we prevent storing any hash in
userPassword
and reject any attempt that does not involve a clear text password.
That makes sense. Thank you for
On Mon, 2012-06-25 at 05:57 -0700, Joe Linoff wrote:
Unfortunately, the problem I have is that I have the user data and the
hashed password in a standalone database and I want to move it into
FreeIPA without requiring the users to re-authenticate. I do not have
a plaintext password and I do
Stephen Ingram wrote:
On Fri, Jun 22, 2012 at 1:37 PM, Rob Crittendenrcrit...@redhat.com wrote:
Dmitri Pal wrote:
On 06/22/2012 12:28 PM, Stephen Ingram wrote:
On Fri, Jun 22, 2012 at 6:25 AM, Dmitri Pald...@redhat.comwrote:
On 06/22/2012 01:57 AM, Stephen Ingram wrote:
On Thu, Jun
Hi all,
As mentioned on IRC today I've finished my write up of using libvirt
(kvm virtualization)
with VNC consoles and kerberos authentication with an IPA backend
I'd be interested in any feedback:
http://freeipa.org/page/Libvirt_with_VNC_Consoles
Kind regards,
James
Hi Simo:
I really appreciate your help.
If users authenticate by passing in a username/password combo you have
various
options, in the sense you should be able to modify the cakePHP application
to
recalculate a valid SHA hash and dump it into a file.
That would be great.
If the app
Hello,
I have a server and a few client set up. I can ssh to the server or clients.
But there's no entry on the console gdm for ipa user, and I cannot login by
choosing others either.
What do I need to set up for gdm log on? I searched the docs but didn't find
any...
Thanks,
George
On Mon, 2012-06-25 at 09:52 -0700, george he wrote:
Hello,
I have a server and a few client set up. I can ssh to the server or
clients. But there's no entry on the console gdm for ipa user, and I
cannot login by choosing others either.
What do I need to set up for gdm log on? I searched the
On Mon, 2012-06-25 at 10:25 -0700, george he wrote:
Hello Stephen,
this is what in the log file:
Jun 25 13:22:10 mz gdm-password][21545]: pam_unix(gdm-password:auth):
authentication failure; logname=(unknown) uid=0 euid=0 tty=:0 ruser=
rhost= user=jhe
Jun 25 13:22:11 mz
Hi Stephen,
I already have a home directory which was created the first time I ssh in.
Now when I click on sign in, nothing happens...
Thanks,
George
From: Stephen Gallagher sgall...@redhat.com
To: george he george_...@yahoo.com
Cc: freeipa-users@redhat.com
On Mon, 2012-06-25 at 10:41 -0700, george he wrote:
Hi Stephen,
I already have a home directory which was created the first time I ssh
in.
Now when I click on sign in, nothing happens...
Just to experiment, try 'setenforce 0' as root and then try to log in.
SELinux could be denying you.
On 06/25/2012 12:08 PM, Joe Linoff wrote:
Hi Simo:
I really appreciate your help.
If users authenticate by passing in a username/password combo you have
various
options, in the sense you should be able to modify the cakePHP application
to
recalculate a valid SHA hash and dump it into
Hi Stephen,
selinux was set to permissive before I installed the client. ( I modified the
file /etc/sysconfig/selinex)
So It cannot be the reason.
Thanks,
George
From: Stephen Gallagher sgall...@redhat.com
To: george he george_...@yahoo.com
Cc:
On Mon, 2012-06-25 at 10:55 -0700, george he wrote:
Hi Stephen,
selinux was set to permissive before I installed the client. ( I
modified the file /etc/sysconfig/selinex)
Modifying that file without a reboot does not change the current state.
That only tells the kernel whether to boot with
Hi Stephen,
Here are the lines from /var/log/messages. it seems there's some info, but I
don't understand it...
Jun 25 13:53:37 mz dbus-daemon[775]: dbus[775]: [system] Activating service
name='net.reactivated.Fprint' (using servicehelper)
Jun 25 13:53:37 mz dbus[775]: [system] Activating
On Mon, 2012-06-25 at 15:11 +0100, James Hogarth wrote:
Hi all,
As mentioned on IRC today I've finished my write up of using libvirt
(kvm virtualization)
with VNC consoles and kerberos authentication with an IPA backend
I'd be interested in any feedback:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all
I have a RHEL 6.2 ipa domain and I am running through one of my known
working kickstarts for kerberised squid but instead of using RHEL i'm
setting it up on Fedora 17.
I get the following error on the fedora system which has
On Mon, 2012-06-25 at 10:41 -0700, george he wrote:
Hi Stephen,
I already have a home directory which was created the first time I ssh
in.
Now when I click on sign in, nothing happens...
I've encountered this recently as well, apparently GDM uses some service
that misbehaves when
On Mon, 2012-06-25 at 13:51 -0400, Dmitri Pal wrote:
Simo are you sure simple bind is enough? I thought that it should be a
bind over SSL with some specific ext op. Do I recall it wrong?
A bind over SSL is still called a simple bind and simply mean a bind
that users a plain text password,
Yes! reboot works. Thanks a lot.
George
From: Simo Sorce s...@redhat.com
To: george he george_...@yahoo.com
Cc: Stephen Gallagher sgall...@redhat.com; freeipa-users@redhat.com
freeipa-users@redhat.com
Sent: Monday, June 25, 2012 2:39 PM
Subject: Re:
Dale Macartney wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all
I have a RHEL 6.2 ipa domain and I am running through one of my known
working kickstarts for kerberised squid but instead of using RHEL i'm
setting it up on Fedora 17.
I get the following error on the fedora system
On 06/25/2012 02:36 PM, Simo Sorce wrote:
On Mon, 2012-06-25 at 13:51 -0400, Dmitri Pal wrote:
Simo are you sure simple bind is enough? I thought that it should be a
bind over SSL with some specific ext op. Do I recall it wrong?
A bind over SSL is still called a simple bind and simply mean a
On Mon, 2012-06-25 at 15:39 -0400, Dmitri Pal wrote:
On 06/25/2012 02:36 PM, Simo Sorce wrote:
On Mon, 2012-06-25 at 13:51 -0400, Dmitri Pal wrote:
Simo are you sure simple bind is enough? I thought that it should be a
bind over SSL with some specific ext op. Do I recall it wrong?
A bind
On Mon, 2012-06-25 at 15:39 -0400, Dmitri Pal wrote:
On 06/25/2012 02:36 PM, Simo Sorce wrote:
On Mon, 2012-06-25 at 13:51 -0400, Dmitri Pal wrote:
Simo are you sure simple bind is enough? I thought that it should be a
bind over SSL with some specific ext op. Do I recall it wrong?
A bind
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25/06/12 19:53, Rob Crittenden wrote:
Dale Macartney wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all
I have a RHEL 6.2 ipa domain and I am running through one of my known
working kickstarts for kerberised squid but instead of
Dale Macartney wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25/06/12 19:53, Rob Crittenden wrote:
Dale Macartney wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all
I have a RHEL 6.2 ipa domain and I am running through one of my known
working kickstarts for kerberised
Hi,
I'm trying to install a new Fedora 17 replica of my existing Fedora 16
FreeIPA servers as part of my migration process.
I first attempted the installation using an old replica file, but ran
into some issues so I uninstalled and generated a new replica file.
Now, when I run the command, I
31 matches
Mail list logo
