On Mon, Jul 23, 2012 at 06:22:55PM -0400, Rob Crittenden wrote:
> Joe Linoff wrote:
> >Hi Steve:
> >
> >Thank you for your suggestions.
> >
> > > In the gui you can do a hbac test of the rule.
> >
> >I ran the hbactest rule testing from the command line using “ipa
> >hbactest …”. It showed that the
Hi,
No not specific developers but some sort of statement of ownership from RedHat
I suppose. So they are I assume looking for some sort of confidence that it
wont trash AD and if I install it and it does trash our AD some liability.
regards
Steven Jones
Technical Specialist - Linux RHCE
Vic
On 07/23/2012 05:38 PM, Steven Jones wrote:
Hi,
For the winsync agreement my Windows and security teams want to know its
details,
eg who wrote it,
Red Hat - do you need to know the names of the developers?
it is Microsoft certified etc.
Not that I know of - how would one go about doing th
Hi,
For the winsync agreement my Windows and security teams want to know its
details,
eg who wrote it, it is Microsoft certified etc.
Where will I find such info?
All I have is
http://port389.org/wiki/Download
Which doesn't tell me much.
regards
Steven Jones
Technical Specialist - Linux
Hi Rob:
> The issue is if the UIDS are < 1000 they are treated as local in sssd.
Ahh, of course, thanks. I never assigned any UIDs < 1000 (or less than
1 for that matter).
> It could be that sssd cached something and wouldn't let it go, too. If
you can reproduce
> this it is probably worthw
Hi Rob:
Thank you for helping.
> Are you performing a login between steps 3 and 5? Otherwise all that
does is add
> a member/memberof and then remove it. I don't see how this would
affect anything.
Hmmm, good point. I think that I was probably doing a "kinit" between
steps 3 and 5 which would
Joe Linoff wrote:
Hi Steve:
Thank you for your suggestions.
> In the gui you can do a hbac test of the rule.
I ran the hbactest rule testing from the command line using “ipa
hbactest …”. It showed that the rules were correct. Do you think that
the GUI might provide a different result?
No, t
as below.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: Joe Linoff [jlin...@tabula.com]
Sent: Tuesday, 24 July 2012 10:04 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com; Joe Linoff
Subject
Joe Linoff wrote:
Hi Folks:
I managed to get the user working doing the following (all from the CLI):
1.Deleted the user (ipa user-del new-user)
2.Re-added the user
3.Add the user to administrator groups.
4.Changed/set the password.
5.Removed the administrator privileges.
6.Attempt report
Hi Steve:
Thank you for your suggestions.
> In the gui you can do a hbac test of the rule.
I ran the hbactest rule testing from the command line using "ipa
hbactest ...". It showed that the rules were correct. Do you think that
the GUI might provide a different result?
> Also wh
Hi Folks:
I managed to get the user working doing the following (all from the
CLI):
1. Deleted the user (ipa user-del new-user)
2. Re-added the user
3. Add the user to administrator groups.
4. Changed/set the password.
5. Removed the administrator privilege
Hi,
In the gui you can do a hbac test of the rule.
Also what are the UIDS? IPA provided 32bit ones? or your own?
I'd suggest re-setting that user's password and get them to login and reset the
password, that works for me, it was a sign of bad/failed replication in my
system I think (now fixe
Hi Stephen and Dmitri:
Thank you for the sshd GSSAPI configuration suggestion. I tried it this
morning but it didn't work. That particular user is still not able to
login. What is even more interesting is that I created a user with the
identical setup and the new user worked (i.e., they were ab
Qing Chang wrote:
On 20/07/2012 5:14 PM, Rob Crittenden wrote:
Qing Chang wrote:
Greetings,
Migration from OpedLDAP to IPA creates a pair of subtrees for both users
and groups:
compat and accounts, use groups as an example:
dn: cn=acdp,cn=groups,cn=compat,dc=sri,dc=utoronto,dc=ca
dn: cn=acdp
On 20/07/2012 5:14 PM, Rob Crittenden wrote:
Qing Chang wrote:
Greetings,
Migration from OpedLDAP to IPA creates a pair of subtrees for both users
and groups:
compat and accounts, use groups as an example:
dn: cn=acdp,cn=groups,cn=compat,dc=sri,dc=utoronto,dc=ca
dn: cn=acdp,cn=groups,cn=accou
On 07/23/2012 04:49 PM, KodaK wrote:
On Mon, Jul 23, 2012 at 9:42 AM, KodaK wrote:
Alright, this is pretty bad.
My servers keep going out of sync. I have four replicas, slpidml01
through 04. I only figure it out when weird things start happening.
Is there a log somewhere that I can parse tha
On Mon, Jul 23, 2012 at 9:42 AM, KodaK wrote:
> Alright, this is pretty bad.
>
> My servers keep going out of sync. I have four replicas, slpidml01
> through 04. I only figure it out when weird things start happening.
> Is there a log somewhere that I can parse that says that updates
> aren't ge
Alright, this is pretty bad.
My servers keep going out of sync. I have four replicas, slpidml01
through 04. I only figure it out when weird things start happening.
Is there a log somewhere that I can parse that says that updates
aren't getting sent out? What are the types of things that can cau
I have installed freeipa-server-2.2.0-1.fc17.x86_64 and it's running
well. I have also installed rkhunter-1.4.0-1.fc17.noarch on the IPA
server and each morning I receive the following report from rkhunter.
I imagine/hope that these are not actual rootkits and was wondering if
anyone knew of a wa
19 matches
Mail list logo