Will Sheldon wrote:
Hello IPA users :)
We have implemented IPA using the packaged version in centos 6.5 (which
is 3.0.0-37.el6), but have been playing with the more recent version in
Fedora 19 (3.3.3-2.fc19) and are quite keen to take advantage of the
shiny new features, so are thinking about
Steve Dainard wrote:
Following this guide:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html
STEP 4:
ipa-server-install --setup-dns -p 'password' -a 'password' -r
MIOVISION.LINUX -n miovision.linux --hostname
Thanks, That was what I missed.
On Wed, Feb 5, 2014 at 2:39 AM, Alexander Bokovoy aboko...@redhat.comwrote:
On Tue, 04 Feb 2014, Mark Gardner wrote:
I'm trying to configure our CentOS IPA Client for Single Sign On from our
trusted AD domain.
SSO works fine when I ssh to the IPA server, but
We've discovered something odd in our current FreeIPA setup (F18,
IPA 3.1.5-1.fc18.x86_64).
Whenever we go to delete a user, the whole IPA infrastructure will
hang. The web page becomes nonresponsive and the server doesn't
respond to sudo or authentication requests.
Good! Note that we plan to enhance SSSD to leverage the new Kerberos authlocal
API to avoid having to update krb5.conf on each system. This is the upstream
ticket:
https://fedorahosted.org/sssd/ticket/1835
Martin
On 02/05/2014 03:27 PM, Mark Gardner wrote:
Thanks, That was what I missed.
On 02/05/2014 04:24 PM, Bret Wortman wrote:
We've discovered something odd in our current FreeIPA setup (F18, IPA
3.1.5-1.fc18.x86_64).
Whenever we go to delete a user, the whole IPA infrastructure will hang. The
web
page becomes nonresponsive and the server doesn't respond to sudo or
Fortunately, I can trigger it at will. ;-)
I'll get the packages loaded set up and see what I can find.
On 02/05/2014 10:36 AM, Martin Kosek wrote:
On 02/05/2014 04:24 PM, Bret Wortman wrote:
We've discovered something odd in our current FreeIPA setup (F18, IPA
3.1.5-1.fc18.x86_64).
Any one knows how to add new attribute or object class to the user
accounts ...eg. added department and id creation date in those users info
field.
Can use 389 / redhat driectory console ? I tried to edit 99user.ldif seem
not shown up new attribute.
barry
2014-02-05 Martin Kosek
Steve Dainard wrote:
Following this guide:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html
STEP 4:
ipa-server-install --setup-dns -p 'password' -a 'password' -r
MIOVISION.LINUX -n miovision.linux --hostname
rpm -qa | grep krb5
pam_krb5-2.3.11-9.el6.x86_64
*krb5-server-1.10.3-10.el6_4.6.x86_64*
krb5-libs-1.10.3-10.el6_4.6.x86_64
krb5-workstation-1.10.3-10.el6_4.6.x86_64
I don't see any segfaults in messages.
/var/log/dirsrv/slapd-MIOVISION-LINUX/errors looks pretty clean:
389-Directory/1.2.11.15
On 02/04/2014 03:28 PM, Steve Dainard wrote:
has anyone worked it out. Secondly cifs-utils has dependency on
samba3 packages and ipa-ad-trust needs samba4 but samba3 and
samba4 don't like each other , so this is the story of my
experience with ipa. Any suggestions ?
Okay,
Spent some time on this one...
Some users can login SSO no problem, others have to put in their password.
Strange as it seems, if the length of the username was greater than 4, the
SSO worked.
So markg@test.local works, but mark@test.local doesn't.
My guess is something to do with the
Rob,
To add the second master-with-CA, is it as simple as doing this on one
of the replicas?
# ipa-ca-install /path/to/replica-info-hostname.foo.net.gpg
Bret
On 02/05/2014 04:35 AM, Rob Crittenden wrote:
Will Sheldon wrote:
Hello IPA users :)
We have implemented IPA using the packaged
The installation part is indeed that simple, but you will also want to
additionally turn the new CA to be the master CA so that it properly
generates the CRL and renews the CA subsystem certificates when the old master
CA is decommissioned. See [1] and [2] for more information.
Martin
[1]
On 2/5/2014, 1:35 AM, Rob Crittenden wrote:
Will Sheldon wrote:
Hello IPA users :)
We have implemented IPA using the packaged version in centos 6.5 (which
is 3.0.0-37.el6), but have been playing with the more recent version in
Fedora 19 (3.3.3-2.fc19) and are quite keen to
After the initial setup of a trust I'm attempting to get kerberos tickets
against the AD domain.
Step 12 in this document:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.htmlsays:
Then, request service tickets
https://bugzilla.redhat.com/show_bug.cgi?id=1061897
*Steve Dainard *
IT Infrastructure Manager
Miovision http://miovision.com/ | *Rethink Traffic*
519-513-2407 ex.250
877-646-8476 (toll-free)
*Blog http://miovision.com/blog | **LinkedIn
https://www.linkedin.com/company/miovision-technologies
On Wed, 05 Feb 2014, Steve Dainard wrote:
After the initial setup of a trust I'm attempting to get kerberos tickets
against the AD domain.
Step 12 in this document:
On Wed, 05 Feb 2014, Alexander Bokovoy wrote:
On Wed, 05 Feb 2014, Steve Dainard wrote:
After the initial setup of a trust I'm attempting to get kerberos tickets
against the AD domain.
Step 12 in this document:
Would it be possible to deny ssh access per host without pulling a host
off
FreeIPA management?
from-host part of the rule is not enforced by default due to the fact
that it is pretty easy to fake that one on connection.
You can try to create more specific rules allowing access to the
I didn't have the firewall on my IPA server down while forming the trust.
All seems to be working now.
Thanks for your help.
Steve
--
/ Alexander Bokovoy
___
Freeipa-users mailing list
Freeipa-users@redhat.com
That helps, and I read http://www.freeipa.org/page/Howto/HBAC_and_allow_all
Now I understand how it works and the expected behaviour.
Thanks.
Les
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Tuesday, 4 February 2014 6:30 PM
To: Les Stott;
22 matches
Mail list logo