On Sat, Feb 15, 2014 at 12:14:58AM +0200, Genadi Postrilko wrote:
I have seen threads where opened on trust issues:
AD - Freeipa trust confusion
Cross domain trust
Cannot loging via SSH with AD user TO IPA Domain - which I opened.
It looks like after creation of trust, TGT ticket can be
On 02/16/2014 01:19 AM, Steve Dainard wrote:
Just experienced the same issue on Fedora 20:
[sdainard-ad...@miovision.corp@fed20 ~]$ sudo systemctl stop firewalld
[sudo] password for sdainard-ad...@miovision.corp:
sdainard-ad...@miovision.corp is not allowed to run sudo on fed20. This
incident
On Fri, Feb 14, 2014 at 09:36:33AM +0200, Alexander Bokovoy wrote:
On Thu, 13 Feb 2014, Steve Dainard wrote:
I don't think this is an issue of bugs or documentation, more of design.
Perhaps there's someplace other than a users list this belongs in but:
If IPA is a centrally managed identity
On Thu, Feb 13, 2014 at 06:30:37PM -0500, Dmitri Pal wrote:
On 02/13/2014 06:23 PM, Todd Maugh wrote:
and If I am configuring the sud-ldap.conf
what should it look like does any one have an example?
You have two options. Sudo can be integrated with SSSD or not.
If you want SUDO to be
It actually took me a long time to find this information. It is poorly
documented but this mailing list post works. :)
https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html
On 13 February 2014 23:17, Todd Maugh tma...@boingo.com wrote:
the documentation is kinda vague on some
On Fri, February 14, 2014 17:18, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 15:29, Rob Crittenden wrote:
Sigbjorn Lie wrote:
It would seem like we're still encountering some issues. The date has now
passed for when
the old certificate expired, and the
On 02/14/2014 01:49 PM, Martin Kosek wrote:
Ok, this part seems ok then. I would then focus directly on DNA operation
itself.
DNA plugin says:
[13/Feb/2014:15:32:02 -0200] dna-plugin - dna_request_range: Error sending
range extension extended operation request to server
Martin Kosek wrote:
On 02/14/2014 01:49 PM, Martin Kosek wrote:
Bruno sent me the logs privately, let me just share the solution of this case
with the list. The problem here was that master had only 1000 numbers allocated
(chosen during IPA installation). Therefore, it had less than 1000
On Mon, February 17, 2014 16:34, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 17:18, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 15:29, Rob Crittenden wrote:
Sigbjorn Lie wrote:
It would seem like we're still encountering
On Mon, February 17, 2014 16:34, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 17:18, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 15:29, Rob Crittenden wrote:
Sigbjorn Lie wrote:
It would seem like we're still encountering
On Mon, February 17, 2014 16:34, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 17:18, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 15:29, Rob Crittenden wrote:
Sigbjorn Lie wrote:
It would seem like we're still encountering
Sigbjorn Lie wrote:
On Mon, February 17, 2014 16:34, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 17:18, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On Fri, February 14, 2014 15:29, Rob Crittenden wrote:
Sigbjorn Lie wrote:
It would seem like we're
Hi all.
The newest IPA version that exists in the RHN repository is 3.0.0-37. I
would like to install IPA version greater then 3.0 on RHEL 6.x.
How would you recommend installing newer versions? Using Fedora repository,
EPEL or just download the tarball and build it?
thank you very much,
John
I can't reproduce consistently on any OS including Fedora 20, but I was
able to trigger the issue on a Ubuntu 13.10 client.
sssd: 1.11.1
sudo: 1.8.6p3-0ubuntu3
I have only just enabled the sudo logging so it should only contain the
events below:
sdainard-ad...@miovision.corp@ubu1310:~$ sudo su
I seem to have got a RHEL6 workstation doing smbclient to an IPA samba enabled
server OK.
Is there a way to limit some users to CIFS only in IPA?
Also however my AD connected windows7 machine with winsync and passsync in
place to IPA wont connect. It doesnt seem to like the passwordor
On Mon, 17 Feb 2014, Steven Jones wrote:
I seem to have got a RHEL6 workstation doing smbclient to an IPA samba
enabled server OK.
Is there a way to limit some users to CIFS only in IPA?
If you file system supports POSIX ACLs then simply set limits at the
file system level, it should work
Hi,
So what you are saying is AD clients and IPA enabled samba servers dont work as
a solution yet?
Ergo I have to remove IPA off the samba server?
regards
Steven Jones
From: Alexander Bokovoy aboko...@redhat.com
Sent: Tuesday, 18 February 2014 11:21
On 02/17/2014 05:49 PM, Steven Jones wrote:
Hi,
So what you are saying is AD clients and IPA enabled samba servers dont work as
a solution yet?
Ergo I have to remove IPA off the samba server?
I think the setup when you have sync in place is a bit crafty.
I know that people made it work in
Thank you for the help!
I have preformed downgrade:
yum downgrade samba4*
[root@ipaserver1 ~]# rpm -qa | grep samb
samba4-python-4.0.0-58.el6.rc4.x86_64
samba4-winbind-4.0.0-58.el6.rc4.x86_64
samba4-common-4.0.0-58.el6.rc4.x86_64
samba4-winbind-clients-4.0.0-58.el6.rc4.x86_64
Can we be clear here,
Im not after SSO as such, I can sign in with the AD password but that is
failing.
Otherwise if I read you correctly I cant use IPA controlled samba with AD
controlled windows hosts at all?
So Im better to de-IPA samba and go back to the old samba method with a local
Hi,
On a different note if I want to have a custom field/attribute in IPA, I take
it I can extend the schema and add this ? as the correct term?
Can that attribute be populated from AD via the winsync agreement?
regards
Steven
___
Freeipa-users
Is it possible to set allow password to send to user after user request.
I used one of the self password service pwm but it seem it is not
compatible to retriveal of password
using cert request / Answer and questions retrieval
thks
barry
___
One solution that i have tested myself is to have IPA and AD sync with Samba as
a server in a 2012 R2 Server AD.
For shared directories used both by Windows and Linux clients like Home i used
NFS 4 with Kerberos for Linux and Samba ADS for Windows.
Same user could log in from both Windows and
Dear all:
Any attribute allow user to retrieve password and response to unlock and
allow to send plain text password.?
Regards
Barry
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On Tue, 18 Feb 2014, barry...@gmail.com wrote:
Dear all:
Any attribute allow user to retrieve password and response to unlock and
allow to send plain text password.?
No, since we do not store plain text passwords.
Perhaps you could explain your actual use case?
Is it password recovery?
25 matches
Mail list logo
