Re: [Freeipa-users] Replicating o=ipaca

On 08/13/2014 02:15 AM, Rob Crittenden wrote: Erinn Looney-Triggs wrote: On 08/12/2014 11:49 AM, Rob Crittenden wrote: Erinn Looney-Triggs wrote: The documentation seems to be a little fuzzy on setting up two CAs, some parts indicate this is a bad idea because the CRLs can clobber each

Re: [Freeipa-users] check access log of when a user login integrated system

On Wed, 13 Aug 2014, barry...@gmail.com wrote: Hi all: I have a buzilla intgrated with ldap ,,,is it poosible to check when the user login through the access log of ldap free ipa server .. What sentence should it look like ? For example, following will return you date and uid of the user

Re: [Freeipa-users] Adding permissions to a service account.

On 08/13/2014 02:27 AM, William wrote: On Tue, 2014-08-12 at 13:51 -0400, Rob Crittenden wrote: William wrote: Hi, I am trying to allow a radius service account the ability to read ipaNTHash. I carried out the following steps: You can't delegate permissions to a service. See

Re: [Freeipa-users] check access log of when a user login integrated system

Hi: Yes there are some log show user but seem it log the user who directly login ldap using their uid. i integrate the buzilla using an uid=ldap ..then otther user can login freely ...it seem it logged ldap not inside users using the buzilla. 2014-08-13 14:36 GMT+08:00 Alexander Bokovoy

[Freeipa-users] getting auth to work with just IPA LDAP

Hello fellow IPAers... Just wondering what I might be doing wrong. I have servers that just need to auth to the LDAP username/PW portion of IPA since they can't do Kerberos right now. What could I be missing -- I run the authconfig to setup and verify sssd.conf, but I continue to get:

Re: [Freeipa-users] getting auth to work with just IPA LDAP

On Wed, Aug 13, 2014 at 07:23:43AM -0700, Kat wrote: Hello fellow IPAers... Just wondering what I might be doing wrong. I have servers that just need to auth to the LDAP username/PW portion of IPA since they can't do Kerberos right now. What could I be missing -- I run the authconfig to

[Freeipa-users] Does FreeIPA support SHA or SSHA for password encryption

We are looking at ONELogin as well as OKTA for our SSO to work with FreeIPA. The way they integrate with LDAP is a little different. The question I have is how does FreeIPA support SHA or SSHA for password encryption? *From One Login's help doc on LDAP* *--password-crypt: *Defines the

Re: [Freeipa-users] Adding permissions to a service account.

William wrote: On Tue, 2014-08-12 at 13:51 -0400, Rob Crittenden wrote: William wrote: Hi, I am trying to allow a radius service account the ability to read ipaNTHash. I carried out the following steps: You can't delegate permissions to a service. See

Re: [Freeipa-users] Does FreeIPA support SHA or SSHA for password encryption

Chris Whittle wrote: We are looking at ONELogin as well as OKTA for our SSO to work with FreeIPA. The way they integrate with LDAP is a little different. The question I have is how does FreeIPA support SHA or SSHA for password encryption? *From One Login's help doc on LDAP*

Re: [Freeipa-users] MinSSF suggestions?

Erinn Looney-Triggs wrote: On 08/12/2014 09:21 AM, Alexander Bokovoy wrote: On Tue, 12 Aug 2014, Erinn Looney-Triggs wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/11/2014 09:08 AM, Martin Kosek wrote: On 08/11/2014 04:24 PM, Jakub Hrozek wrote: On Mon, Aug 11, 2014 at