On Wed, Nov 05, 2014 at 02:30:55AM +, David Taylor wrote:
Thanks for the reply. The PAM file is pretty stock for a centos build
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired pam_env.so
auth
On 4.11.2014 21:57, William Muriithi wrote:
Afternoon,
I have two AD and would like to retain that redundancy within IPA after
establishing trust relationship. How would one achieve that?
I have attempted the following:
[root@ipa3-yyz-int ~]# ipa dnszone-add example.local
On 4.11.2014 17:15, Rob Verduijn wrote:
The problem with 'foreman-prepare-realm' and freeipa was that it claimed
that a few o thef permissions required did not exist when it tried to add
them to the 'smart proxy host management' privilege.
I think it was because the permissions were all in
Petr Spacek wrote:
On 4.11.2014 17:15, Rob Verduijn wrote:
The problem with 'foreman-prepare-realm' and freeipa was that it claimed
that a few o thef permissions required did not exist when it tried to add
them to the 'smart proxy host management' privilege.
I think it was because the
Hello again,
I don't know about foreman upstream, the current version that I am using
included in the katello installation is 1.6
And the foreman manpage still requires the configuration of the
realm-smart-proxy.
http://www.theforeman.org/manuals/1.6/index.html#4.3.9Realm
About the snapshot:
I
Hello,
Rob V., you did not answered to my question when DNS worked for you last time.
Did it work right after reverting the snapshot?
Petr^2 Spacek
On 5.11.2014 16:09, Rob Verduijn wrote:
Hello again,
I don't know about foreman upstream, the current version that I am using
included in the
Hello,
I use only a single freeipa server (so no replica to bother)
Internal zones worked before the update
After the update, internal zones no longer worked.
After reverting back the snapshot the internal zones worked again, no
additional actions were needed.
Rob
2014-11-05 16:11 GMT+01:00
Sending again
Previous mail hot mangled by blackberry
I have two AD and would like to retain that redundancy within IPA after
establishing trust relationship. How would one achieve that?
I have attempted the following:
[root@ipa3-yyz-int ~]# ipa dnszone-add example.local
On Wed, Nov 05, 2014 at 09:41:59AM -0500, Rob Crittenden wrote:
Also when I look at the permissions in ipa there are no longer any
permissions that have the 'System: ' prefix.
AFAIK the foreman proxy is not necessary (and not supported) with IPA
4.x because it was obsoleted by 'native'
Stephen Benjamin wrote:
On Wed, Nov 05, 2014 at 09:41:59AM -0500, Rob Crittenden wrote:
Also when I look at the permissions in ipa there are no longer any
permissions that have the 'System: ' prefix.
AFAIK the foreman proxy is not necessary (and not supported) with IPA
4.x because it was
Hello,
Yes I noticed the name change it took me a while to realise it was a known
ruby bug in katello that caused the real problem.
I also checked after I updated the 'katello integrated' update from 3.3.5
to 4.1 and the permissions were neatly renamed to their new counterparts.
However the
On Wed, Nov 05, 2014 at 04:09:18PM +0100, Rob Verduijn wrote:
Hello again,
I don't know about foreman upstream, the current version that I am using
included in the katello installation is 1.6
And the foreman manpage still requires the configuration of the
realm-smart-proxy.
Hi All!
I'm looking at migrating from openldap to freeipa (currently using 3.3.3 on
centos7, installed from the default centos repos, as I'd prefer to use
centos over fedora) and I have a bit of a snag after importing users with
migration-ds: I can't edit the details of migrated users in the web
On 5.11.2014 16:20, Rob Verduijn wrote:
Hello,
Yes I noticed the name change it took me a while to realise it was a known
ruby bug in katello that caused the real problem.
I also checked after I updated the 'katello integrated' update from 3.3.5
to 4.1 and the permissions were neatly renamed
Great news about the script.
I will as soon as I get the upgrade to 4.1 to work with internal dns
support.
yup 12 default permissions + 3 custom permissions in the
smart-host-proxy-management privilege
I guessed I leave those 12 default permissions since I expect it might
break things when I
Hello,
can you send content of these entries (I need mainly member and memberof
attributes)?:
DN: cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=com
DN:
krbprincipalname=DNS/example@example.com,cn=services,cn=accounts,dc=example,dc=com
DN: cn=System: Read DNS
On Wed, Nov 05, 2014 at 10:20:36AM -0500, Rob Crittenden wrote:
Stephen Benjamin wrote:
On Wed, Nov 05, 2014 at 09:41:59AM -0500, Rob Crittenden wrote:
Also when I look at the permissions in ipa there are no longer any
permissions that have the 'System: ' prefix.
AFAIK the foreman proxy
I saw in the upstream foreman-prepare-realm script that the new permission
names should include a prefix System:
That Prefix is not there, what did change was that some permissions where
no longer lower case only.
ie in 3.3.5 the permission is 'write dns configuration' and in 4.1 it
becomes
Can you send me DNS related ACI in dc=tjako,dc=thuis
On 05/11/14 17:08, Rob Verduijn wrote:
and here is the 4.1 version
Rob
cat output-4.1.txt
# extended LDIF
#
# LDAPv3
# base cn=DNS Servers,cn=privileges,cn=pbac,dc=tjako,dc=thuis with
scope subtree
# filter: (objectclass=*)
# requesting:
hi,
On Wed, Nov 5, 2014 at 9:39 AM, Martin Kosek mko...@redhat.com wrote:
On 11/04/2014 01:39 PM, Natxo Asenjo wrote:
hi,
On Mon, Nov 3, 2014 at 5:21 PM, Rob Crittenden rcrit...@redhat.com wrote:
Natxo Asenjo wrote:
How often does the crl list get generated? i still do not see recent data.
On Wed, Nov 5, 2014 at 7:37 PM, Natxo Asenjo natxo.ase...@gmail.com wrote:
6489.CRLIssuingPoint-MasterCRL - [03/Nov/2014:09:00:00 CET] [20] [3]
FileBasedPublisher: java.io.FileNotFoundException:
/var/lib/ipa/pki-ca/publish/MasterCRL-20141103-09.temp (Permission
denied)
And I think I found
hi,
By the way, is it safe to rename this file:
$ ls -lh /var/lib/pki-ca/logs/debug
-rw-r-. 1 pkiuser pkiuser 841M Nov 5 19:54 /var/lib/pki-ca/logs/debug
It's quite big :-). Can I just rename it while the dirsrv is running
and will a new one be created or do I have to stop the pki-cad
On 11/05/2014 10:19 AM, Steve Nolen wrote:
Hi All!
I'm looking at migrating from openldap to freeipa (currently using
3.3.3 on centos7, installed from the default centos repos, as I'd
prefer to use centos over fedora) and I have a bit of a snag after
importing users with migration-ds: I
--. 1 pkiuser pkiuser 5278 Nov 5 21:00 MasterCRL-20141105-21.der
lrwxrwxrwx. 1 pkiuser pkiuser 57 Nov 5 21:00 MasterCRL.bin -
/var/lib/ipa/pki-ca/publish/MasterCRL-20141105-21.der
phew
--
Groeten,
natxo
--
Manage your subscription for the Freeipa-users mailing list:
https
Peter,
Sorry, missed your response earlier.
On 4.11.2014 21:57, William Muriithi wrote:
Afternoon,
I have two AD and would like to retain that redundancy within IPA after
establishing trust relationship. How would one achieve that?
I have attempted the following:
[root@ipa3-yyz-int
First post - please be kind to me:-)
I got stuck on the same issue, it was the lack of a
Jackson-jaxrs-JSON-Provider package.
Once I finally got a coherent download for source files for
Jackson-jaxrs-JSON-Provider-2.4.3, I have compiled and built a RPM
package (using Maven, on Netbeans)
On Wed, 05 Nov 2014, William Muriithi wrote:
Peter,
Sorry, missed your response earlier.
On 4.11.2014 21:57, William Muriithi wrote:
Afternoon,
I have two AD and would like to retain that redundancy within IPA after
establishing trust relationship. How would one achieve that?
I have
Hi,
Heads up for those who are using 2FA feature of FreeIPA 4.0 and 4.1.
A security issue was identified in the released versions of FreeIPA 4.0
and 4.1 that makes possible for users with enabled OTP token to
authenticate using only the second factor.
We have a fix available already and will be
Hi Dmitri!
ldapsearch was exactly the pointer I needed! My entries had
objectClass=extensibleObject, which, as soon as I removed via:
ipa user-mod ldaptest --delattr objectclass=extensibleobject
i'm able to edit!
Thanks so much for the help!
On Wed, Nov 5, 2014 at 11:33 AM, Dmitri Pal
First 10 ipa clients I set up - no problem.
Set up 2 more, perhaps this is a problem with the fact that these 2 hosts were
on a totally new VLAN and the firewall rules weren't correct when I set them up.
Been through the part on sudo here...
http://www.freeipa.org/page/Troubleshooting
Hi,Did you config HBAC to allow sudo, then in sudo rules, allow your sudo command, next would be adding HBAC rules to user groupâ?
On 11/05/2014 05:05 PM, Craig White wrote:
First 10 ipa clients I set up -- no problem.
Set up 2 more, perhaps this is a problem with the fact that these 2
hosts were on a totally new VLAN and the firewall rules weren't
correct when I set them up.
Been through the part on sudo here...
32 matches
Mail list logo