On 10.3.2015 12:14, Guertin, David S. wrote:
Seems the initial/default setup for IPA server is to put in an 'allow_all'
rule. Thus you can actively manage HBAC but out of the box, it is essentially
turned off by that rule.
Yes. The default was the opposite very long time ago, you had to
On Tue, 10 Mar 2015, Guertin, David S. wrote:
Seems the initial/default setup for IPA server is to put in an 'allow_all'
rule. Thus you can actively manage HBAC but out of the box, it is essentially
turned off by that rule.
Yes. The default was the opposite very long time ago, you had to
Seems the initial/default setup for IPA server is to put in an 'allow_all'
rule. Thus you can actively manage HBAC but out of the box, it is essentially
turned off by that rule.
Yes. The default was the opposite very long time ago, you had to explicitly
enable access to the box. But it was
You should be able to 'see' them via getent passwd but they should not be
allowed to login when HBAC_ALLOW_ALL is disabled.
Ah, OK, thanks, that's what is happening. I can see them with getent passwd and
id, and I can su to them, but I can't log in as them.
On the other hand, I also can't log
On Tue, Mar 10, 2015 at 11:14:21AM +, Guertin, David S. wrote:
Seems the initial/default setup for IPA server is to put in an 'allow_all'
rule. Thus you can actively manage HBAC but out of the box, it is
essentially
turned off by that rule.
Yes. The default was the opposite very
I have already:
- created an IPA group called ad_users.
- created an IPA group called ad_users_external.
Did you create this group with --external?
Doh! Nope, somehow I missed that. I've done that and that part is working now.
But the other part of the question remains, i.e. I'm still seeing
On Tue, 10 Mar 2015, Guertin, David S. wrote:
You should be able to 'see' them via getent passwd but they should not be
allowed to login when HBAC_ALLOW_ALL is disabled.
Ah, OK, thanks, that's what is happening. I can see them with getent
passwd and id, and I can su to them, but I can't log in
I'm attempting to migrate FreeIPA from an RHEL6 server to a CentOS7 server.
When I run ipa-replica-install to set up the CentOS7 server, I get the
following error:
ipa : CRITICAL The master CA directory server does not have
necessary schema. Please copy the following script to all CA
Hi Alexander
On Tue, Mar 10, 2015 at 12:08 PM, Alexander Bokovoy aboko...@redhat.com wrote:
On Tue, 10 Mar 2015, Traiano Welcome wrote:
However, I'm still not able to authenticate via the ssh-sssd path (I
cn get kerberos tickets for ad users via cli though), so I think that
incorrect dc
On Tue, 10 Mar 2015, Benjamin Reed wrote:
I'm attempting to migrate FreeIPA from an RHEL6 server to a CentOS7 server.
When I run ipa-replica-install to set up the CentOS7 server, I get the
following error:
ipa : CRITICAL The master CA directory server does not have
necessary schema.
On 3/10/15 9:31 AM, Alexander Bokovoy wrote:
Are you following these instructions?
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html
Aha! No. There are so many false positives in google
On Tue, 10 Mar 2015, Benjamin Reed wrote:
On 3/10/15 9:31 AM, Alexander Bokovoy wrote:
Are you following these instructions?
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html
Aha! No.
@Martin Basti that was it. Thanks so much for the assistance.
@Petr Spacek also thanks for the reply also. I failed to provide some
rather important information that you mentioned.
Thanks all for your the help.
On Tue, Mar 10, 2015 at 1:35 AM, Petr Spacek pspa...@redhat.com wrote:
Hello!
Dmitri Pal wrote:
On 03/10/2015 10:22 AM, Rob Crittenden wrote:
K SHK wrote:
hi,
My hortonworks hadoop cluster is keberized with FreeIPA and works
splendid :)
I want to clarify if SSL authentication with out a login/password will
work against FreeIPA...
ie. client connects to apache
I was told the GoDaddy certs were just imported using certutil -a but in
looking at the certs the original certs were actually replaced. This is only in
/etc/dirsrv/slapd-REALM-COM:
Certificate Nickname Trust Attributes
On 03/10/2015 10:22 AM, Rob Crittenden wrote:
K SHK wrote:
hi,
My hortonworks hadoop cluster is keberized with FreeIPA and works
splendid :)
I want to clarify if SSL authentication with out a login/password will
work against FreeIPA...
ie. client connects to apache webserver over SSL, and
On Fri, Mar 6, 2015 at 1:53 PM, Martin Kosek mko...@redhat.com wrote:
On 03/06/2015 05:59 PM, Dan Mossor wrote:
IT WORKS! WOOT!
In the steps of researching a small issue on another hypervisor, I
discovered
that my underlying network, while operational, was not properly
configured. The
On Tue, 10 Mar 2015, Traiano Welcome wrote:
Hi Alexander
On Tue, Mar 10, 2015 at 12:08 PM, Alexander Bokovoy aboko...@redhat.com wrote:
On Tue, 10 Mar 2015, Traiano Welcome wrote:
However, I'm still not able to authenticate via the ssh-sssd path (I
cn get kerberos tickets for ad users via
Hi all,
I'm new to freeIPA and I'm researching how freeIPA bassically work. How
does this looks like from the perspective of the end user.
Can you please confirm or correct my knowledge about freeIPA functioning.
Let assume we have a mixed environment of five freeIPA servers which are
On Mon, Mar 9, 2015 at 2:45 PM, Alexander Bokovoy aboko...@redhat.com
wrote:
On Mon, 09 Mar 2015, Ben Slusky wrote:
Greetings FreeIPA users,
I'm setting up FreeIPA service in our production environment to replace
several different authentication methods for various systems. I'm trying
to
On 03/10/2015 01:19 PM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 03/10/2015 10:22 AM, Rob Crittenden wrote:
K SHK wrote:
hi,
My hortonworks hadoop cluster is keberized with FreeIPA and works
splendid :)
I want to clarify if SSL authentication with out a login/password will
work against
On 03/10/2015 02:39 PM, Robert Erzen wrote:
Hi all,
I'm new to freeIPA and I'm researching how freeIPA bassically work.
How does this looks like from the perspective of the end user.
Can you please confirm or correct my knowledge about freeIPA functioning.
Let assume we have a mixed
Hello!
First of all, what version of FreeIPA do you use? FreeIPA 4.1.what?
On 9.3.2015 19:18, Matt Wells wrote:
I'm getting some errors on a DNS Zone that I'm attempting to create.
My systems reside within a sub-domain of example.com.
(xyz.example.com)
Of course example.com is the internet
On 09/03/15 19:18, Matt Wells wrote:
I'm getting some errors on a DNS Zone that I'm attempting to create.
My systems reside within a sub-domain of example.com.
(xyz.example.com)
Of course example.com is the internet address, but I want to host the
internal example.com so we're able to point to
On Mon, Mar 09, 2015 at 08:27:05PM -0400, Dmitri Pal wrote:
On 03/09/2015 03:40 PM, Jakub Hrozek wrote:
On Mon, Mar 09, 2015 at 02:58:14PM -0400, Dmitri Pal wrote:
On 03/09/2015 02:29 PM, Traiano Welcome wrote:
Hi Alexander
Thanks for the response:
On Mon, Mar 9, 2015 at 8:04 PM,
On Mon, Mar 9, 2015 at 9:49 PM, Alexander Bokovoy aboko...@redhat.com wrote:
On Mon, 09 Mar 2015, Traiano Welcome wrote:
Hi Alexander
Thanks for the response:
On Mon, Mar 9, 2015 at 8:04 PM, Alexander Bokovoy aboko...@redhat.com
wrote:
On Mon, 09 Mar 2015, Traiano Welcome wrote:
Hi
26 matches
Mail list logo