Re: [Freeipa-users] IPA, autofs, kerberos

2015-12-11 Thread Cal Sawyer
Hi Let me update that last post. After setting authrequired=no in /etc/autofs_ldap_auth.conf, automount comes right up on reboot However, given CentOS6 clients using ipa-client-3.0.0-47.el6 and IPA server 4.1.0, what is the highest /secure/ level i can achieve without manually intervening?

Re: [Freeipa-users] Service Accounts via IPA

2015-12-11 Thread Redmond, Stacy
No, that does not even allow su – unless you add the –s /bin/bash or some valid shell. I did try a few of these, generally I just put a ! I front of the password locally, but since these exist in ldap now instead, not sure that is an option. From: Nicola Canepa [mailto:canep...@mmfg.it] Sent:

Re: [Freeipa-users] Any recent guides for Postfix and IPA integration?

2015-12-11 Thread Natxo Asenjo
hi Ranbir, On Fri, Dec 11, 2015 at 9:29 PM, Ranbir wrote: > Hi All, > > I want to integrate my Postfix server with IPA. I've found a couple of > documents on how this can be done, but they don't accomplish the feat > the same way (they're also not discussing the

Re: [Freeipa-users] Any recent guides for Postfix and IPA integration?

2015-12-11 Thread Martin Štefany
Hello Ranbir, I'm working on this, even today I was putting more things together. (That DRAFT is really uncommented version of what I currently have). And I've opened also https://fedorahosted.org/freeipa/ticket/5521 to get a bit more out of it. To sum it up what I've put together: - Postfix for

[Freeipa-users] Clean up DNS Host Cert and other records from IPA

2015-12-11 Thread Andrey Ptashnik
Hello Team, We have many servers in our environment that are on a different stage of their lifecycle. All of them are added to IPA domain. There are cases when servers gets moved, sometimes crash, sometimes are being rebuild or decommissioned. In those cases we need to completely remove server

Re: [Freeipa-users] Service Accounts via IPA

2015-12-11 Thread Marc Boorshtein
I do the same thing on most deployments. I usually just assign a large random password to the service account. Marc Boorshtein CTO, Tremolo Security, Inc. On Dec 11, 2015 12:15 PM, "Redmond, Stacy" wrote: > No, that does not even allow su – unless you add the –s

Re: [Freeipa-users] Service Accounts via IPA

2015-12-11 Thread Redmond, Stacy
That is probably what I will end up doing, thanks for all the input so far. From: Marc Boorshtein [mailto:marc.boorsht...@tremolosecurity.com] Sent: Friday, December 11, 2015 9:49 AM To: Redmond, Stacy Cc: freeipa-users; Nicola Canepa Subject: Re: [Freeipa-users] Service Accounts via IPA ** BSCA

[Freeipa-users] Any recent guides for Postfix and IPA integration?

2015-12-11 Thread Ranbir
Hi All, I want to integrate my Postfix server with IPA. I've found a couple of documents on how this can be done, but they don't accomplish the feat the same way (they're also not discussing the exact same end goal). I'm left wondering how exactly to integrate IPA and Postfix. For reference: