On Wed, Mar 23, 2016 at 04:37:43PM +1100, a.fed...@earsdown.com
wrote:
> Some excellent points, and thank you for being open to having the
> conversation - I know you don't have to, and it is appreciated.
>
> > Profiles which are allowed for a host principal (representing
> > physical or virtual
Just updated to the testing on F23 and sudo does work, but it prompts
for a single password and the single user password work, OTP is not
needed or prompted.
I still need OTP when I login as my user just not on sudo, is that the
correct behavior and if so can that be changed to always require
Ignore what I said earlier :)
The issue is when I run sudo the lookup appears to still be wanting
OTP (even though RADIUS is the only box checked for that user), no
matter what I enter it won't go past that first prompt, the request
never makes it over to my RADIUS server at all. Standard logins
I will upgrade a few machines and test this out, I just got done
making a script for RADIUS to handle OTP, I didn't see this e-mail
till now!
If Password + RADIUS are turned on for the user it looks like it's
still doing the first factor prompt, if I don't enable the password
option then a LDAP
Forgot to CC the ML. Sorry.
--
Daryl Fonseca-Holt
IST/CNS/Unix Server Team
University of Manitoba
204.480.1079
On Wed, 23 Mar 2016, Daryl Fonseca-Holt wrote:
Hi Thierry,
I have not filed a support request with RedHat for two reasons. First, it
seems that the NIS priming may not be a
Yes the cert is correct. The userCertificate field matches the output of
"certutil -L -d /etc/httpd/alias/ -n ipaCert -a" with the header and footer
removed, and the serial number matches as well albeit in decimal instead of
hex.
# ipara, people, ipaca
dn: uid=ipara,ou=people,o=ipaca
Hi Sumit,
I've trying to download the rpm via the Koji client and have been unable
to locate package. Are there any extra steps I need to complete before
I can find the package, such as, create an account in Fedora Build
System. Performing a general search for SSSD only returns a list of
I'm currently running ipa-server version 4.2.0, release 15.el7_2.6 on a
RHEL 7.2 server.
When a user **not** in the "admins" group tries searching for a user, they
receive "No entries." In the WebUI, this happens on the "Active users" page
or when trying to add a user to a group, role, etc. It
On 03/23/2016 03:50 PM, Sam James wrote:
Hello everyone,
I've been banging my head against the wall for a few days now trying to resolve
an issue with PKI and I'm hoping I might get some help. First some context.
About a week ago I was alerted that all of our replicas were offline due to
Hello everyone,
I've been banging my head against the wall for a few days now trying to
resolve an issue with PKI and I'm hoping I might get some help. First some
context.
About a week ago I was alerted that all of our replicas were offline due to
pki-tomcatd not starting. Futher investigation
Some excellent points, and thank you for being open to having the conversation
- I know you don't have to, and it is appreciated.
> Profiles which are allowed for a host principal (representing
> physical or virtual machines) are not necessarily the same profiles
> that should be used for
Actually - it looks like this is working. I think I had something cached on
the Windows client that I was testing from.
Thanks for the help.
> -Original Message-
> From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
> boun...@redhat.com] On Behalf Of Baird, Josh
> Sent:
Justin,
@ad_admins is an AD group, correct (not a POSIX group), correct? I still
cannot get this working. Home directory shares are working fine.
(apologies for the broken threading - I don't think I received your message for
some reason)
Thanks,
Josh
> -Original Message-
From:
On Wed, 23 Mar 2016, Sotiris Tsimbonis wrote:
Hi all,
I'm trying to migrate into freeipa some users and groups from an old
ldap server I've inherited. But migrate-ds fails to import groups inside
usergroups, is believes they are users and imports them wrongly..
trying to migrate with command:
Hi all,
I'm trying to migrate into freeipa some users and groups from an old
ldap server I've inherited. But migrate-ds fails to import groups inside
usergroups, is believes they are users and imports them wrongly..
trying to migrate with command:
ipa migrate-ds
On 03/21/2016 06:56 PM, Rob Crittenden wrote:
> Bob wrote:
>> If each IPA server tracks time of last auth independently, then one ipa
>> server might disable an inactive account. But that account might be
>> active on another servers. In a fail over case where the server that
>> that account
On 23.3.2016 10:50, Troels Hansen wrote:
>
>>
>> # LIFX Bulb, casalogic.lan, dns, casalogic.lan
>> dn: idnsName=LIFX Bulb,idnsname=casalogic.lan,cn=dns,dc=casalogic,dc=lan
>> dNSTTL: 1800
>> tXTRecord: "009143ca16c9890339c7ec33825e0da5ce"
>> aRecord: 192.168.20.252
>> objectClass: idnsRecord
>>
>
> # LIFX Bulb, casalogic.lan, dns, casalogic.lan
> dn: idnsName=LIFX Bulb,idnsname=casalogic.lan,cn=dns,dc=casalogic,dc=lan
> dNSTTL: 1800
> tXTRecord: "009143ca16c9890339c7ec33825e0da5ce"
> aRecord: 192.168.20.252
> objectClass: idnsRecord
> objectClass: top
> idnsName: LIFX Bulb
Which
- On Mar 23, 2016, at 10:37 AM, Petr Spacek pspa...@redhat.com wrote:
>
> Interesting, I'm curious how the data in LDAP look like.
>
> Please run ldapsearch command similar to this:
>
> $ ldapsearch -Y GSSAPI -b 'cn=dns,dc=example,dc=com' '(idnsName=*LIFX*)'
>
# LIFX Bulb,
On (22/03/16 10:06), Brad Bendy wrote:
>Im having some issues applying these patches with dependencies. But on
>a side note, this needs to be applied to the client machines as well
>the IPA server itself, correct?
>
I pushed related sudo patches to fedora yesterday.
They are in updates-testing
20 matches
Mail list logo
