Re: [Freeipa-users] Help regarding SUDo rule implementation

2016-05-01 Thread Ben .T.George
HI All sudo rules got worked .actually i tried after 6 hours, what is the default time to get affect this rule affect normally, is there any way to manually pull changes from client? Regards, Ben On Sun, May 1, 2016 at 11:46 PM, Ben .T.George wrote: > HI > > i have a

Re: [Freeipa-users] Account/password expirations

2016-05-01 Thread Prasun Gera
It turns out that this was a permissions issue. Everything works now. Thanks. On Sat, Apr 30, 2016 at 11:26 PM, Prasun Gera wrote: > Ah, this doesn't work on ubuntu (14.04). The command itself works, but > sshd on ubuntu isn't probably compiled with support for this

Re: [Freeipa-users] ipa-client password authentication failed

2016-05-01 Thread siology.io
That plugins.py file does exist, but it's totally empty. And yes, all i get on the browser is an empty white screen window, On 30 April 2016 at 02:20, Petr Vobornik wrote: > On 04/29/2016 12:44 AM, siology.io wrote: > > On a clean centos 7 VM, after installation of

[Freeipa-users] Help regarding SUDo rule implementation

2016-05-01 Thread Ben .T.George
HI i have a working setup of FreeIPA 4.3 with AD integrated, I can able to apply HBAC rules and from client side it's working. how can i apply sudo rules to that specific POSIX group. i have created sample rue and added 2 commands put option as !authenticate and attached this rule to client,

Re: [Freeipa-users] is it possible to use 'ipa-replica' to sync userbetween different suffix AD and IPA domain?

2016-05-01 Thread Petr Vobornik
On 04/28/2016 05:30 PM, Matrix wrote: > Hi, Petr > > Thanks for your quickly reply. > > I want to integrated linux servers with existed AD, centralized manage > HBAC/Sudo > rules. > > So i have setup a standalone IPA server with domain 'example.net', trying to > sync users from existed AD to

Re: [Freeipa-users] Unexpiring user passwords

2016-05-01 Thread Natxo Asenjo
On Sun, May 1, 2016 at 4:53 AM, Joshua J. Kugler wrote: > We have a situation where the passwords in FreeIPA need to be synchronized > with another system in the company (a database of users, which is the > authoritative source for users and passwords). But, from what I

Re: [Freeipa-users] Unexpiring user passwords

2016-05-01 Thread Rob Crittenden
Joshua J. Kugler wrote: I have read this page http://www.freeipa.org/page/New_Passwords_Expired Aside from the fact that the decision should have been left to the company and their policies, and violates the tenant that software should have sane defaults while leaving flexibility to the user,

[Freeipa-users] Unexpiring user passwords

2016-05-01 Thread Joshua J. Kugler
I have read this page http://www.freeipa.org/page/New_Passwords_Expired Aside from the fact that the decision should have been left to the company and their policies, and violates the tenant that software should have sane defaults while leaving flexibility to the user, I'm wondering if you can

Re: [Freeipa-users] AD Trust failed with 'CIFS server configurationdoes not allow access to \\pipe\lsarpc'

2016-05-01 Thread Alexander Bokovoy
On Sun, 01 May 2016, Matrix wrote: Hi, Alexander log from /var/log/httpd/error_log lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty Processing section "[global]" INFO: Current debug levels: all: 100 tdb: 100 printdrivers: 100 lanman: 100 smb: 100 rpc_parse: 100

Re: [Freeipa-users] AD Trust failed with 'CIFS server configurationdoes not allow access to \\pipe\lsarpc'

2016-05-01 Thread Matrix
Hi, Alexander log from /var/log/httpd/error_log lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty Processing section "[global]" INFO: Current debug levels: all: 100 tdb: 100 printdrivers: 100 lanman: 100 smb: 100 rpc_parse: 100 rpc_srv: 100 rpc_cli: 100

Re: [Freeipa-users] AD Trust failed with 'CIFS server configuration does not allow access to \\pipe\lsarpc'

2016-05-01 Thread Alexander Bokovoy
On Sun, 01 May 2016, Matrix wrote: Hi, list I am trying to setup an integration env between IPA and AD Window 2012 R2. Below error occurred while running "# echo 'RedHat1!' | ipa trust-add --type=ad examplemedia.net --admin Administrator --password" # echo 'RedHat1!' | ipa trust-add

[Freeipa-users] dnsforwardzone-add giving error

2016-05-01 Thread Ben .T.George
HI LIst, i dont; know how to explain this issue. I was trying IPA 4.3.1 while adding DNS, i am getting below error [root@global tmp]# ipa dnsforwardzone-add kwttestdc.com.kw --forwarder=192.168.37.131 --forward-policy=only Server will check DNS forwarder(s). This may take some time, please wait

Re: [Freeipa-users] dnsforwardzone-add giving error

2016-05-01 Thread Ben .T.George
HI After reboot i tried the same command and i got below error [root@global ~]# ipa dnsforwardzone-add kwttestdc.com.kw --forwarder=192.168.37.131 --forward-policy=only Server will check DNS forwarder(s). This may take some time, please wait ... ipa: ERROR: DNS check for domain kwttestdc.com.kw.

[Freeipa-users] AD Trust failed with 'CIFS server configuration does not allow access to \\pipe\lsarpc'

2016-05-01 Thread Matrix
Hi, list I am trying to setup an integration env between IPA and AD Window 2012 R2. Below error occurred while running "# echo 'RedHat1!' | ipa trust-add --type=ad examplemedia.net --admin Administrator --password" # echo 'RedHat1!' | ipa trust-add --type=ad examplemedia.net --admin

Re: [Freeipa-users] From where can i get repo details for FreeIPA 4.3.1 version

2016-05-01 Thread Ben .T.George
Hi All, again link for IPA 4.3.1 is offline https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-3-centos-7/ On Tue, Apr 12, 2016 at 4:19 PM, Ben .T.George wrote: > Hi > > Wow.Thanks for your fast response. > > Regards > Ben > On 12 Apr 2016 16:09, "Martin