Re: [Freeipa-users] Creating roles tutorial/how-to

Larry Rosen wrote: Are there any tutorials/how to’s to guide how to create roles? The docs simply go through filling out the forms, but is there any resource about how roles are generally used and the required relationships? This is the closest thing I have found:

Re: [Freeipa-users] HBAC rules for NFS

Hi Alexander, Thanks for the link. I read through it again, and I am still stuck on the rpcgss service on the server...I don't know how to properly restart it. The service in the documents is service nfs-secure-server enable (FC16), or rpcsvcgssd.service (RH7), but I cannot enable using those. I

Re: [Freeipa-users] HBAC rules for NFS

On Fri, 01 Jul 2016, Joanna Delaporte wrote: I am having trouble using NFSv4 via krb5 on my new IPA realm, and I am starting to wonder if I don't have HBAC rules set up correctly. I installed freeIPA with --no_hbac_allow. I have an HBAC service defined as an nfs service: $ ipa hbacsvc-add

[Freeipa-users] HBAC rules for NFS

I am having trouble using NFSv4 via krb5 on my new IPA realm, and I am starting to wonder if I don't have HBAC rules set up correctly. I installed freeIPA with --no_hbac_allow. I have an HBAC service defined as an nfs service: $ ipa hbacsvc-add --desc="NFS service" nfs I have an HBAC rule that

[Freeipa-users] Creating roles tutorial/how-to

Are there any tutorials/how to's to guide how to create roles? The docs simply go through filling out the forms, but is there any resource about how roles are generally used and the required relationships? This is the closest thing I have found:

Re: [Freeipa-users] IPA and NFSv4 with krb5 security

Which services actually need to be running for Kerberized NFS? On the server and client sides? What needs to be enabled? When I go through the list in the RHEL 7 Domain Auth guide (p 271), I cannot get rpcsvcgssd.service to start. It doesn't give any errors when I send it a start command, but

Re: [Freeipa-users] Replace with 3rd part certificates

There were issues with 3rd party certs as of RHEL 7.2/4.2. If this is fixed in 7.3, that would be great, especially for Lets Encrypt certs (even without auto-renewal) On Fri, Jul 1, 2016 at 5:15 AM, Andreas Ladanyi wrote: > Hi, > > For the time being and as far as I can

Re: [Freeipa-users] how to make fIPA stick to only...

On 01/07/16 12:41, Petr Vobornik wrote: On 06/30/2016 04:56 PM, lejeczek wrote: ... its own FQHN and its IP ? hi users, I'm fiddling with rewrites but being an amateur cannot figure it out, it's on a multi/home-IP box. Is it possible? many thanks, L. Hi L. Could you describe your

Re: [Freeipa-users] How to unset a user's kerberos principal expiration date?

On 30/06/16 14:14, Rob Crittenden wrote: David Kupka wrote: On 29/06/16 19:05, Roderick Johnstone wrote: Hi If I set a kerberos principal for a user to expire on a given date using: ipa user-mod --principal-expiration=DATE is it possible to later remove this expiration date rather than just

Re: [Freeipa-users] webmaster permission

On Fri, Jul 01, 2016 at 01:35:41PM +0200, Günther J. Niederwimmer wrote: > > CentOS 7.2 IPA 4.3.1 > 1 Server (extern) with Virtual Systems (KVM) installed. > DNSserver, Mailserver, Ipaserver,Webserver.. Is the IPA server running in a VM or on the host? > Now we like to have our Websystem on

Re: [Freeipa-users] webmaster permission

Hello, Am Freitag, 1. Juli 2016, 13:43:35 CEST schrieb Petr Spacek: > On 1.7.2016 13:35, Günther J. Niederwimmer wrote: > > Hello, > > > > I am a newbie with IPA and have big Problems ;-), > > the "normal" Installation is working nice. :-)) > > > > But now I have a Problem ? > > > > CentOS 7.2

Re: [Freeipa-users] FreeIPA doesnt start

On Fri, Jul 01, 2016 at 09:00:03AM +0200, Andreas Ladanyi wrote: > Hi Fraser. > >>> Hi, > >>> > >>> i upgraded from Fedora 22 to 23 and now iam working with IPA 4.2 > >>> > >>> When i want to start IPA with ipactl start i run into the situation > >>> starting pki-tomcat take a long time and ipactl

Re: [Freeipa-users] webmaster permission

On 1.7.2016 13:35, Günther J. Niederwimmer wrote: > Hello, > > I am a newbie with IPA and have big Problems ;-), > the "normal" Installation is working nice. :-)) > > But now I have a Problem ? > > CentOS 7.2 IPA 4.3.1 > 1 Server (extern) with Virtual Systems (KVM) installed. > DNSserver,

Re: [Freeipa-users] how to make fIPA stick to only...

On 06/30/2016 04:56 PM, lejeczek wrote: > ... its own FQHN and its IP ? > > hi users, > > I'm fiddling with rewrites but being an amateur cannot figure it out, > it's on a multi/home-IP box. Is it possible? > > many thanks, > > L. > Hi L. Could you describe your environment and use case in

Re: [Freeipa-users] SRV records?

On 30.6.2016 17:56, Christophe TREFOIS wrote: > Hi, > > I am getting a bit confused about what is possible / advised to do and how to > setup SRV records for our existing setup. > > Currently, it looks like his: > > ipa1.domain.ltd > ipa2.domain.ltd > ipa3.domain.ltd > > I believe the

Re: [Freeipa-users] AES reverse encryption plugin on userPassword attribute

On 30.6.2016 15:30, opensauce . wrote: > Hi All, > > I need to store user passwords with reverse encryption for an application. > > I know the AES plugin is enabled and available : > > # AES, Password Storage Schemes, plugins, config > dn: cn=AES,cn=Password Storage Schemes,cn=plugins,cn=config

[Freeipa-users] webmaster permission

Hello, I am a newbie with IPA and have big Problems ;-), the "normal" Installation is working nice. :-)) But now I have a Problem ? CentOS 7.2 IPA 4.3.1 1 Server (extern) with Virtual Systems (KVM) installed. DNSserver, Mailserver, Ipaserver,Webserver.. Now we like to have our Websystem on

Re: [Freeipa-users] FreeIPA (directory service) Crash several times a day

please keep the discussion on the mailing list On 07/01/2016 01:17 PM, Omar AKHAM wrote: Which package to install ? ipa-debuginfo? yes 2 other crashes last night, with a different user bind this time : rawdn = 0x7f620003a200 "uid=XXX,cn=users,cn=accounts,dc=XXX,dc=XX" dn =

Re: [Freeipa-users] Replace with 3rd part certificates

Hi, > For the time being and as far as I can see until IPA 4.3.1, the procedure is > messy and difficult. > The following thread will be a big help: > https://www.redhat.com/archives/freeipa-users/2016-January/msg00223.html > > I think I succeeded at last, but further tests remain. Is it possible

Re: [Freeipa-users] FreeIPA doesnt start

Hi Tomasz, > On Thu, Jun 30, 2016 at 02:51:02PM +0200, Andreas Ladanyi wrote: >> Hi, >> >> i upgraded from Fedora 22 to 23 and now iam working with IPA 4.2 >> >> When i want to start IPA with ipactl start i run into the situation >> starting pki-tomcat take a long time and ipactl aborts the

Re: [Freeipa-users] ipa trust-fetch-domains failing.

On Thu, 30 Jun 2016, pgb205 wrote: Ben, do you mind sharing your solution as I am affected by the exact same error when fetching AD domains. I'm currently on vacation and don't have access to my lab, but you need to check if there are any problems with SELinux. 'ipa trust-fetch-domains' calls

Re: [Freeipa-users] FreeIPA doesnt start

Hi Fraser. >>> Hi, >>> >>> i upgraded from Fedora 22 to 23 and now iam working with IPA 4.2 >>> >>> When i want to start IPA with ipactl start i run into the situation >>> starting pki-tomcat take a long time and ipactl aborts the starting >>> process and shutdown services. So IPA doesnt start. >>