Larry Rosen wrote:
Are there any tutorials/how tos to guide how to create roles? The docs
simply go through filling out the forms, but is there any resource about
how roles are generally used and the required relationships?
This is the closest thing I have found:
Hi Alexander,
Thanks for the link. I read through it again, and I am still stuck on the
rpcgss service on the server...I don't know how to properly restart it. The
service in the documents is service nfs-secure-server enable (FC16), or
rpcsvcgssd.service (RH7), but I cannot enable using those.
I
On Fri, 01 Jul 2016, Joanna Delaporte wrote:
I am having trouble using NFSv4 via krb5 on my new IPA realm, and I am
starting to wonder if I don't have HBAC rules set up correctly. I
installed freeIPA with --no_hbac_allow.
I have an HBAC service defined as an nfs service:
$ ipa hbacsvc-add
I am having trouble using NFSv4 via krb5 on my new IPA realm, and I am
starting to wonder if I don't have HBAC rules set up correctly. I
installed freeIPA with --no_hbac_allow.
I have an HBAC service defined as an nfs service:
$ ipa hbacsvc-add --desc="NFS service" nfs
I have an HBAC rule that
Are there any tutorials/how to's to guide how to create roles? The docs simply
go through filling out the forms, but is there any resource about how roles are
generally used and the required relationships?
This is the closest thing I have found:
Which services actually need to be running for Kerberized NFS? On the
server and client sides? What needs to be enabled?
When I go through the list in the RHEL 7 Domain Auth guide (p 271), I
cannot get rpcsvcgssd.service to start. It doesn't give any errors when I
send it a start command, but
There were issues with 3rd party certs as of RHEL 7.2/4.2. If this is fixed
in 7.3, that would be great, especially for Lets Encrypt certs (even
without auto-renewal)
On Fri, Jul 1, 2016 at 5:15 AM, Andreas Ladanyi
wrote:
> Hi,
> > For the time being and as far as I can
On 01/07/16 12:41, Petr Vobornik wrote:
On 06/30/2016 04:56 PM, lejeczek wrote:
... its own FQHN and its IP ?
hi users,
I'm fiddling with rewrites but being an amateur cannot figure it out,
it's on a multi/home-IP box. Is it possible?
many thanks,
L.
Hi L.
Could you describe your
On 30/06/16 14:14, Rob Crittenden wrote:
David Kupka wrote:
On 29/06/16 19:05, Roderick Johnstone wrote:
Hi
If I set a kerberos principal for a user to expire on a given date
using:
ipa user-mod --principal-expiration=DATE
is it possible to later remove this expiration date rather than just
On Fri, Jul 01, 2016 at 01:35:41PM +0200, Günther J. Niederwimmer wrote:
>
> CentOS 7.2 IPA 4.3.1
> 1 Server (extern) with Virtual Systems (KVM) installed.
> DNSserver, Mailserver, Ipaserver,Webserver..
Is the IPA server running in a VM or on the host?
> Now we like to have our Websystem on
Hello,
Am Freitag, 1. Juli 2016, 13:43:35 CEST schrieb Petr Spacek:
> On 1.7.2016 13:35, Günther J. Niederwimmer wrote:
> > Hello,
> >
> > I am a newbie with IPA and have big Problems ;-),
> > the "normal" Installation is working nice. :-))
> >
> > But now I have a Problem ?
> >
> > CentOS 7.2
On Fri, Jul 01, 2016 at 09:00:03AM +0200, Andreas Ladanyi wrote:
> Hi Fraser.
> >>> Hi,
> >>>
> >>> i upgraded from Fedora 22 to 23 and now iam working with IPA 4.2
> >>>
> >>> When i want to start IPA with ipactl start i run into the situation
> >>> starting pki-tomcat take a long time and ipactl
On 1.7.2016 13:35, Günther J. Niederwimmer wrote:
> Hello,
>
> I am a newbie with IPA and have big Problems ;-),
> the "normal" Installation is working nice. :-))
>
> But now I have a Problem ?
>
> CentOS 7.2 IPA 4.3.1
> 1 Server (extern) with Virtual Systems (KVM) installed.
> DNSserver,
On 06/30/2016 04:56 PM, lejeczek wrote:
> ... its own FQHN and its IP ?
>
> hi users,
>
> I'm fiddling with rewrites but being an amateur cannot figure it out,
> it's on a multi/home-IP box. Is it possible?
>
> many thanks,
>
> L.
>
Hi L.
Could you describe your environment and use case in
On 30.6.2016 17:56, Christophe TREFOIS wrote:
> Hi,
>
> I am getting a bit confused about what is possible / advised to do and how to
> setup SRV records for our existing setup.
>
> Currently, it looks like his:
>
> ipa1.domain.ltd
> ipa2.domain.ltd
> ipa3.domain.ltd
>
> I believe the
On 30.6.2016 15:30, opensauce . wrote:
> Hi All,
>
> I need to store user passwords with reverse encryption for an application.
>
> I know the AES plugin is enabled and available :
>
> # AES, Password Storage Schemes, plugins, config
> dn: cn=AES,cn=Password Storage Schemes,cn=plugins,cn=config
Hello,
I am a newbie with IPA and have big Problems ;-),
the "normal" Installation is working nice. :-))
But now I have a Problem ?
CentOS 7.2 IPA 4.3.1
1 Server (extern) with Virtual Systems (KVM) installed.
DNSserver, Mailserver, Ipaserver,Webserver..
Now we like to have our Websystem on
please keep the discussion on the mailing list
On 07/01/2016 01:17 PM, Omar AKHAM wrote:
Which package to install ? ipa-debuginfo?
yes
2 other crashes last night, with a different user bind this time :
rawdn = 0x7f620003a200
"uid=XXX,cn=users,cn=accounts,dc=XXX,dc=XX"
dn =
Hi,
> For the time being and as far as I can see until IPA 4.3.1, the procedure is
> messy and difficult.
> The following thread will be a big help:
> https://www.redhat.com/archives/freeipa-users/2016-January/msg00223.html
>
> I think I succeeded at last, but further tests remain.
Is it possible
Hi Tomasz,
> On Thu, Jun 30, 2016 at 02:51:02PM +0200, Andreas Ladanyi wrote:
>> Hi,
>>
>> i upgraded from Fedora 22 to 23 and now iam working with IPA 4.2
>>
>> When i want to start IPA with ipactl start i run into the situation
>> starting pki-tomcat take a long time and ipactl aborts the
On Thu, 30 Jun 2016, pgb205 wrote:
Ben, do you mind sharing your solution as I am affected by the exact same error
when fetching AD domains.
I'm currently on vacation and don't have access to my lab, but you need
to check if there are any problems with SELinux. 'ipa
trust-fetch-domains' calls
Hi Fraser.
>>> Hi,
>>>
>>> i upgraded from Fedora 22 to 23 and now iam working with IPA 4.2
>>>
>>> When i want to start IPA with ipactl start i run into the situation
>>> starting pki-tomcat take a long time and ipactl aborts the starting
>>> process and shutdown services. So IPA doesnt start.
>>
22 matches
Mail list logo