Dear all,
Seeking your kind advices.
If the requirement is for having a scalable corporate CA only, is it
possible to get this requirement fulfilled with DogTag only, or install
FreeIPA and use the CA functionality only.
What are the functional differences and support limitations?
Thanks
When attempting to run ipa-replica-install I get a python error, No
module named ssl_match_hostname
This is on a CentOS 7.2 x86_64 testing box.
All available updates including kernel installed, and system rebooted
same day. Same error before and after patching and reboot.
Let me know if you
Hmm, ok. In that case, I guess I need to rethink my setup. Thanks again for
all your help!
Kind regards,
Guy
On 10 August 2016 at 14:46, Justin Stephenson wrote:
> On 08/10/2016 05:19 PM, Guy Knights wrote:
>
> Ok, I increased the debug level as you recommended and it's
On 08/10/2016 05:19 PM, Guy Knights wrote:
Ok, I increased the debug level as you recommended and it's given me a
lot of useful info. Before I go any further trying to troubleshoot
that mass of info on this mailing list though, I would like to double
check something I came across. In the debug
Ok, I increased the debug level as you recommended and it's given me a lot
of useful info. Before I go any further trying to troubleshoot that mass of
info on this mailing list though, I would like to double check something I
came across. In the debug output I noticed this line:
"No ccache file
Something declarative which can be version controlled and considered a
"source of truth" and driven from configuration management (chef,
puppet, ansible - whatever your flavor)
A scheme to reconcile account properties, group memberships,
permissions, etc... I could see how this would be a
Jeff Goddard wrote:
Sean,
Thanks for the reply. I don't think that's my problem but I'm posting a
redacted copy of the sssd.conf file for review below.
I'd start here: https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
rob
--
Manage your subscription for the Freeipa-users mailing
Sean,
Thanks for the reply. I don't think that's my problem but I'm posting a
redacted copy of the sssd.conf file for review below.
[domain/domain.com]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = domain.com
id_provider = ipa
auth_provider = ipa
access_provider =
Not sure it is the same as 14.X but I had to add the sudo in the list of
services to sssd.conf as it was not put in by default. I am by no means an
expert on it but my own personal experience with 14.x
Sean Hogan
From: Jeff Goddard
To:
I've got a freeipa domain and many centos 7.2 clients. I also have a sudo
rule that allows member of the developer group sudo rights on virtual
servers in the "development" group. This works great on the centos servers.
However, I recently set up 3 ubuntu boxes, and added them to the IPA domain
On 09.08.2016 23:04, Larry Rosen wrote:
This user was locked out due to Max Failure policy = 5
If they’re supposed to be replicas, why the different status?
[root@il10 ~]# ipa user-status lramey
---
Account disabled: False
---
Server:
This user was locked out due to Max Failure policy = 5
If they're supposed to be replicas, why the different status?
[root@il10 ~]# ipa user-status lramey
---
Account disabled: False
---
Server: ipa-idm-01.ipajdr.local
Failed logins: 0
Last
> Date: Wed, 10 Aug 2016 09:02:29 +0200
> From: Petr Spacek
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] FreeIPA Session Management (WebUI,
> Kerberos, ...?)
> Message-ID:
> Content-Type: text/plain;
On Wed, Aug 10, 2016 at 5:27 AM, Jan Pazdziora
wrote:
> On Tue, Aug 09, 2016 at 03:37:35PM -0400, Joe Thielen wrote:
> >
> > For example, let's say "joe" logs in to the WebUI (OR another web app
> tied
> > to FreeIPA). Now, on another computer, "admin" logs into the
On Tue, Aug 09, 2016 at 03:37:35PM -0400, Joe Thielen wrote:
>
> For example, let's say "joe" logs in to the WebUI (OR another web app tied
> to FreeIPA). Now, on another computer, "admin" logs into the WebUI. Can
> admin have a way to see that "joe" logged in, and, if need be, kill Joe's
>
Hi Josh,
depending on your IPA version, you may consider using
ipa-server-certinstall and ipa-certupdate.
ipa-server-certinstall can be used to install a new certificate for
Apache/LDAP servers, and ipa-certupdate to update the NSS DBs with the
CA certificates found in the LDAP server.
On 9.8.2016 21:37, Joe Thielen wrote:
> First off, let me say THANK YOU to all of you who've helped make FreeIPA
> what it is. I think it's a fantastic project and it's amazing what it has
> achieved.
>
> Second off, I'm still quite new to FreeIPA, especially the internals. This
> includes
17 matches
Mail list logo