Re: [Freeipa-users] Mac OS X 10.12 Smart card authentication to FreeIPA server.

2016-11-30 Thread Daly, John L CIV NAVAIR, 4G0000D
Hi Sumit. Here's an example of a user that works with smartcard authentication to an Open Directory server. the key is the ;pubkeyhash; in authentication authority. in 10.12 it's the ;tokenidenity; that does it. Thank you, John __ dsAttrTypeNative:objectClass:

Re: [Freeipa-users] ipa-replica-install failing, dirsrv not starting properly during install process

2016-11-30 Thread Florence Blanc-Renaud
On 11/30/2016 03:27 PM, David Dejaeghere wrote: Hi, The Pki service is running and I cannot find any issues with it. I can run a curl request to the master hostname on port 8443 and communication works fine. Any other idea why this replica install code would fail and log CA_UNREACHABLE? Hi,

Re: [Freeipa-users] OTP Algorithm

2016-11-30 Thread Callum Guy
Hi David, I can confirm that using FreeOTP resolves the problem for me. What a frustration, I am surprised that Google wouldn't add support beyond SHA1 - perhaps a notice on the OTP documentation page would help others in this situation. Thank you so much for your assistance and links to

Re: [Freeipa-users] ipa-replica-install failing, dirsrv not starting properly during install process

2016-11-30 Thread David Dejaeghere
Hi, The Pki service is running and I cannot find any issues with it. I can run a curl request to the master hostname on port 8443 and communication works fine. Any other idea why this replica install code would fail and log CA_UNREACHABLE? Regards, David 2016-11-29 22:16 GMT+01:00 Florence

Re: [Freeipa-users] attempting to Import Local Accounts into FreeIPA Server on Fedora 25: ipa: ERROR: Could not get User login interactively

2016-11-30 Thread Rob Crittenden
Standa Laznicka wrote: > On 11/29/2016 09:35 PM, Robert Kudyba wrote: >> >>> On Nov 29, 2016, at 11:37 AM, Rob Crittenden >> > wrote: >>> >>> Robert Kudyba wrote: I知 trying to use the script posted on

Re: [Freeipa-users] OTP Algorithm

2016-11-30 Thread David Kupka
On 30/11/16 10:13, David Kupka wrote: On 29/11/16 12:57, Callum Guy wrote: Hi Alexander, I can confirm that I am using version 4.2.0. The bug link provided mentions that it caused GA to fail to scan the codes. In my situation it is FreeIPA (or related service) which appears to fail to

Re: [Freeipa-users] Mac OS X 10.12 Smart card authentication to FreeIPA server.

2016-11-30 Thread Sumit Bose
On Tue, Nov 29, 2016 at 06:21:11PM +, Daly, John L CIV NAVAIR, 4GD wrote: > Greetings, > I thumbed through the archive, but didn't find an answer. If I missed it, > perhaps someone will be kind enough to point me in the right direction. > > I'm testing replacing our OpenDirectory