HI,
thanks for your information. I have validated logs.
i destroyed the current kerberos ticket and re-initiated, then the issue
solved.
Regards,
Ben
On Tue, Dec 20, 2016 at 2:24 PM, Jakub Hrozek wrote:
> On Tue, Dec 20, 2016 at 01:19:15PM +0300, Ben .T.George wrote:
> >
On 20.12.2016 12:41, Brian J. Murrell wrote:
> On Tue, 2016-12-20 at 11:55 +0100, Martin Basti wrote:
>>
>> So there are actually no issues with credentials, it needs more
>> debugging, in past we have similar case but we haven't found the
>> root
>> cause why it doesn't have the right
hello list,
I tried to search for answer, but not solution come up yet. please help.
the setup with multiple nodes has IPA version:
ipa-server-4.1.0-18.el7.centos.4.x86_64
after adding a replication with an old node, replicaiton conflict occured.
node104
dn:
Alexander Bokovoy writes:
>>* sssd has a default kerberos timeout of six seconds.
>> Can be changed in /etc/sssd/sssd.conf: krb5_auth_timeout,
>> which also seems to work for auth_provider = ipa, but is not
>> documented in sssd-ipa(5).
> sssd-ipa(5) says:
>
>
On ti, 20 joulu 2016, Jochen Hein wrote:
Alexander Bokovoy writes:
1. KDC to ipa-otd: this can be changed in
/var/kerberos/krb5kdc/kdc.conf. I think the timeout should be larger
then the (largest) second timeout - and I think retries=0 is best.
This is for communication
Alexander Bokovoy writes:
>>1. KDC to ipa-otd: this can be changed in
>>/var/kerberos/krb5kdc/kdc.conf. I think the timeout should be larger
>>then the (largest) second timeout - and I think retries=0 is best.
>>This is for communication between KDC and ipa-otd.
>>
>>2.
Hello,
Need some help installing replica - FREEIPA on Centos 7. My networking is run,
DNS is up on the master IPA all ports are opened. But I can't isolate the
problem. Any help?
-- Error:
The ipa-replica-install command failed, exception: SystemExit: Connection check
failed!
Please fix
Thanks for getting back to me.
getcert list | grep expires shows dates years in the future for all
certificates
[image: Inline-Bild 1]
ipactl start --force
Eventually the system started with:
Forced start, ignoring pki-tomcatd Service, continuing normal
operations.
systemctl status ipa
On 12/16/2016 03:54 PM, Florence Blanc-Renaud wrote:
On 12/15/2016 08:01 PM, beeth beeth wrote:
Hi Flo,
That's a good point! I checked the dirsrv certificate and confirmed
valid(good until later next year).
Since I had no problem to enroll another new IPA client(RHEL7 box
instead of RHEL6) to
On Tue, 2016-12-20 at 11:55 +0100, Martin Basti wrote:
>
> So there are actually no issues with credentials, it needs more
> debugging, in past we have similar case but we haven't found the
> root
> cause why it doesn't have the right credentials after kinit.
So, to be clear, all I did was
On Tue, Dec 20, 2016 at 01:19:15PM +0300, Ben .T.George wrote:
> Hi List,
>
> please help me to implement sudo rules.
>
> i have did below steps and still not working for me.
>
> 1. created "Sudo Command Groups"
> 2. Added some command (/bin/yum) and included in sudo group
> 3. created "sudo
On 12/20/2016 10:58 AM, nirajkumar.si...@accenture.com wrote:
> Hi FreeIPA Team,
>
> We have performed installation of FreeIPA Master Server and Client Server. We
> are successful with user creation with home directory and sudo configuration.
>
> Regarding Authentication we have some questions:
On 19.12.2016 21:24, Brian J. Murrell wrote:
On Mon, 2016-12-19 at 17:26 +0100, Martin Basti wrote:
On 19.12.2016 13:19, Brian J. Murrell wrote:
On Mon, 2016-12-19 at 09:42 +0100, Martin Basti wrote:
Hello,
could you recheck with SElinux in permissive mode?
Yeah, still happens even after
On 12/19/2016 07:15 PM, Daniel Schimpfoessl wrote:
Good day and happy holidays,
I have been running a freeIPA instance for a few years and been very
happy. Recently the certificate expired and I updated it using the
documented methods. At first all seemed fine. Added a Nagios monitor for
the
Hi List,
please help me to implement sudo rules.
i have did below steps and still not working for me.
1. created "Sudo Command Groups"
2. Added some command (/bin/yum) and included in sudo group
3. created "sudo Rule" on that
* added sudo Option as "!authenticate"
* Added User Group.
Hi FreeIPA Team,
We have performed installation of FreeIPA Master Server and Client Server. We
are successful with user creation with home directory and sudo configuration.
Regarding Authentication we have some questions:
1. Can we implement authorized key authentication for these
Hello Mike,
the safest way is to create a WebUI plugin.
Several examples of plugins can be found here:
https://pvoborni.fedorapeople.org/plugins/ . I recommend to look at
loginauth. And here is documentation about plugins:
https://pvoborni.fedorapeople.org/doc/#!/guide/Plugins
On
Good day and happy holidays,
I have been running a freeIPA instance for a few years and been very happy.
Recently the certificate expired and I updated it using the documented
methods. At first all seemed fine. Added a Nagios monitor for the
certificate expiration and restarted the server (single
On 8.12.2016 10:12, Pieter Nagel wrote:
> On Thu, Dec 8, 2016 at 10:59 AM, Alexander Bokovoy
> wrote:
>
>> It is really simply: your DNS domain named as your Kerberos realm must
>> be under your control, one way or another, to allow automatic discovery
>> of resources to
19 matches
Mail list logo