On Wed, Feb 15, 2017 at 02:13:04PM -0500, William Muriithi wrote:
> Hello
>
> We are currently mostly using RHEL 6 on the clients but IPA is on RHEL
> 7.3. I am using Kerberos to authenticate NFS mount and its working
> fine. However, there is a lot of users who are complaining that its
> causing
Hello All,
I have managed to lose the Directory Manager password for my FreeIPA 4.4.0
instance. I've found the following documentation:
http://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html
And:
http://www.freeipa.org/page/Howto/Change_Directory_Manager_P
On Wed, Feb 15, 2017 at 02:44:18PM +0100, Troels Hansen wrote:
> The same rule works as expected if defined in the local sudoers file.
Then I guess this might be a bug..
>
> I think the problem is that secure_path in "Options" from IPA isn't taken
> into account.
options should be treated just
Hello
We are currently mostly using RHEL 6 on the clients but IPA is on RHEL
7.3. I am using Kerberos to authenticate NFS mount and its working
fine. However, there is a lot of users who are complaining that its
causing too much problems. They are all related to key expiry
I have looked at how
Hi,
I successfully set an active trust between my linux IPA domain and AD.
I added a few AD account to id views, and I can sucessfully login to my
linux machines with plain password.
Now, I added my ssh pub key to these servers and I see two kinds of
behaviour:
* I can login with the ssh p
Hi,
Is there any update on this ? I need to install 3 other instances but
I would like to know upfront if it might be a bug.
Thanks,
Matt
2017-02-14 17:59 GMT+01:00 Matt . :
> Hi Florance,
>
> Sure I can, here you go:
>
> Fedora 24
> Freeipa VERSION: 4.4.2, API_VERSION: 2.215
>
> I installed th
On ke, 15 helmi 2017, Michael Ströder wrote:
On 2017-02-15 11:51, Alexander Bokovoy wrote:
On ke, 15 helmi 2017, Gerald Zabos wrote:
Use case: external customer gets limited access and MUST NOT see our
internal users and/or other external customers.
Not seeing other users or objects is no pos
On 2017-02-15 11:51, Alexander Bokovoy wrote:
On ke, 15 helmi 2017, Gerald Zabos wrote:
Use case: external customer gets limited access and MUST NOT see our
internal users and/or other external customers.
Not seeing other users or objects is no possible with FreeIPA design.
It
is also securi
On 15.02.2017 14:10, Raul Dias wrote:
Hello,
My IPA's named daemon start to show this dyndb journal logs:
error: malformed transaction:
dyndb-ldap/ipa/master/17.10.10.in-addr.arpa/raw.jnl last serial
1484327694 != transaction first serial 1484327693
restarting it did not help.
What sh
The same rule works as expected if defined in the local sudoers file.
I think the problem is that secure_path in "Options" from IPA isn't taken into
account.
As described, if I add the path to the one i local sudoers the sudo command
from IPA works.
- On Feb 15, 2017, at 2:38 PM, Jakub Hr
On Wed, Feb 15, 2017 at 11:04:47AM +0100, Troels Hansen wrote:
> Hi there
>
> We have a strange problem...
>
> We're trying to override options in sudo rules from IPA, in this case
> secure_path:
>
> sudo -ll reports:
>
> RunAsUsers: root
> Options: requiretty, lecture=always, timesta
Hello,
My IPA's named daemon start to show this dyndb journal logs:
error: malformed transaction:
dyndb-ldap/ipa/master/17.10.10.in-addr.arpa/raw.jnl last serial
1484327694 != transaction first serial 1484327693
restarting it did not help.
What should I do?
Thanks
-rsd
--
Manage your s
On 15/02/2017 13:52, Alexander Bokovoy wrote:
> On ke, 15 helmi 2017, Jens Timmerman wrote:
>> Hi Martin,
>>
>>
>> On 15/02/2017 12:27, Martin Basti wrote:
>>>
>>>
>>>
>>> On 15.02.2017 10:57, Dimitris Beletsiotis wrote:
Hello,
Despite the documentation that says that we can use $
On ke, 15 helmi 2017, Jens Timmerman wrote:
Hi Martin,
On 15/02/2017 12:27, Martin Basti wrote:
On 15.02.2017 10:57, Dimitris Beletsiotis wrote:
Hello,
Despite the documentation that says that we can use $ in "group
names" the web gui does not allow it, pls see attached.
Is there some opt
Hi Martin,
On 15/02/2017 12:27, Martin Basti wrote:
>
>
>
> On 15.02.2017 10:57, Dimitris Beletsiotis wrote:
>> Hello,
>>
>> Despite the documentation that says that we can use $ in "group
>> names" the web gui does not allow it, pls see attached.
>> Is there some option to enable this?
>>
>> Tha
On 02/15/2017 10:57 AM, Dimitris Beletsiotis wrote:
Hello,
Despite the documentation that says that we can use $ in "group names"
the web gui does not allow it, pls see attached.
Is there some option to enable this?
Thanks,
Dimitris Beletsiotis
The IdM documentation states that dollar sign
Hello,
I've done a fresh install of a Centos7 container and the problem was seen again.
The lxc build installed the files as described within the enclosed txt file.
For versions:
# yum --showduplicates list ipa-client ipa-client-common ipa-common
python2-ipalib python2-ipaclient
Installed Pack
Hello Alexander,
> Not seeing other users or objects is no possible with FreeIPA design. It is
> also security through obscurity and doesn't really contribute anything.
> You should be looking at proper permissions/roles to confine what bob and
> others could actually do, not see.
> I have pra
On 15.02.2017 10:57, Dimitris Beletsiotis wrote:
Hello,
Despite the documentation that says that we can use $ in "group names"
the web gui does not allow it, pls see attached.
Is there some option to enable this?
Thanks,
Dimitris Beletsiotis
Hello,
I checked the code and '$' can be used
On ke, 15 helmi 2017, Gerald Zabos wrote:
Hello all,
after setting up a productive IPA 4.4 environment with eight nodes (master
+ replicas) on four different locations everything works well. Good job,
guys.
I am tinkering around with user management and prepared an example setup:
- create one
Hello all,
after setting up a productive IPA 4.4 environment with eight nodes (master
+ replicas) on four different locations everything works well. Good job,
guys.
I am tinkering around with user management and prepared an example setup:
- create one supervisor user (bob)
- create four team use
Hi there
We have a strange problem...
We're trying to override options in sudo rules from IPA, in this case
secure_path:
sudo -ll reports:
RunAsUsers: root
Options: requiretty, lecture=always, timestamp_timeout=0, !authenticate,
secure_path=/bin:/usr/bin:/usr/local/bin
Commands:
st
Hello,
Despite the documentation that says that we can use $ in "group names"
the web gui does not allow it, pls see attached.
Is there some option to enable this?
Thanks,
Dimitris Beletsiotis
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listi
On (14/02/17 20:06), Nuno Higgs wrote:
>Hello all,
>
>I will reproduce the issue tomorrow morning on a fresh LXC container.
>For the sestatus:
>
># sestatus
>SELinux status: disabled
>
>That isnt surprising for the host is not se-enabled, or even a RHEL/CentOS.
>The underlining dis
24 matches
Mail list logo