[Freeipa-users] Weird problem with DNS updates from dhcp clients

Hi all, I have installed freeipa server in a centos macning with about 70 client machines running linux mint. Since I am in a mixed enviroment my DHCP server is running in windows 2008 r2. The setup and joining the ipa domain went off without a hitch. However I now find that when the IP

Re: [Freeipa-users] U2F and ipa for ssh

On Thu, Apr 20, 2017 at 08:04:34AM -0400, Marc Boorshtein wrote: > Has anyone looked into using U2F with freeipa? My guess is you would need > a customized ssh client to interact with the device but in theory you could > just transform the users U2F public key into an ssh key. > > Marc

Re: [Freeipa-users] Chrome 58 Doesn't Trust SSL Certificates Signed by FreeIPA

On Thu, Apr 20, 2017 at 07:31:16PM -0400, Prasun Gera wrote: > I can confirm that I see this behaviour too. My ipa server install is a > pretty stock install with no 3rd party certificates. > > On Thu, Apr 20, 2017 at 5:46 PM, Simon Williams < > simon.willi...@thehelpfulcat.com> wrote: > > >

Re: [Freeipa-users] Chrome 58 Doesn't Trust SSL Certificates Signed by FreeIPA

I can confirm that I see this behaviour too. My ipa server install is a pretty stock install with no 3rd party certificates. On Thu, Apr 20, 2017 at 5:46 PM, Simon Williams < simon.willi...@thehelpfulcat.com> wrote: > Yesterday, Chrome on both my Ubuntu and Windows machines updated to > version

[Freeipa-users] Chrome 58 Doesn't Trust SSL Certificates Signed by FreeIPA

Yesterday, Chrome on both my Ubuntu and Windows machines updated to version 58.0.3029.81. It appears that this version of Chrome will not trust certificates based on Common Name. Looking at the Chrome documentation and borne out by one of the messages, from Chrome 58, the subjectAltName is

Re: [Freeipa-users] Freeipa web UI: An error has occurred (IPA Error 4302: CertificateFormatError)

Andrew Krause wrote: > Sorry for the self bump but no one has any insight on this? > > >> On Apr 17, 2017, at 11:31 AM, Andrew Krause >> wrote: >> >> Many hosts in our web ui show a null status for “enrolled”. When you do a >> search that includes any of

Re: [Freeipa-users] Freeipa web UI: An error has occurred (IPA Error 4302: CertificateFormatError)

Sorry for the self bump but no one has any insight on this? > On Apr 17, 2017, at 11:31 AM, Andrew Krause > wrote: > > Many hosts in our web ui show a null status for “enrolled”. When you do a > search that includes any of these host objects the web UI

Re: [Freeipa-users] cannot add posix group or user

On 04/20/2017 03:05 PM, Cox, Jason wrote: -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Wednesday, April 19, 2017 4:27 PM To: Cox, Jason (U.S. Person) ; freeipa- us...@redhat.com Subject: Re: [Freeipa-users] cannot add posix group or

Re: [Freeipa-users] cannot add posix group or user

Cox, Jason wrote: > >> Thank you. > Setting the id ranges manually fixed my problem. Great, glad you're up and running again. I forwarded the stack trace to the 389-ds developers, thanks for that. rob -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] cannot add posix group or user

> -Original Message- > From: Rob Crittenden [mailto:rcrit...@redhat.com] > Sent: Wednesday, April 19, 2017 4:27 PM > To: Cox, Jason (U.S. Person) ; freeipa- > us...@redhat.com > Subject: Re: [Freeipa-users] cannot add posix group or user > > Cox, Jason wrote: > > Hi

[Freeipa-users] U2F and ipa for ssh

Has anyone looked into using U2F with freeipa? My guess is you would need a customized ssh client to interact with the device but in theory you could just transform the users U2F public key into an ssh key. Marc Boorshtein CTO, Tremolo Security, Inc. -- Manage your subscription for the

Re: [Freeipa-users] oddjob_mkhomedir troubles

On 2017-04-19 13:06, Ronald Wimmer wrote: [...] as the default directory (by setting override_homedir in sssd.conf) oddjob_mkhomedir creates the user directory but I still get a permission denied when logging in for the first time. (cd /home/user works) The only thing I see in the logs

Re: [Freeipa-users] SSSD dyndns_update on machine with multiple IP address

On 19.04.2017 17:14, David Goudet wrote: On 04/19/2017 12:31 PM, Martin Bašti wrote: On 17.04.2017 19:42, David Goudet wrote: Hi, Nobody has response about my questions? The main question is: Is it possible to configure SSSD to update DNS (option dyndns_update) with only IP address