Re: [Freeipa-users] Spam

to be more precise, a few minutes after I post, and a few seconds after I get the mail with my post from freeipa-users From: Christopher Lamb/Switzerland/IBM@IBMCH To: "freeipa-users@redhat.com" <Freeipa-users@redhat.com> Date: 17/05/2017 06:26 Subject:Re: [Fre

Re: [Freeipa-users] Spam

: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- С уважением Дудин Андрей[attachment "graycol.gif" deleted by Christopher Lamb/Switzerland/IBM] -- Manage your subscription for the Freeipa-users mailing list: https://www.r

Re: [Freeipa-users] Kerberos clients, service tickets, and client to KDC interaction

/43786908/java-gss-api-service-ticket-not-saved-in-credentials-cache-using-java thanks Chris From: Simo Sorce <s...@redhat.com> To: Christopher Lamb/Switzerland/IBM@IBMCH, freeipa-users@redhat.com Date: 05/05/2017 11:40 Subject:Re: [Freeipa-users] Kerberos c

[Freeipa-users] Kerberos clients, service tickets, and client to KDC interaction

Hi All Is the following statement correct? "If a kerberos client (e.g. a FreeIPA client) holds a service ticket to a service principal in its credentials cache, it no longer needs to interact with the KDC to access the service (assuming the ticket is still valid). i.e. if a kerberos client is

Re: [Freeipa-users] IPA, Samba and how can a Windows client access it

Habicht | D-30167 Hannover +49 511 76219662 habi...@ims.uni-hannover.de + Handy+49 172 5415752 --- Am 16.06.2016 um 12:52 schrieb Christopher Lamb < christopher.l...@ch.ibm.com>: Hi Detlev If I have understood you correctl

Re: [Freeipa-users] IPA, Samba and how can a Windows client access it

Hi Detlev If I have understood you correctly, you want to let Windows users access Samba "shares" using their IPA username/passwords? If so it is possible. We have both Windows and OSX workstations accessing unix fileshares like that. We did it more or less along the lines described here:

Re: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount

LDAP "tree" (and even if required to manually edit objects ) Chris From: Jeff Goddard <jgodd...@emerlyn.com> To: Christopher Lamb/Switzerland/IBM@IBMCH Cc: freeipa-users@redhat.com Date: 18.03.2016 16:43 Subject:Re: [Freeipa-users] Troub

Re: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount

Hi Jeff When I last integrated FreeIPA and Samba I used ldapmodify to successfully add sambaSAMAccount and sambaGroupMapping. ldapmodify -Y GSSAPI < To: freeipa-users@redhat.com Date: 18.03.2016 16:11 Subject:[Freeipa-users] Trouble creating userobjectlass sambaSAMAccount Sent

Re: [Freeipa-users] [Centos7.2 Freeipa 4.2] browser : your session has expired

From: Alexander Bokovoy <aboko...@redhat.com> To: Christopher Lamb/Switzerland/IBM@IBMCH Cc: Petr Vobornik <pvobo...@redhat.com>, freeipa-users@redhat.com, wodel youchi <wodel.you...@gmail.com> Date: 02.02.2016 09:32 Subject:Re: [Freeipa

Re: [Freeipa-users] [Centos7.2 Freeipa 4.2] browser : your session has expired

Hi Petr I get exactly the same behaviour ever so often. We are running IPA server 4.2.0 15.0.1.el7_2.3, (though we got the same problem with earlier releases too). In my case the laptop running Firefox / FreeIPA WebUI, and the OEL Server running the IPA server have time within seconds /

[Freeipa-users] Fw: [Centos7.2 Freeipa 4.2] browser : your session has expired

Sorry, Notes is playing up, and sent the last before I could type any text! The POST /ipa/session/login_password is successful. but the POST /ipa/session/json and GET /ipa/session/login_kerberos both give 401 unathorized Chris - Forwarded by Christopher Lamb/Switzerland/IBM

Re: [Freeipa-users] Fw: [Centos7.2 Freeipa 4.2] browser : your session has expired

p to date and there is no (significant) clock skew (freeipa-users thread) --> no clock skew Search for any related errors in /var/log/httpd/error_log --> no errors today Chris From: Martin Kosek <mko...@redhat.com> To: Christopher Lamb/Switzerland/IBM@IBMCH,

Re: [Freeipa-users] Browser login to IPA "Authentication Required"prompt

>From memory (and this may have changed since) Firefox is the only supported browser for the FreeIPA WebUI. Having said that I would welcome other common browsers working (Chrome, Safari etc) From: Adam Kaczka To: Martin Kosek ,

Re: [Freeipa-users] Invalid UID in persistent keyring name while getting default cache. on OEL 7.1

yees, user account predates LDAP" with such low ids. Chris From: Christopher Lamb/Switzerland/IBM@IBMCH To: Sumit Bose <sb...@redhat.com> Cc: freeipa-users@redhat.com Date: 19.11.2015 11:20 Subject:Re: [Freeipa-users] Invalid UID in persistent keyring name

Re: [Freeipa-users] Invalid UID in persistent keyring name while getting default cache. on OEL 7.1

sfully login -->OK The 2 other users I tested with yesterday (one application user, and one real user) have ids < 1000, and therefore (on this host) cannot logon. Now I need to google further to find where this rule is configured / hidden. Cheers Chris From: Christopher Lamb/Switzerland/IB

Re: [Freeipa-users] Invalid UID in persistent keyring name while getting default cache. on OEL 7.1

. Maybe I need to do something else to change the value? Chris From: Sumit Bose <sb...@redhat.com> To: Christopher Lamb/Switzerland/IBM@IBMCH Cc: Jakub Hrozek <jhro...@redhat.com>, freeipa-users@redhat.com Date: 19.11.2015 10:38 Subject:Re: [Freeipa-users]

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

. yamakasi@gmail.com To: Youenn PIOLET piole...@gmail.com Cc: Christopher Lamb/Switzerland/IBM@IBMCH, freeipa-users@redhat.com freeipa-users@redhat.com Date: 20.08.2015 08:12 Subject:Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA HI Guys, Anyone still

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

The next route I will try - is the one Youeen took, using ipa-adtrust From: Matt . yamakasi@gmail.com To: Christopher Lamb/Switzerland/IBM@IBMCH, freeipa-users@redhat.com freeipa-users@redhat.com Date: 10.08.2015 10:03 Subject:Re: [Freeipa-users] Ubuntu Samba

Re: [Freeipa-users] FreeIPA and sambaPwdLastSet

--password Results of this test tomorrow Chris From: Alexander Bokovoy aboko...@redhat.com To: Rob Crittenden rcrit...@redhat.com Cc: Christopher Lamb/Switzerland/IBM@IBMCH, freeipa-users@redhat.com Date: 20.07.2015 15:52 Subject:Re: [Freeipa

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

From: Alexander Bokovoy aboko...@redhat.com To: Christopher Lamb/Switzerland/IBM@IBMCH Cc: Matt . yamakasi@gmail.com, freeipa-users@redhat.com freeipa-users@redhat.com Date: 07.08.2015 23:09 Subject:Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

(unless I have got completely the wrong end of the stick) requires Active Directory in the architecture. Chris From: Matt . yamakasi@gmail.com To: Youenn PIOLET piole...@gmail.com Cc: Christopher Lamb/Switzerland/IBM@IBMCH, freeipa-users@redhat.com freeipa-users

Re: [Freeipa-users] FreeIPA user ID differs

If I'd asked my customers what they wanted, they'd have said a faster horse - Henry Ford [attachment smime.p7s deleted by Christopher Lamb/Switzerland/IBM] -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

: Christopher Lamb/Switzerland/IBM@IBMCH, freeipa-users@redhat.com freeipa-users@redhat.com Date: 05.08.2015 14:51 Subject:Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA Hi guys, Thank you so much your previous answers. I realised my SID were stored

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

powerful user, but it is conceivable that a lesser user may not see all the required attributes, resulting in no such user errors. Chris From: Matt . yamakasi@gmail.com To: Christopher Lamb/Switzerland/IBM@IBMCH Cc: freeipa-users@redhat.com freeipa-users@redhat.com Date

Re: [Freeipa-users] FreeIPA user ID differs

Markus Have you checked both the cn=accounts and cn=compat trees?. Users and groups are stored in both, and both would need manipulation... Ciao Chris From: markus@mc.ingenico.com To: freeipa-users@redhat.com Date: 04.08.2015 11:14 Subject:[Freeipa-users] FreeIPA user ID

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

. yamakasi@gmail.com To: Christopher Lamb/Switzerland/IBM@IBMCH Cc: freeipa-users@redhat.com freeipa-users@redhat.com Date: 04.08.2015 15:33 Subject:Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA Hi Chris, A puppet run added another passdb backend, that was causing my

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

FreeIPA 4.x and Samba 4.x That will allow me to play around more destructively. Chris From: Matt . yamakasi@gmail.com To: Christopher Lamb/Switzerland/IBM@IBMCH Cc: Youenn PIOLET piole...@gmail.com, freeipa-users@redhat.com freeipa-users@redhat.com Date: 05.08.2015

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

this cracked, we really must write a how-to on the FreeIPA Wiki. Chris From: Christopher Lamb/Switzerland/IBM@IBMCH To: Matt . yamakasi@gmail.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Date: 05.08.2015 07:31 Subject:Re: [Freeipa-users] Ubuntu Samba Server

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

on existing users / groups? are the extensions missing on new users / groups? Cheers Chris From: Youenn PIOLET piole...@gmail.com To: Matt . yamakasi@gmail.com Cc: Christopher Lamb/Switzerland/IBM@IBMCH, freeipa-users@redhat.com freeipa-users@redhat.com Date

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

to move because integration has been improved. I try to keep IPA as native as I can. So this is the best way to go for now, even when this thread is such old ? Thanks! Matt 2015-08-01 9:48 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com: Hi Matt For a how to of Samba FreeIPA

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

to move because integration has been improved. I try to keep IPA as native as I can. So this is the best way to go for now, even when this thread is such old ? Thanks! Matt 2015-08-01 9:48 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com: Hi Matt For a how to of Samba FreeIPA

Re: [Freeipa-users] Admin password not accepted during replica install

Have you considered clock skew? It is probably not the cause here, but is worth eliminating just in case. A difference as small as 5 minutes between the clocks of the client and server can cause problems with authentication. Chris From: Martin Kosek mko...@redhat.com To: Matt .

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

again! Matt 2015-08-03 9:53 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com: Hi Matt Thankfully I saved the output from those ldapmodify commands (against FreeIPA 4.1) and was able to find it again! In our case sambagrouptype also seems to have already been present, so that should

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

Hi, This is nice to have confirmed. Is it possible for you to descrive what you do ? It might be handy to add this to the IPA documentation also with some explanation why... Cheers, Matt 2015-07-31 16:55 GMT+02:00 Christopher Lamb christopher.l...@ch.ibm.com: Hi We use the Samba extensions

Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA

Hi We use the Samba extensions for FreeIPA. Windows 7 users connect to the shares using their FreeIPA credentials. The only password mgmt problem that we have is, that the users get no notice of password expiry until suddenly their Samba user (really the FreeIPA user) password is not accepted

Re: [Freeipa-users] FreeIPA and sambaPwdLastSet

changed his password. Chris From: Alexander Bokovoy aboko...@redhat.com To: Christopher Lamb/Switzerland/IBM@IBMCH Date: 28.04.2015 20:37 Subject:Re: [Freeipa-users] FreeIPA and sambaPwdLastSet On Tue, 28 Apr 2015, Christopher Lamb wrote: Hi Alexander one of those days? I

Re: [Freeipa-users] FreeIPA and sambaPwdLastSet

Hi Rob The users do have the sambaSamAccount ObjectClass. Or to be more precise, some have sambasamaccount (all lower case), and some have sambaSAMAccount (mixed case) Are objectclasses case sensitive? Chris From: Rob Crittenden rcrit...@redhat.com To: Christopher Lamb/Switzerland/IBM

Re: [Freeipa-users] FreeIPA and sambaPwdLastSet

by:freeipa-users-boun...@redhat.com On 07/20/2015 07:56 AM, Christopher Lamb wrote: Hi Rob The users do have the sambaSamAccount ObjectClass. Or to be more precise, some have sambasamaccount (all lower case), and some have sambaSAMAccount (mixed case) Are objectclasses case sensitive? No, unless

Re: [Freeipa-users] Rename or not to rename (packages only)? freeipa-server - ipa-server?

Consistency sounds good. How would the name change affect yum update? Chris From: Petr Spacek pspa...@redhat.com To: freeipa-users@redhat.com Date: 17.07.2015 10:49 Subject:[Freeipa-users] Rename or not to rename (packages only)? freeipa-server - ipa-server? Sent

Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA

, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 Cell: +36704258964 From: Martin Kosek mko...@redhat.com To: Christopher Lamb christopher.l...@ch.ibm.com, freeipa-users@redhat.com Sent: Wednesday, June 10, 2015 9:22:03 AM Subject: Re: [Freeipa-users] LDAP authentication for JIRA using

Re: [Freeipa-users] FreeIPA mail object to use in 3rd party tool

To: Christopher Lamb/Switzerland/IBM@IBMCH, aboko...@redhat.com, mko...@redhat.com Cc: freeipa-users@redhat.com Date: 06.07.2015 08:00 Subject:AW: AW: [Freeipa-users] FreeIPA mail object to use in 3rd party tool Hi Chris, thanks for your help. Now we

[Freeipa-users] Trace / Debug LDAP queries from 3rd Party Tools against FreeIPA Server

Hi All Is there any way on the FreeIPA side to log / debug / trace the LDAP queries made by 3rd Party Tools against a FreeIPA Server? In another thread we are trying to solve some problems with integration of JIRA to FreeIPA. I think if I can see the exact LDAP queries JIRA is making against

Re: [Freeipa-users] Trace / Debug LDAP queries from 3rd Party Tools against FreeIPA Server

:Re: [Freeipa-users] Trace / Debug LDAP queries from 3rd Party Tools against FreeIPA Server Sent by:freeipa-users-boun...@redhat.com On 07/07/2015 10:09 AM, Martin Basti wrote: On 07/07/15 17:39, Christopher Lamb wrote: Hi All Is there any way on the FreeIPA side

Re: [Freeipa-users] FreeIPA mail object to use in 3rd party tool

=admins) memberUid Chris From: markus@mc.ingenico.com To: Christopher Lamb/Switzerland/IBM@IBMCH, aboko...@redhat.com, mko...@redhat.com Cc: freeipa-users@redhat.com Date: 06.07.2015 08:00 Subject:AW: AW: [Freeipa-users] FreeIPA mail object to use in 3rd party

Re: [Freeipa-users] samba vs ipa without kerberos

Hi Christoph have you seen this earlier thread? https://www.redhat.com/archives/freeipa-users/2015-May/msg00124.html I guess as that solution adds some custom fields it would break your requirement no schema extensions., but meet the requirement user authenticates with password. mfg Chris

Re: [Freeipa-users] FreeIPA mail object to use in 3rd party tool

an anonymous bind to a simple bind via user / pw to get one extra attribute: mail. This raises the question: Is there some way to configure IPA to determine which user attributes are returned to anonymous binds? Cheers Chris From: markus@mc.ingenico.com To: Christopher Lamb/Switzerland

Re: [Freeipa-users] FreeIPA mail object to use in 3rd party tool

Hi all I am fighting this exact problem too. We had setup Jira, integrated to FreeIPA with the option Internal Directory with LDAP Authentication, using anonymous bind. This integration path means that when a FreeIPA user attempts to logon to Jira with his FreeIPA Credentials, his user is

Re: [Freeipa-users] FreeIPA mail object to use in 3rd party tool

on FreeIPA / JIRA integration you asked for contributions to a How to Article. I think the solution above could be the basis of such an article. Cheers Chris From: Christopher Lamb/Switzerland/IBM@IBMCH To: Alexander Bokovoy aboko...@redhat.com, markus@mc.ingenico.com Cc

Re: [Freeipa-users] hesitate to deploy freeipa

Hi Harold Perhaps you should not think of FreeIPA as a product. Perhaps a better analogy is a Product Stack. Another example would be LAMP. And as far as I can make out, the point of the FreeIPA project is to better integrate the various products that build the stack. A very important factor -

Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA

ldap.usermembership.use.for.groups: false localUserStatusEnabled: false Sándor Juhász System Administrator ChemAxon Ltd. Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 Cell: +36704258964 From: Martin Kosek mko...@redhat.com To: Christopher Lamb christopher.l...@ch.ibm.com, freeipa

Re: [Freeipa-users] migrating 3.0 - 4.1: passwords not migrated?

Hi Tamas I think the general advice is to replicate rather than to migrate. I am sure Martin K will jump in on this. However some weeks ago, when doing a very similar move to yours, we chose to migrate (we were misled by some very old FreeIPA docus that have since been archived). In our case

Re: [Freeipa-users] migrating 3.0 - 4.1: passwords not migrated?

Kosek mko...@redhat.com To: Christopher Lamb/Switzerland/IBM@IBMCH, Tamas Papp tom...@martos.bme.hu Cc: freeipa-users@redhat.com Date: 10.06.2015 15:35 Subject:Re: [Freeipa-users] migrating 3.0 - 4.1: passwords not migrated? On 06/10/2015 03:32 PM

Re: [Freeipa-users] Fw: ssh problem with migrated FreeIPA client on EL7.1 --Solved

, Alexander Bokovoy aboko...@redhat.com wrote: On Fri, 05 Jun 2015, Christopher Lamb wrote: Hi Martin Thanks for updating the documenation! The suggested solution works not only my test servers, but also in the real world. This morning I

[Freeipa-users] LDAP authentication for JIRA using FreeIPA

Hi All we are interested to know if anybody has succeeded (or for that matter failed) in using FreeIPA to provide user authentication for Atlassian products such as JIRA or Confluence? Somewhere in an Atlassian ticket I saw that FreeIPA is not officially supported, so I guess that should set

Re: [Freeipa-users] Fw: ssh problem with migrated FreeIPA client on EL7.1 --Solved

on our EL 7.1 + ipa-client 4.1 boxes, but not on our older EL 6.5 + ipa-client 3.3.3 machines? Is the problem down to sssd? (on the EL 6.5 machines we are running sssd 1.9.2, while on EL 7.1 we have sssd 1.12.2 Cheers Chris From: Martin Kosek mko...@redhat.com To: Christopher Lamb

Re: [Freeipa-users] Fw: ssh problem with migrated FreeIPA client on EL7.1 --Solved

that the directory to be purged is /var/lib/sss/db/, not /var/lib/sssd/db/ as suggested earlier in this thread. Cheers Chris From: Martin Kosek mko...@redhat.com To: Christopher Lamb/Switzerland/IBM@IBMCH, freeipa-users@redhat.com Cc: Jakub Hrozek jhro...@redhat.com, Rob Crittenden

Re: [Freeipa-users] Fw: ssh problem with migrated FreeIPA client on EL7.1 --Not Solved

mko...@redhat.com To: Christopher Lamb/Switzerland/IBM@IBMCH, freeipa-users@redhat.com, Jakub Hrozek jhro...@redhat.com Date: 03.06.2015 09:34 Subject:Re: [Freeipa-users] Fw: ssh problem with migrated FreeIPA client on EL7.1 --Not Solved On 06/02/2015 06:15

Re: [Freeipa-users] Fw: ssh problem with migrated FreeIPA client on EL7.1 --Not Solved

:11PM +0200, Christopher Lamb wrote: Hi All Bad news. Over the weekend I was able to get the original problem EL7.1 / FreeIPA 4.1 host (FreeIPA client) to authenticate FreeiPA users (my test being ssh remote login with FreeIPA user and password). Today I tried a second machine, and had

Re: [Freeipa-users] Fw: ssh problem with migrated FreeIPA client on EL7.1 --Not Solved

Hi Rob Thanks All those commands work, and give expected results. I will send you the install logs direct. Cheers Chris From: Rob Crittenden rcrit...@redhat.com To: Christopher Lamb/Switzerland/IBM@IBMCH, freeipa-users@redhat.com, Jakub Hrozek jhro...@redhat.com Date

[Freeipa-users] Fw: ssh problem with migrated FreeIPA client on EL7.1 --Not Solved

directly against the new 4.1 FreeIPA server authenticate properly. b) EL 7.1 hosts with ipa-client 4.1 first registered against the old 3.3.3 FreeIPA server, then reregistered with the new 4.1 FreeIPA server do NOT authenticate properly Chris - Forwarded by Christopher Lamb/Switzerland/IBM

[Freeipa-users] Fw: ssh problem with migrated FreeIPA client on EL7.1 --Not Solved

+ ntpd + ipa-client, with nothing else extra. Again I first registered against the old 3.3.3 FreeIPA Server, then switched to the new 4.1 Server. Once again my FreeIPA user does not authenticate. Chris - Forwarded by Christopher Lamb/Switzerland/IBM on 02.06.2015 18:38 - From: Christopher

[Freeipa-users] Fw: ssh problem with migrated FreeIPA client on EL7.1 --Not Solved

, and successfully authenticates FreeIPA users. Any ideas? Chris - Forwarded by Christopher Lamb/Switzerland/IBM on 01.06.2015 19:17 - From: Christopher Lamb/Switzerland/IBM@IBMCH To: Alexander Bokovoy aboko...@redhat.com, freeipa-users@redhat.com Date: 30.05.2015 18:52 Subject

Re: [Freeipa-users] ssh problem with migrated FreeIPA client on EL7.1 -- Solved

To: Christopher Lamb/Switzerland/IBM@IBMCH Cc: freeipa-users@redhat.com Date: 29.05.2015 18:04 Subject:Re: [Freeipa-users] ssh problem with migrated FreeIPA client on EL7.1 On Fri, 29 May 2015, Christopher Lamb wrote: Hi All Some weeks ago I setup a new FreeIPA 4.1.0 on an OEL

[Freeipa-users] ssh problem with migrated FreeIPA client on EL7.1

Hi All Some weeks ago I setup a new FreeIPA 4.1.0 on an OEL 7.1 server to replace the existing FreeIPA 3.0.0 running on OEL 6.5, and successfully migrated across the users. We have 50 odd Servers that are FreeIPA clients. Today I started migrating these one-by-one from the old FreeIPA 3.x

Re: [Freeipa-users] freeipa-samba integration and windows clients

Hi Yes, it's possible to operate freeIPA and Samba as you suggest, we have been doing so for some years now (with several freeIPA and Samba versions). Our end users use a mix of Windows and OSX laptops / workstations. These are not members of any kind of domain. They access our file servers via

Re: [Freeipa-users] Web ui error “Your session has expired. Please re-login.” from a browser on a remote client.

-skew. From: Petr Vobornik pvobo...@redhat.com To: Christopher Lamb/Switzerland/IBM@IBMCH, freeipa-users@redhat.com Date: 30.04.2015 12:52 Subject:Re: [Freeipa-users] Web ui error “Your session has expired. Please re-login.” from a browser on a remote

Re: [Freeipa-users] FreeIPA WebUI Logout logs back in

the LDAP structure and content. I don't see how that can play a role, but I mention it for completeness. thanks Chris From: Simo Sorce s...@redhat.com To: d...@redhat.com Cc: Rob Crittenden rcrit...@redhat.com, Christopher Lamb/Switzerland/IBM@IBMCH, freeipa-users@redhat.com

Re: [Freeipa-users] FreeIPA WebUI Logout logs back in

it right 8-) Cheers Chris From: Craig White cwh...@skytouchtechnology.com To: Christopher Lamb/Switzerland/IBM@IBMCH, Simo Sorce s...@redhat.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Date: 29.04.2015 18:03 Subject:RE: [Freeipa-users] FreeIPA WebUI

Re: [Freeipa-users] Fw: Web ui error “Your session has expired. Please re-login.” from a browser on a remote client.

might also want to repeat the hint that if the FreeIPA Server is running in a VM, it must NEVER be a NTPD server for other servers, as VMs are notorious for bad time keeping. Cheers Chris From: Martin Kosek mko...@redhat.com To: Christopher Lamb/Switzerland/IBM@IBMCH, freeipa

[Freeipa-users] FreeIPA and sambaPwdLastSet

Hi All I wish to pick your brains on the attribute sambaPwdLastSet We have a newly setup FreeIPA 4.1.0, with users and groups migrated from an old 3.0.0 instance. We are also running Samba to share files to Windows and OSX users. This means that all the FreeIPA user accounts have the attribute

Re: [Freeipa-users] FreeIPA WebUI Logout logs back in

by:freeipa-users-boun...@redhat.com On 04/27/2015 12:39 PM, Christopher Lamb wrote: Hi All When I use the logout dropdown the WebUI (top righthand corner of the screen), it logs me out, then immediately reloads and logs me right back in again to the Users screen. This prevents me from logging

Re: [Freeipa-users] Old FreeIPA upstream guides removed (WAS: Re: Web UI: Migrated Admins missing action buttons)

Hi Martin Thanks: I am glad others can benefit from my mistakes. Cheers Chrsi From: Martin Kosek mko...@redhat.com To: Alexander Bokovoy aboko...@redhat.com, Christopher Lamb/Switzerland/IBM@IBMCH Cc: freeipa-users@redhat.com, Robert Crittenden rcrit

[Freeipa-users] Fw: Web ui error “Your session has expired. Please re-login.” from a browser on a remote client.

comes from the 2 hour difference between UTC and European Summertime. I think it would be great if the changes made by FreeIPA setup to ntp.conf were optional - we care strongly about the content of that file! Cheers Chris - Forwarded by Christopher Lamb/Switzerland/IBM on 27.04.2015 15:36

[Freeipa-users] FreeIPA WebUI Logout logs back in

Hi All When I use the logout dropdown the WebUI (top righthand corner of the screen), it logs me out, then immediately reloads and logs me right back in again to the Users screen. This prevents me from logging in with a different user. The FreeIPA Server is 4.1.0 on OEL 7.5. I am using Web UI

Re: [Freeipa-users] Web UI: Migrated Admins missing action buttons

...@redhat.com To: d...@redhat.com, freeipa-users@redhat.com Date: 25.04.2015 07:05 Subject:Re: [Freeipa-users] Web UI: Migrated Admins missing action buttons Sent by:freeipa-users-boun...@redhat.com Dmitri Pal wrote: On 04/24/2015 12:58 PM, Christopher Lamb wrote: Hi I

[Freeipa-users] Web ui error “Your session has expired. Please re-login.” from a browser on a remote client.

Hi All I too am suffering from the infamous Web ui error “Your session has expired. Please re-login.” using from browser(s) on remote client(s), similar to the existing tickets: https://www.redhat.com/archives/freeipa-users/2015-March/msg00211.html

Re: [Freeipa-users] Web UI: Migrated Admins missing action buttons

using a mixture of Red-hat, Fedora and FreeIPA branded documentation. thanks for your help Chris From: Dmitri Pal d...@redhat.com To: Christopher Lamb/Switzerland/IBM@IBMCH, Rob Crittenden rcrit...@redhat.com Cc: freeipa-users@redhat.com Date: 25.04.2015 15:08 Subject