Hi:
I am using free-ipa 2.2 to manage LDAP/DNS for about a dozen CentOS 6.3
servers on a small network. I am having a problem where a user cannot
log into a host even though ipa hbactest says the he is authorized.
This user can log into other hosts where ipa hbactest says he is
authorized.
As Rob says, I think we should take a look at SSSD and system logs.
Can you paste or attach the couple of lines that are appended to
/var/log/secure during
the login attempt? That should give us a clue on whether the SSSD PAM
modules are contacted.
Can you also add debug_level = 8 to
Hi Stephen and Dmitri:
Thank you for the sshd GSSAPI configuration suggestion. I tried it this
morning but it didn't work. That particular user is still not able to
login. What is even more interesting is that I created a user with the
identical setup and the new user worked (i.e., they were
you for all of your help and suggestions.
Regards,
Joe
From: Joe Linoff
Sent: Monday, July 23, 2012 1:51 PM
To: sgall...@redhat.com; d...@redhat.com
Cc: freeipa-users@redhat.com; Joe Linoff
Subject: Re: [Freeipa-users] User can't login via ssh from external
Hi Stephen and Dmitri
Hi Steve:
Thank you for your suggestions.
In the gui you can do a hbac test of the rule.
I ran the hbactest rule testing from the command line using ipa
hbactest It showed that the rules were correct. Do you think that
the GUI might provide a different result?
Also what
amount to the same thing, right?
Regards,
Joe
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Monday, July 23, 2012 3:21 PM
To: Joe Linoff
Cc: sgall...@redhat.com; d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] User can't login via ssh from
...@redhat.com]
Sent: Monday, July 23, 2012 3:23 PM
To: Joe Linoff
Cc: steven.jo...@vuw.ac.nz; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] User can't login via ssh from external
Joe Linoff wrote:
Hi Steve:
Thank you for your suggestions.
In the gui you can do a hbac test
Hi Martin:
Thank you. This is very helpful.
I am going to try the group functions tomorrow morning (PST).
Regards,
Joe
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Friday, June 29, 2012 12:07 AM
To: Joe Linoff
Cc: Petr Vobornik; freeipa-users@redhat.com
Hi Rob:
This is so only the end-user knows the password.
That makes good sense.
Your suggestions will help me in my test environment.
Thanks,
Joe
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Friday, June 29, 2012 8:07 AM
To: Joe Linoff
Cc: Petr
Hi Everybody.
I ran into a strange problem today: I reset a user password in the GUI
to Test1234 for testing but when I tried to login as that user and
enter the password, I got an authentication error. Does anyone know why
this might be occurring or how I can debug it?
Here are some
Hi Martin:
Thank you once again for your excellent insights. I really appreciate
your help. FreeIPA is really impressive.
Regards,
Joe
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Thursday, June 28, 2012 1:46 AM
To: Joe Linoff
Cc: freeipa-users@redhat.com
-
From: Petr Vobornik [mailto:pvobo...@redhat.com]
Sent: Thursday, June 28, 2012 1:32 AM
To: Joe Linoff
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] How can I change my password from a python
script?
On 06/28/2012 03:34 AM, Joe Linoff wrote:
Hi Everybody:
I need to add a lot
Hi Martin:
Excellent! Thank you.
Regards,
Joe
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Tuesday, June 26, 2012 11:34 PM
To: Joe Linoff
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] What is the best way to make batch changes
to the LDAP?
On 06
].encode('utf8') if f in result is not
None else str('None'))('mail')
print '%-20s %s' % (uid,email)
END
Thanks,
Joe
-Original Message-
From: Joe Linoff
Sent: Wednesday, June 27, 2012 11:02 AM
To: Martin Kosek
Cc: freeipa-users@redhat.com; Joe Linoff
Subject: RE: [Freeipa-users] What
Hi Everybody:
I need to add a lot of users to an LDAP system for testing and I would
like to do it in batch mode. For my small tests have been doing
something like this:
#!/bin/bash
# Script to create a new user.
ipa user-add bigbob \
--email=b...@bigbobsemporium.com \
))
Regards,
Joe
From: Joe Linoff
Sent: Tuesday, June 26, 2012 3:04 PM
To: freeipa-users@redhat.com
Cc: Joe Linoff
Subject: What is the best way to make batch changes to the LDAP?
Hi Everybody:
I need to change the mailing address information for a group of
employees in the FreeIPA
: Stephen Gallagher [mailto:sgall...@redhat.com]
Sent: Monday, June 25, 2012 4:20 AM
To: Joe Linoff
Cc: Mark Reynolds; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Transfer user database to FreeIPA LDAP
On Sun, 2012-06-24 at 15:10 -0700, Joe Linoff wrote:
Hi Mark:
I did not find
sense?
Regards,
Joe
-Original Message-
From: Simo Sorce [mailto:s...@redhat.com]
Sent: Monday, June 25, 2012 4:50 AM
To: Mark Reynolds
Cc: Joe Linoff; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Transfer user database to FreeIPA LDAP
On Sun, 2012-06-24 at 15:49 -0400, Mark
, 2012 6:07 AM
To: Joe Linoff
Cc: Mark Reynolds; freeipa-users@redhat.com
Subject: RE: [Freeipa-users] Transfer user database to FreeIPA LDAP
On Mon, 2012-06-25 at 05:57 -0700, Joe Linoff wrote:
Unfortunately, the problem I have is that I have the user data and the
hashed password
Hi Everybody:
We have a legacy web based application (CakePHP) that stores user data
in a DB and I would like to transfer that information to a FreeIPA
Identity Management Server without requiring the users to re-enter their
passwords (if possible).
How would I do that?
I know that the
Hi Mark:
Thank you, that is really helpful.
Regards,
Joe
From: Mark Reynolds [mailto:marey...@redhat.com]
Sent: Sunday, June 24, 2012 12:49 PM
To: Joe Linoff
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Transfer user database to FreeIPA LDAP
Hi Joe,
I'm
: 20120620013218Z
krbLoginFailedCount: 0
Unfortunately, I am new to IPA so I don't yet understand the internals
for password management. Can you suggest any documentation I can read? I
am fairly familiar with LDAP and Kerberos.
Thanks,
Joe
From: Joe Linoff
Sent: Sunday, June 24, 2012
Hi:
This is a best practices question. I am really impressed with FreeIPA
and I want to make sure that I follow the recommended usage paradigms.
What is the best way to do a ldapsearch operation on a FreeIPA client?
One approach would be to install LDAP utilities on the client and run
[mailto:rcrit...@redhat.com]
Sent: Wednesday, June 20, 2012 11:26 AM
To: Joe Linoff
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA client ldapsearch
Joe Linoff wrote:
Hi:
This is a best practices question. I am really impressed with FreeIPA
and I want to make sure that I follow
Hi:
I read somewhere that I should turn off the NetworkManager service on
the IPA server. Should I do same on the clients?
Thanks,
Joe
___
Freeipa-users mailing list
Freeipa-users@redhat.com
Thank you. I really appreciate your help and for taking the time to answer so
quickly.
I will NOT manage root through FreeIPA.
Regards,
Joe
-Original Message-
From: Stephen Gallagher [mailto:sgall...@redhat.com]
Sent: Wednesday, June 06, 2012 7:15 AM
To: Joe Linoff
Cc: freeipa-users
Hi Folks:
I am trying to configure sudo clients using FreeIPA 2.1.3 on CentOS 6.2
but it I am running into a problem that I do not know how to debug. I
used the instructions provided here:
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/example
-configuring-sudo.html.
The
Hi Mark:
Thank you for your suggestion. I will try it later today.
Regards,
Joe
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Sunday, June 03, 2012 11:40 PM
To: Joe Linoff
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] FreeIPA 2.1 - restrict users
Thank you both. Turning off allow_all did the trick. Now everything works
perfectly.
This tool rocks!
Thanks,
Joe
-Original Message-
From: Stephen Gallagher [mailto:sgall...@redhat.com]
Sent: Monday, June 04, 2012 5:10 AM
To: Martin Kosek
Cc: Joe Linoff; freeipa-users@redhat.com
Hi:
I am a newbie that is trying out FreeIPA for the first time. So far I am
extremely impressed with this system but I ran into a problem that I
need some help with. I am trying to figure out how to HBAC to restrict a
set of users to a specific set of hosts but I am not having any success.
30 matches
Mail list logo