from the IPA Server.
--
Regards,
Rajnesh Kumar Siwal
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
, Mar 2, 2013 at 7:42 PM, Rajnesh Kumar Siwal
rajnesh.si...@gmail.com wrote:
We just set up synchronization between the IPA Server and AD Server
and setup password.
But we cannot see kerberos tickets corresponding to the users fetched
from Windows AD Server.
--
Regards,
Rajnesh Kumar Siwal
Is is still required if the replica is created using the following command:-
# ipa-replica-install --setup-ca --setup-dns
--
Regards,
Rajnesh Kumar Siwal
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo
Thanks, Simo.
It solves my concern,
On Thu, Feb 14, 2013 at 7:21 PM, Simo Sorce s...@redhat.com wrote:
On Thu, 2013-02-14 at 12:50 +0530, Rajnesh Kumar Siwal wrote:
IPA is going to be very critical Server for any environment.
Do we have proper logging of who as locked whom, Who has created
Yes. We would still like to restrict the Visibility of the users.
We could implement the ACL's in 389-ds. However, I was concerned
whether it breaks the IPA.
--
Regards,
Rajnesh Kumar Siwal
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https
Thanks, Petr,
I would like to confirm that I did not manually install any other
application on it.
I will dig further on it , if I could fetch out the reason.
On Mon, Feb 11, 2013 at 9:23 AM, Petr Vobornik pvobo...@redhat.com wrote:
On 02/10/2013 06:30 PM, Rajnesh Kumar Siwal wrote:
Hi All
): 1
History size: 0
Character classes: 0
Min length: 12
Max failures: 6
Failure reset interval: 60
Lockout duration: 600
--
Regards,
Rajnesh Kumar Siwal
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman
Versions:
OS: CentOS 6.3
IPA: 2.2
On Sun, Feb 10, 2013 at 5:30 PM, Rajnesh Kumar Siwal
rajnesh.si...@gmail.com wrote:
Hi All,
As I try to login into the IPA through https, it displays me a popup
window to login.
But login fails through it every time. I don't understand why this
popup window
Did you follow the instructions on how to import IPA cert into your browser ?
Not yet.
Will following the instructions test that part also and will let you know.
But I need to understand what this htaccess page is trying to do.
On Mon, Feb 11, 2013 at 4:10 AM, Rajnesh Kumar Siwal
rajnesh.si
= 0 100 88 ipa.labs.local.
---
Please suggest how to use ipa2 for authentication purpose.
--
Regards,
Rajnesh Kumar Siwal
It started working after a few minutes.
On Sat, Feb 9, 2013 at 9:34 PM, Rajnesh Kumar Siwal
rajnesh.si...@gmail.com wrote:
We have setup an IPA replica server on the environment using the
following command:-
#ipa-replica-install --setup-dns --setup-ca --forwarder=192.168.1.204
/var/lib/ipa
#yum install ipa-server
--
Regards,
Rajnesh Kumar Siwal
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Thanks, Simo.
On Fri, Feb 8, 2013 at 1:30 AM, Simo Sorce s...@redhat.com wrote:
On Fri, 2013-02-08 at 00:57 +0530, Rajnesh Kumar Siwal wrote:
Does IPA server 2.2 supports the ipa clients authentication behind the NAT ?
Authentication works, password changes using kpasswd protocol do
Account / Password.
--
Regards,
Rajnesh Kumar Siwal
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Thanks for the Quick update.
On Fri, Feb 8, 2013 at 9:31 AM, Rob Crittenden rcrit...@redhat.com wrote:
Rajnesh Kumar Siwal wrote:
We are planning to use the IPA Server in the application that may not
support Kerberos.
So, we may have to interact with the LDAP Server (389-ds) directly
Crittenden rcrit...@redhat.com wrote:
Rajnesh Kumar Siwal wrote:
We are trying to setup the IPA replication but it says Connection
check failed!.
We disabled the firewall and found the same result
:31:34 ldap/ipa2.xyz@xyz.dmz
On Tue, Feb 5, 2013 at 7:45 PM, Rajnesh Kumar Siwal
rajnesh.si...@gmail.com wrote:
Hi Rob,
Thanks for the quick reply.
I tried logging iptables in the replica also, but no log for dropped packet :-
I would appreciate if you could please let me know what
Thanks, Bob/Simo.
On Tue, Feb 5, 2013 at 8:24 PM, Rob Crittenden rcrit...@redhat.com wrote:
Simo Sorce wrote:
On Mon, 2013-02-04 at 09:21 -0500, Rob Crittenden wrote:
Rajnesh Kumar Siwal wrote:
Looking into the sssd logs, I came to know there there was one more
rule allowing access
for realm 'XYZ.DMZ' while getting
initial credentials
---
On Tue, Feb 5, 2013 at 8:15 PM, Rajnesh Kumar Siwal
rajnesh.si...@gmail.com wrote:
Finally , I installed it with --skip-conncheck:-
Now
Both of these replica are in the same network.
I have disabled the iptables on both
Selinux disable.
still the output of kinit admin is the same
kinit: Cannot contact any KDC for realm
strace output attached.
On Tue, Feb 5, 2013 at 9:45 PM, Rajnesh Kumar Siwal
rajnesh.si...@gmail.com wrote
: [ OK ]
[root@ipa2 ~]# kinit admin
Password for ad...@xyx.dmz:
On Tue, Feb 5, 2013 at 10:29 PM, Rob Crittenden rcrit...@redhat.com wrote:
Rajnesh Kumar Siwal wrote:
Both of these replica are in the same network.
I have disabled the iptables on both
Selinux disable.
still
Still unable to start bind :-
[root@ipa2 ~]# ipa-replica-conncheck --replica ipa1.xyz.dmz
Check connection from master to remote replica 'ipa1.xyz.dmz':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos KDC: UDP
As a workaround I modified named.conf to use simple authentication and
was able to start bind However I am looking for a better resolution.
--
dynamic-db ipa {
library ldap.so;
Two more issues:-
1. I am still not able to login into the WebUI of ipa2 (Replica
Server). It displays Internal Server Error
2. Are there any logs to make sure that the Replication is working fine ?
___
Freeipa-users mailing list
I am missing these two entries in ipa1 (The Master that was installed first):-
HTTP/ipa2.xyz@xyz.dmz
DNS/ipa2.xyz@xyz.dmz
The above entries are present only in ipa2.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
from sudo access)
On the IPA Web Interface there is not sudo role attached to the User
rsiwal (Neither Direct nor Indirect).
May be there is some bug.
On Mon, Feb 4, 2013 at 1:22 PM, Rajnesh Kumar Siwal
rajnesh.si...@gmail.com wrote:
Hi all,
I have just created a setup for sudo on the IPA
On Mon, Feb 4, 2013 at 7:29 AM, Rajnesh Kumar Siwal
rajnesh.si...@gmail.com wrote:
I am planning to use the sudo feature on IPA 2.2. By default the IPA
client that I configured does not seems to use fetch the sudo user
details.
It looks that we need to modify nsswitch.conf and ldap.conf
by HBAC rule [allow_all]
(Mon Feb 4 14:13:01 2013) [sssd[be[chargepoint.dmz]]]
[be_pam_handler_callback] (4): Backend returned: (0, 0, NULL)
[Success]
I disabled that allow_all rule, now it is fine.
On Mon, Feb 4, 2013 at 2:02 PM, Rajnesh Kumar Siwal
rajnesh.si...@gmail.com wrote:
Here
sudoRunAsUser: ALL
sudoOption: !authenticate
cn: All Except Shell
Is it present in cache somewhere ?
On Mon, Feb 4, 2013 at 2:18 PM, Rajnesh Kumar Siwal
rajnesh.si...@gmail.com wrote:
Looking into the sssd logs, I came to know there there was one more
rule allowing access:-
(Mon Feb 4 14:13:01
Restarting IPA removed the rule that was deleted manually through GUI .
It looks like a bug the IPA Webui was not able to delete the sudo rule
cn: All Except Shell
On Mon, Feb 4, 2013 at 3:54 PM, Rajnesh Kumar Siwal
rajnesh.si...@gmail.com wrote:
I deleted the following entry from the IPA WebUI
aable to migrate sudo roles so will be creating them manually.
On Mon, Feb 4, 2013 at 7:59 PM, Rob Crittenden rcrit...@redhat.com wrote:
Rajnesh Kumar Siwal wrote:
I deleted the following entry from the IPA WebUI All Except Shell
(Sudo Role) but ldapsearch still fetches it (Effectively sudo
Not sure but this is what resolved it.
On Mon, Feb 4, 2013 at 7:51 PM, Rob Crittenden rcrit...@redhat.com wrote:
Rajnesh Kumar Siwal wrote:
Looking into the sssd logs, I came to know there there was one more
rule allowing access:-
(Mon Feb 4 14:13:01 2013) [sssd[be[chargepoint.dmz
groeten,
*
Fred*
On Mon, Feb 4, 2013 at 7:29 AM, Rajnesh Kumar Siwal
rajnesh.si...@gmail.com mailto:rajnesh.si...@gmail.com wrote:
I am planning to use the sudo feature on IPA 2.2. By default the IPA
client that I configured does not seems to use fetch the sudo user
details
Street
Glendale, CA 91204
Phone: 877-782-2737 ext. 4566
Fax: 818-265-3152
christi...@4over.com mailto:christi...@4over.com
www.4over.com http://www.4over.com
On Mon, Feb 4, 2013 at 2:54 AM, Rajnesh Kumar Siwal
rajnesh.si...@gmail.com wrote:
Does it means that we don't have any backup
not able to find the password for
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com . How do I find it ?
Will it be safe to change password of this sudo user or it may impact
the IPA Server ?
Please suggest.
--
Regards,
Rajnesh Kumar Siwal
___
Freeipa-users
)
Is there some kind of caching being at the Server / client end ?
--
Regards,
Rajnesh Kumar Siwal
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Any User throug IPA GUI can see the details of all the other users.
He should be able to see his own details.
Additionally the , Change Passwords link is enabled corresponding to
all Users (appears to any regular user).
I am in Migration Mode.
--
Regards,
Rajnesh Kumar Siwal
Change Password Link is not greyed (It is enabled).
However, when I tried to change password, it failed because of
insufficient Privileges (Looks Good).
Thanks for the Quick reply.
--
Regards,
Rajnesh Kumar Siwal
___
Freeipa-users mailing list
38 matches
Mail list logo