Folks,
let's say I am user thomas, and user "temp1" already marked as "disabled"
on FreeIPA, but tho...@domain.com is on /home/temp1/.k5login list, how come
I could still "sudo su - temp1"? It seems skip the checking on FreeIPA even
account is disabled. Did I miss any setting or it's normal?
--
M
Hi Rob,
So what you are trying to say is that it's nothing to do with FreeIPA but
ssh client itself?
On Mon, Nov 30, 2015 at 11:39 AM, Rob Crittenden
wrote:
> Thomas Lau wrote:
> > Hi all,
> >
> > I am running FreeIPA 3.3.x in our environment. First I did is kinit on
Hi all,
I am running FreeIPA 3.3.x in our environment. First I did is kinit on
client 1, then ssh to host A, it works fine; But then if I want to ssh from
host A to host B, I have to do kinit again, is there have a way to do
ticket transfer? Or is it call "Ticket Delegation"? How could I config i
Hi,
I am using script to check /etc/ipa/default.conf now, it works pretty
well. Thanks.
On Thu, Aug 6, 2015 at 3:55 PM, Martin Kosek wrote:
> On 08/04/2015 03:10 PM, Thomas Lau wrote:
>> Does anyone know how could I check if client enrolled or not?
>>
>> trying to automa
Does anyone know how could I check if client enrolled or not?
trying to automate enrollment process by using generic tool since I am
using Ubuntu, only ipa-client-install available.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-us
CentOS Linux release 7.0.1406 (Core) <- this is the version we are using
now.
On Wed, May 27, 2015 at 5:54 PM, Martin Kosek wrote:
> On 05/27/2015 04:14 AM, Thomas Lau wrote:
> > Hi All,
> >
> > I was reading this page but seems very confusing:
> >
>
Hi All,
I was reading this page but seems very confusing:
https://www.freeipa.org/page/V3/Backup_and_Restore#Data_Backup_.26_Restore_Process_.28online.29
ipa-backup and ipa-restore command doesn't exists. I know full system
backup works, but is there have a way to do core Kerberos DB backup? or
thanks, sorry that I missed that message.
On Mon, May 4, 2015 at 4:33 PM, David Kupka wrote:
> On 05/04/2015 07:09 AM, Thomas Lau wrote:
>>
>> Hi All,
>>
>> We got a power maintenance soon, so all servers need to shutdown. Is
>> there have a shutdown / starting
Hi All,
We got a power maintenance soon, so all servers need to shutdown. Is
there have a shutdown / starting up procedure for FreeIPA cluster? We
are currently running two node cluster.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freei
I think the semi-online status cause SSSD confused about what to do
and causing it to timeout.
So that means no fix for now.
On Thu, Apr 16, 2015 at 11:10 AM, Dmitri Pal wrote:
> On 04/15/2015 10:17 PM, Thomas Lau wrote:
>>
>> Hi,
>>
>> I just checked with developer,
, Dmitri Pal wrote:
> On 04/13/2015 10:41 PM, Thomas Lau wrote:
>>
>> Hi,
>>
>> It's an in-house program which runs on one kerberos user.
>
> You need to look what this program is doing.
> I suspect it is doing some sort of kinit itself and does not rely on the
Hi,
It's an in-house program which runs on one kerberos user.
On Tue, Apr 14, 2015 at 5:34 AM, Dmitri Pal wrote:
> On 04/13/2015 08:23 AM, Thomas Lau wrote:
>
> Hi,
>
> These problem appear randomly, sometime it still work even under heavy
> packet loss, some times wou
Hi,
These problem appear randomly, sometime it still work even under heavy
packet loss, some times would be like this. So its hard to catch.
On Apr 13, 2015 3:22 PM, "Jakub Hrozek" wrote:
> On Mon, Apr 13, 2015 at 01:15:09PM +0800, Thomas Lau wrote:
> > Hi all,
> >
Hi all,
We have cronjob which running on a FreeIPA LDAP user; When connection
between IPA server and client having heavy packet loss, following
error would occur:
CRON[20637]: Authentication service cannot retrieve authentication info
I have cache credentials and store password if offline enable
Hi all,
we are going to have power maintenance and needed to shutdown two core
FreeIPA server. Is there have any sequence to shutdown and power on FreeIPA
server? Anything I need to aware of?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/f
t;> On 12/09/2014 07:46 PM, Thomas Lau wrote:
>> > By the way, if I change Directory manager password, do I need to do
>> > anything else for replication cluster?
>>
>> http://www.port389.org/docs/389ds/howto/howto-resetdirmgrpassword.html
>>
>> Unless you
By the way, if I change Directory manager password, do I need to do
anything else for replication cluster?
On Wed, Dec 10, 2014 at 10:45 AM, Thomas Lau wrote:
> Hi All,
>
> Does anyone know to change directory manager password?
--
Thomas Lau
Director of Infrastructure
Tetrion Capita
Hi All,
Does anyone know to change directory manager password?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Hi All,
FreeIPA Default is using 60days password expiry, how could I change it?
Also, for existing accounts, can I just change krbPasswordExpiration
on LDAP? anywhere else I need to change? do I need to generate keytab
on Kerberos to activate new expiry date?
--
Manage your subscription for the
Thanks, that solve my concern!
On Thu, Nov 20, 2014 at 5:35 PM, Jakub Hrozek wrote:
> On Thu, Nov 20, 2014 at 05:19:57PM +0800, Thomas Lau wrote:
> > What will happen if laptop haven't turn on for a long time and ticket
> > expired with cache and store password enabled?
What will happen if laptop haven't turn on for a long time and ticket
expired with cache and store password enabled? Does user unable to login
after expired?
On Thu, Nov 20, 2014 at 5:10 PM, Jakub Hrozek wrote:
> On Thu, Nov 20, 2014 at 05:04:02PM +0800, Thomas Lau wrote:
> > Do
Does anyone know what's the behavior look like if a mobile user (laptop)
being disconnected from Kerberos for too long even cache is enabled by
default in our environment?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To ht
Hi All,
I am successfully letting Apache auth against FreeIPA, but whatever
folder/files being created on WebDav server would be using Apache user and
group instead of login user/group, does anyone know how to fix this?
Kerberos + LDAP config:
http://pastebin.com/zpP3TEst
--
Thomas Lau
PM -0500, Dmitri Pal wrote:
> > On 11/06/2014 08:20 PM, Thomas Lau wrote:
> > >?Hi,
> > >
> > >Is it possible to renew ticket once in a while for cronjob to run on
> > >certain users? How do you guys run cronjob on Kerberos user without
> > >g
Hi,
Is it possible to renew ticket once in a while for cronjob to run on
certain users? How do you guys run cronjob on Kerberos user without getting
ticket expire?
Sent from my BlackBerry 10 smartphone.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mail
Thanks, all good now.
On Fri, Oct 31, 2014 at 1:40 PM, Alexander Bokovoy
wrote:
> On Fri, 31 Oct 2014, Thomas Lau wrote:
>
>> Hi All,
>>
>> I am using vsftpd and auth against PAM (eventually to sss), but I can't
>> login even using admin account, anyone
26 matches
Mail list logo
