On (23/10/14 11:27), Outback Dingo wrote:
On Thu, Oct 23, 2014 at 11:20 AM, Fraser Tweedale ftwee...@redhat.com
wrote:
On Wed, Oct 22, 2014 at 03:23:56PM +0200, Lukas Slebodnik wrote:
On (22/10/14 17:10), Fraser Tweedale wrote:
Further to my earlier email, I have written a blog post about
+1.
And even if talking about installation of the necessary software and not about
the configuration, then why this?
The commands to enable the custom repository and install the required
packages on a FreeBSD host appear below.
Note that these are Bourne shell commands; this script will not
On Thu, Oct 23, 2014 at 02:12:47PM +0400, Орхан Касумов wrote:
+1.
And even if talking about installation of the necessary software and not
about the configuration, then why this?
The commands to enable the custom repository and install the required
packages on a FreeBSD host appear
On Thu, Oct 23, 2014 at 09:58:33AM +0200, Lukas Slebodnik wrote:
On (23/10/14 11:27), Outback Dingo wrote:
On Thu, Oct 23, 2014 at 11:20 AM, Fraser Tweedale ftwee...@redhat.com
wrote:
On Wed, Oct 22, 2014 at 03:23:56PM +0200, Lukas Slebodnik wrote:
On (22/10/14 17:10), Fraser Tweedale
You could ease everything by creating 2 files: FreeIPA.conf and FreeIPA.pem,
uploading them to Web and sharing links to them. FreeBSD users could the use
the fetch command to download and use your files.
Отправлено от Blue Mail
На 5:36, 24.10.2014, в 5:36, Fraser Tweedale ftwee...@redhat.com
On Fri, Oct 24, 2014 at 07:42:31AM +0500, Orkhan Gasimov wrote:
You could ease everything by creating 2 files: FreeIPA.conf and
FreeIPA.pem, uploading them to Web and sharing links to them.
FreeBSD users could the use the fetch command to download and
use your files.
I turned it into a shell
Further to my earlier email, I have written a blog post about all
these matters, with a particular focus on the custom package repo.
I will update it tomorrow with a bit more about the package
flavours topic. For now, all the details for enabling and using
the custom repo are in the post. Check
On 22.10.2014 09:10, Fraser Tweedale wrote:
Further to my earlier email, I have written a blog post about all
these matters, with a particular focus on the custom package repo.
I will update it tomorrow with a bit more about the package
flavours topic. For now, all the details for enabling and
On (22/10/14 17:10), Fraser Tweedale wrote:
Further to my earlier email, I have written a blog post about all
these matters, with a particular focus on the custom package repo.
I will update it tomorrow with a bit more about the package
flavours topic. For now, all the details for enabling and
On Thu, Oct 23, 2014 at 12:23 AM, Lukas Slebodnik lsleb...@redhat.com
wrote:
On (22/10/14 17:10), Fraser Tweedale wrote:
Further to my earlier email, I have written a blog post about all
these matters, with a particular focus on the custom package repo.
I will update it tomorrow with a bit
On Thu, Oct 23, 2014 at 11:20 AM, Fraser Tweedale ftwee...@redhat.com
wrote:
On Wed, Oct 22, 2014 at 03:23:56PM +0200, Lukas Slebodnik wrote:
On (22/10/14 17:10), Fraser Tweedale wrote:
Further to my earlier email, I have written a blog post about all
these matters, with a particular focus
On Wed, Oct 22, 2014 at 01:26:42PM +0200, Petr Spacek wrote:
On 22.10.2014 09:10, Fraser Tweedale wrote:
Further to my earlier email, I have written a blog post about all
these matters, with a particular focus on the custom package repo.
I will update it tomorrow with a bit more about the
On (17/10/14 16:46), Orkhan Gasimov wrote:
1. I use FreeBSD 10.0 64-bit.
(For some files bits are also important - for example, on a 32-bit machine
the same configuration of
/usr/local/etc/sssd/sssd.conf file introduces problems because of the line
enumerate = True in the [domain] section; only
On (20/10/14 15:06), Orkhan Gasimov wrote:
OK, Lukas, I did as you say:
1) reset my pam.d - login to its defaul state
2) added to my pam.d - system: account required /usr/local/lib/pam_sss.so
ignore_unknown_user ignore_authinfo_unavail;
3) commented out enumerate = True in my
1. Yes, being able to find simple typos is what distinguishes a good
troubleshooter from a bad one. The problem really was between the chair and the
keyboard.
2. Not only you were right in this aspect, but also regarding the idea that
comments in sssd.conf file shouldn't be on the same line as
On (21/10/14 23:20), Орхан Касумов wrote:
1. Yes, being able to find simple typos is what distinguishes a good
troubleshooter from a bad one. The problem really was between the chair and
the keyboard.
2. Not only you were right in this aspect, but also regarding the idea that
comments in
On Tue, Oct 21, 2014 at 08:31:17PM +0200, Lukas Slebodnik wrote:
On (20/10/14 15:06), Orkhan Gasimov wrote:
OK, Lukas, I did as you say:
1) reset my pam.d - login to its defaul state
2) added to my pam.d - system: account required /usr/local/lib/pam_sss.so
ignore_unknown_user
Great news!
If I understand correctly, a package can be equivalent to several ports?
If this is correct, then could a composite package be built to include
all necessary ports?
* _security/sssd_ http://www.freshports.org/security/sssd
* _security/sudo_
On Wed, Oct 22, 2014 at 09:13:11AM +0500, Orkhan Gasimov wrote:
Great news! If I understand correctly, a package can be
equivalent to several ports? If this is correct, then could a
composite package be built to include all necessary ports?
This is not correct. One package corresponds to
On (19/10/14 08:45), Orkhan Gasimov wrote:
2. About my pam.d files - please read carefully my previous posts.
I commented out the line in pam.d - system and added it explicitly to
You didn't have account required /usr/local/lib/pam_sss.so ignore_unknown_user
in pam.d/system. The line is
OK, Lukas, I did as you say:
1) reset my pam.d - login to its defaul state
2) added to my pam.d - system: account required
/usr/local/lib/pam_sss.so ignore_unknown_user ignore_authinfo_unavail;
3) commented out enumerate = True in my /usr/local/etc/sssd/sssd.conf.
Now I cannot locally login
On 10/18/2014 11:45 PM, Orkhan Gasimov wrote:
1. About enumerate with comments on the same line - it doesn't cause
any problems on my FreeBSD 10 64-bit. Enumerate causes problems on my
FreeBSD 10 32-bit - that could be because of a comment on the same
line I could check it, but if it's not
Replying to myself is great... Anyway, maybe this info will be useful
for people like me, trying to integrate FreeBSD with FreeIPA.
Solved some problems:
1. SSH-ing as existing IPA user rsiwal to my FreeBSD client fails.
The same user can SSH or locally login to my Linux client.
That
On (17/10/14 12:01), Alexander Bokovoy wrote:
Didn`t find a solution yet. But I think this is caused by lack of proper
configuration of Kerberos on my FreeBSD client. On my Linux client I found
such a configuration in /etc/krb5.conf file. However, there's no such file
on my FreeBSD client, as the
This idea is great, it would be invaluable for many people trying to
integrate FreeBSD with FreeIPA. Currently there's only one post about
this at FreeBSD forums, but it's not detailed and tells nothing about
many cavets of the process.
You would have helped a lot of people to avoid
Unfortunately, putting that line in /etc/pam.d/system prevents me from
being able to locally login to the BSD client.
At the same time, the same line in /etc/pam.d/sshd or /etc/pam.d/login
doesn't give unexpected behaviours.
Bug, bug, bug...
17-Oct-14 14:15, Lukas Slebodnik пишет:
I would
On 10/17/2014 01:01 PM, Orkhan Gasimov wrote:
That format is not simple for me, as I'm not a programmer. But after I check,
double-check and triple-check my FreeBSD - FreeIPA integration via SSSD and
assure that it works without unexpected behaviors, I'll probably write a
HOW-TO
on this
Of course! But for now I'm in process of checking my integration and
there are some things I don't like.
First and foremost, any change on the IPA server is not automatically
reflected on the BSD client.
Only after SSSD is manually restarted on the client, something like
it's cache is cleared
On (17/10/14 15:44), Orkhan Gasimov wrote:
Unfortunately, putting that line in /etc/pam.d/system prevents me from being
able to locally login to the BSD client.
At the same time, the same line in /etc/pam.d/sshd or /etc/pam.d/login
doesn't give unexpected behaviours.
Bug, bug, bug...
It works for
On 10/17/2014 01:28 PM, Orkhan Gasimov wrote:
Of course! But for now I'm in process of checking my integration and there are
some things I don't like.
First and foremost, any change on the IPA server is not automatically
reflected
on the BSD client.
Only after SSSD is manually restarted on
On (17/10/14 16:28), Orkhan Gasimov wrote:
Of course! But for now I'm in process of checking my integration and there
are some things I don't like.
First and foremost, any change on the IPA server is not automatically
reflected on the BSD client.
sssd uses few levels of caches. If you want to have
I found another solution (currently checked it only for adding/deleting
a sudo rule for a user, and also enabling/disabling a user) - add to the
[domain] section of the sssd.conf file: entry_cache_timeout = 5.
17-Oct-14 16:39, Lukas Slebodnik пишет:
sssd uses few levels of caches. If you
OK, back to FreeIPA - FreeBSD setup.
I changed my setup: instead of 2 VMs now I have 4 VMs:
1: DNS server - set up as shown by Rajnesh Kumar Siwal in
http://www.youtube.com/watch?v=0SmiwFoHVeIindex=4list=PLdKXnZQzEG-KmtKq-LelPn5RTKfJig0Wc
2 and 3: IPA server IPA linux client - set up as
On (16/10/14 13:04), Orkhan Gasimov wrote:
OK, back to FreeIPA - FreeBSD setup.
I changed my setup: instead of 2 VMs now I have 4 VMs:
1: DNS server - set up as shown by Rajnesh Kumar Siwal in
http://www.youtube.com/watch?v=0SmiwFoHVeIindex=4list=PLdKXnZQzEG-KmtKq-LelPn5RTKfJig0Wc
2 and 3: IPA
Please excuse me for that silly typo in the letter. The typo doesn`t
exist either in /etc/pam.d/system or /etc/pam.d/sshd - in those files I
typed ignore_unknown_user.
I'll try ignore_authinfo_unavail to see if it prevents me from being
locked out of the machine.
Here are the log files:
Here`s what I have at the end of the day after various checks.
SSH-ing as existing IPA user rsiwal to my FreeBSD client fails.
The same user can SSH or locally login to my Linux client.
If I create a new user in IPA, he can`t initially SSH into FreeBSD client.
BSD says: password expired, but
On Tue, 14 Oct 2014, Orkhan Gasimov wrote:
Thanks to both of you for the interest.
Here`s the info you asked:
1. Putting debug_level = 7 either in [domain] or/and [nss] section
of the /usr/local/etc/sssd/sssd.conf file gives nothing in the log.
The log file located at /var/log/sssd/sssd.log
With help from Alexander Bokovoy I found correct log destinations:
sssd-domain-log:
https://cloud.mail.ru/public/1e803a00989e%2Fsssd_eurosel.az.log
sssd-nss-log: https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log
These files are from my second Fedora - FreeBSD setup, they have
With help from Alexander Bokovoy I found correct log destinations:
sssd-domain-log:https://cloud.mail.ru/public/1e803a00989e%2Fsssd_eurosel.az.log
sssd-nss-log:https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log
These files are from my second Fedora - FreeBSD setup, they have
different
On Tue, Oct 14, 2014 at 12:34:09PM +0500, Orkhan Gasimov wrote:
With help from Alexander Bokovoy I found correct log destinations:
sssd-domain-log:
https://cloud.mail.ru/public/1e803a00989e%2Fsssd_eurosel.az.log
sssd-nss-log: https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log
These
On Tue, 14 Oct 2014, Orkhan Gasimov wrote:
With help from Alexander Bokovoy I found correct log destinations:
sssd-domain-log:https://cloud.mail.ru/public/1e803a00989e%2Fsssd_eurosel.az.log
sssd-nss-log:https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log
These files are from my second
Thanks for taking time to find a solution.
1. Location of log files is /var/log/sssd , I just didn`t know that each
section of sssd.conf file produced its own log file:
/var/log/sssd/sssd_your.domain.log
/var/log/sssd/sssd_nss.log
2. For the client side, here again the list of snapshots
On (14/10/14 10:23), Orkhan Gasimov wrote:
Thanks to both of you for the interest.
Here`s the info you asked:
1. Putting debug_level = 7 either in [domain] or/and [nss] section of the
/usr/local/etc/sssd/sssd.conf file gives nothing in the log. The log file
located at /var/log/sssd/sssd.log is
I suspected that problems could arise with DNS, and here they are...
In fact, this entire string: ipa_server = _srv_ #our FreeIPA server has
DNS SRV entries was taken as-is from the how-to on FreeBSD forums.
First I commented it out, because was unsure sure if it was appropriate
for my simple
I tried to avoid setting up a third VM to serve as a DNS server for my
test scenario. Thought it would be possible to set up working FreeIPA
client-server interaction with just 2 VMs correct hostnames
/etc/hosts files in them.
Do I correctly understand your idea that it`s a MUST to set up a
On 14.10.2014 11:49, Orkhan Gasimov wrote:
I suspected that problems could arise with DNS, and here they are...
In fact, this entire string: ipa_server = _srv_ #our FreeIPA server has DNS
SRV entries was taken as-is from the how-to on FreeBSD forums. First I
commented it out, because was unsure
On Tue, 14 Oct 2014, Orkhan Gasimov wrote:
I tried to avoid setting up a third VM to serve as a DNS server for my
test scenario. Thought it would be possible to set up working FreeIPA
client-server interaction with just 2 VMs correct hostnames
/etc/hosts files in them.
Many applications
I`ll try such a test setup, then share information about results.
14-Oct-14 15:04, Petr Spacek пишет:
On 14.10.2014 11:49, Orkhan Gasimov wrote:
I suspected that problems could arise with DNS, and here they are...
In fact, this entire string: ipa_server = _srv_ #our FreeIPA server
has DNS
On 14.10.2014 11:49, Orkhan Gasimov wrote:
I suspected that problems could arise with DNS, and here they are...
In fact, this entire string: ipa_server = _srv_ #our FreeIPA server has DNS
SRV entries was taken as-is from the how-to on FreeBSD forums. First I
commented it out, because was unsure
I need further assistance with this moment:
specify IPA domain name which is sub-domain of you existing domain
(e.g. ipa.eurosel.az) .
Currently my FreeIPA server's hostname is ipa1.eurosel.az, and client's
hostname is bsd1.eurosel.az.
So when running this command:
ipa-server-install
On 14.10.2014 13:48, Orkhan Gasimov wrote:
I need further assistance with this moment:
specify IPA domain name which is sub-domain of you existing domain (e.g.
ipa.eurosel.az) .
Currently my FreeIPA server's hostname is ipa1.eurosel.az, and client's
hostname is bsd1.eurosel.az.
So when running
So which way do I go?
1) Change the server VM`s hostname from ipa1.eurosel.az to
ipa1.ipa.eurosel.az prior to issuing IPA installation command
2) or leave my hostname and contents of /etc/hosts file intact and
specify a different FQDN and domain part of the IPA server after issuing
IPA
On Tue, 14 Oct 2014, Orkhan Gasimov wrote:
So which way do I go?
1) Change the server VM`s hostname from ipa1.eurosel.az to
ipa1.ipa.eurosel.az prior to issuing IPA installation command
2) or leave my hostname and contents of /etc/hosts file intact and
specify a different FQDN and domain part
On 14.10.2014 15:06, Alexander Bokovoy wrote:
On Tue, 14 Oct 2014, Orkhan Gasimov wrote:
So which way do I go?
1) Change the server VM`s hostname from ipa1.eurosel.az to
ipa1.ipa.eurosel.az prior to issuing IPA installation command
2) or leave my hostname and contents of /etc/hosts file intact
Ok, friends, you helped me to understand one thing. My test scenario with 2 VMs
and no DNS server introduces problems with DNS resolution, which seems to be
almost necessary. So now I have 2 tasks:
1) properly configure IPA server to work with DNS;
2) make a FreeBSD host (which is a non-native
On Tue, Oct 14, 2014 at 03:13:06PM +0200, Lukas Slebodnik wrote:
On (14/10/14 17:48), Fraser Tweedale wrote:
On Tue, Oct 14, 2014 at 12:34:09PM +0500, Orkhan Gasimov wrote:
With help from Alexander Bokovoy I found correct log destinations:
sssd-domain-log:
On Mon, Oct 13, 2014 at 10:10:12PM +0400, Орхан Касумов wrote:
Good day to everybody.
There`s a post on how to make a FreeBSD client work with a FreeIPA server:
https://forums.freebsd.org/viewtopic.php?f=39t=46526p=260146#p260146
For some reason the instructions in that post don`t lead to
On (13/10/14 20:33), Jakub Hrozek wrote:
On Mon, Oct 13, 2014 at 10:10:12PM +0400, Орхан Касумов wrote:
Good day to everybody.
There`s a post on how to make a FreeBSD client work with a FreeIPA server:
https://forums.freebsd.org/viewtopic.php?f=39t=46526p=260146#p260146
For some reason
Thanks to both of you for the interest.
Here`s the info you asked:
1. Putting debug_level = 7 either in [domain] or/and [nss] section of
the /usr/local/etc/sssd/sssd.conf file gives nothing in the log. The log
file located at /var/log/sssd/sssd.log is only populated with data when
I make some
59 matches
Mail list logo