On (23/08/14 22:48), Dmitri Pal wrote:
On 08/23/2014 10:32 PM, Kat wrote:
I am working on the same thing - specifically I have found the libnl
dependencies to be the biggest headache. If I get anywhere over the
weekend, I will let you all know.
do not forget about sssd, samba, certmonger,
On 08/22/2014 10:41 PM, Michael Lasevich wrote:
Trying to use ipa command line admin tools from Ubuntu 14.04 box against
3.0.0 CentOS 6 server and running into trouble.
Seems like upgrading server is not an option without upgrading the server,
and 3.3.0 client is not compatible with 3.0.0
Hi,
Dne 25.8.2014 v 03:04 Chris Whittle napsal(a):
Trying to do this
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
And I keep getting Error unable to get local issuer certificate getting
chain.
Where are you getting this error? ipa-server-certinstall, or httpd, or
Hi,
Dne 8.8.2014 v 14:46 Nicklas Björk napsal(a):
Trying to upgrade from FreeIPA 3.0 running on CentOS 6 to 3.3 on CentOS
7 using migration. I seem to have run into some certificate problems and
the replica installation halts half-way through. We have a simple
CA-structure, where FreeIPA has
On Sun, 24 Aug 2014, Nordgren, Bryce L -FS wrote:
Over the past month, I rearranged my local systems for our
collaboration environment. The essence of the work is to combine
employee identities (defined in AD) with identities for external users
(defined in FreeIPA), massage them so that they
hi
i integrated AD windows 208 R2 with IPA server (centos 6.5)
i write a sudo policy and access for specified user and host with allow any
command.
user can execute sudo in centos 7 but when user loggin on centos 6.5 can
not execute sudo and get error below
user@AD is not in sudoers file.
i
On 08/25/2014 12:01 PM, alireza baghery wrote:
hi
i integrated AD windows 208 R2 with IPA server (centos 6.5)
i write a sudo policy and access for specified user and host with
allow any command.
user can execute sudo in centos 7 but when user loggin on centos 6.5
can not execute sudo and get
Good Morning,
I'm very new to freeIPA. I'm running centOS 6.5 with freeIPA v3
I have the freeIPA server up but i'm working on getting SUDO
configured. Currently i'm having problems getting sudo commands to
work on the client. I'm a bit unclear if i have everything configured
correctly. The
On 08/25/2014 12:51 PM, Megan . wrote:
Good Morning,
I'm very new to freeIPA.
Welcome on board!
I'm running centOS 6.5 with freeIPA v3
I have the freeIPA server up but i'm working on getting SUDO
configured. Currently i'm having problems getting sudo commands to
work on the client.
On Mon, 25 Aug 2014, Martin Kosek wrote:
On 08/25/2014 12:51 PM, Megan . wrote:
Good Morning,
I'm very new to freeIPA.
Welcome on board!
I'm running centOS 6.5 with freeIPA v3
I have the freeIPA server up but i'm working on getting SUDO
configured. Currently i'm having problems getting
I have 4 installed and I get it when I try to generate the pk12
On Aug 25, 2014 3:50 AM, Jan Cholasta jchol...@redhat.com wrote:
Hi,
Dne 25.8.2014 v 03:04 Chris Whittle napsal(a):
Trying to do this
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
And I keep getting
On Mon, Aug 25, 2014 at 12:12:26PM +0200, Dmitri Pal wrote:
On 08/25/2014 12:01 PM, alireza baghery wrote:
hi
i integrated AD windows 208 R2 with IPA server (centos 6.5)
i write a sudo policy and access for specified user and host with allow
any command.
user can execute sudo in centos 7 but
On (25/08/14 14:31), alireza baghery wrote:
hi
i integrated AD windows 208 R2 with IPA server (centos 6.5)
i write a sudo policy and access for specified user and host with allow any
command.
user can execute sudo in centos 7 but when user loggin on centos 6.5 can
not execute sudo and get error
Below is the output from the sss_domain.log when i ran the sudo
command as the user. I see things about offline replies and LDAP not
working. Is this my problem or is this part of a normal series of
items that are tried?
(Mon Aug 25 11:53:23 2014) [sssd[be[server.example.com]]]
On Mon, Aug 25, 2014 at 06:51:27AM -0400, Megan . wrote:
Good Morning,
I'm very new to freeIPA. I'm running centOS 6.5 with freeIPA v3
I have the freeIPA server up but i'm working on getting SUDO
configured. Currently i'm having problems getting sudo commands to
work on the client. I'm
On Mon, Aug 25, 2014 at 01:58:41PM +0200, Jakub Hrozek wrote:
For sudo logs, something like:
Debug sudo /tmp/sudo_debug all@debug
Should produce pretty verbose logs
Sorry, I should have said the Debug directive belongs to /etc/sudo.conf
--
Manage your subscription for the
On Mon, Aug 25, 2014 at 08:02:02AM -0400, Megan . wrote:
Below is the output from the sss_domain.log when i ran the sudo
command as the user. I see things about offline replies and LDAP not
working. Is this my problem or is this part of a normal series of
items that are tried?
(Mon Aug
ok. Changed debug_level to 7. I already it in the domain section (first line).
Not sure if this makes a difference
[root@map1 pam.d]# cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired
Hi,
I would like to create a script in python that does the same that kinit, I
don´t where to start.
I have checked many examples and I guess I need to do some HTTP requests
against the server, is that possible to do it using freeipa? What is the
url?
Thanks in advance
Yago
--
Yago
On Mon, Aug 25, 2014 at 02:43:00PM +0200, Yago Fernández Pinilla wrote:
Hi,
I would like to create a script in python that does the same that kinit, I
don´t where to start.
Why do you need this?
--
Manage your subscription for the Freeipa-users mailing list:
I want to integrate it in other service. Is there any good documentation
about the APIs?
Thanks in advance
On Mon, Aug 25, 2014 at 3:08 PM, Jakub Hrozek jhro...@redhat.com wrote:
On Mon, Aug 25, 2014 at 02:43:00PM +0200, Yago Fernández Pinilla wrote:
Hi,
I would like to create a script
I found this but I think it's just IPA certs?
http://www.freeipa.org/page/V4/CA_certificate_renewal
Basically I want to use my existing wildcard cert for https and ldaps...
I did this on my 3.3 install on CentOS but now I'm on a 4 install on Fedora
Core.
Any help would be more than appreciated!
Yago Fernández Pinilla wrote:
I want to integrate it in other service. Is there any good documentation
about the APIs?
We really need more details in order to help you.
The API for IPA is not documented though once you get the patterns down
it is fairly straightforward.
This of course is a
Yago Fernández Pinilla wrote:
I'm using FreeIpa 3.3.5. And according to what I saw, using the API,
seems to be the best option.
For the time being I just want to request tickets and check tickets.
Is that possible?
.
I'm still not sure what it is you're trying to do.
It's important to
ok I think I got it again... If anyone is looking for this here is the
answer that worked for me
1. Here are the steps
1.
http://stackoverflow.com/questions/23374894/mod-nss-with-apache-public-certificate-issue?noredirect=1#comment36504881_23374894
-- start at Convert crt
I spoke a little too soon... It's working fine (browser is using new cert
and also ldaps is using the new cert) except when you go to the certs page
on the ui.
https://DOMAIN/ipa/ui/#/e/cert/search
An error has occurred (IPA Error 4301: CertificateOperationError)
Certificate operation cannot be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Megan,
I had the same problem with CENTOS 6.5 and free-ipa. I did a ton of
searching, and IIRC the conclusion was a bug in that version of sssd, I
don't remember all of the details, however I do remember the work
around.
Create a system
I have an IPA setup, one master, one replica; originally installed as v 2.x and
later updated to v 3.0. For whatever reasons, the certs did not automatically
renew and the services would no longer start. I updated the certs manually on
the master using the procedure shown at:
Ott, Dennis wrote:
I have an IPA setup, one master, one replica; originally installed as v
2.x and later updated to v 3.0. For whatever reasons, the certs did not
automatically renew and the services would no longer start. I updated
the certs manually on the master using the procedure shown
I've got my server up and running great with one exception every time I
reboot I have to login and flush the iptables or nothing can connect.
I've found a ton of fixes and none seem to work, I'm on FC20 does anyone
have experience with it and wouldn't mind helping?
--
Manage your subscription
30 matches
Mail list logo
