On Fri, 17 Oct 2014, Vaclav Adamec wrote:
Hi,
is there any valid documentation/setup to get sudo working?
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/example-configuring-sudo.html
is not usable, modification of another files are needed to get at least
attempts to ldap (for
On Fri, 17 Oct 2014, Vaclav Adamec wrote:
Mixture of bot method is result of testing, just registration via
ipa-client (maybe CentOS 6 has only ipa-client-3.0.0-37 ?) definitely not
setup anything about sudo. I'll try to build 4.0.3 client for CentOS 6, but
right now:
Installing 4.x (client or
Thanks for your time. Man pages were the first, but it's not working just
base on that. Find out that libsss_sudo is desperately needed and it's not
required by ipa-client rpm. So now I only need to check sudo policy in IPA,
as there is obviously some issue, but connection is working.
yum
Replying to myself is great... Anyway, maybe this info will be useful
for people like me, trying to integrate FreeBSD with FreeIPA.
Solved some problems:
1. SSH-ing as existing IPA user rsiwal to my FreeBSD client fails.
The same user can SSH or locally login to my Linux client.
That
On Fri, 17 Oct 2014, Vaclav Adamec wrote:
Thanks for your time. Man pages were the first, but it's not working just
base on that. Find out that libsss_sudo is desperately needed and it's not
required by ipa-client rpm. So now I only need to check sudo policy in IPA,
as there is obviously some
On (17/10/14 12:01), Alexander Bokovoy wrote:
Didn`t find a solution yet. But I think this is caused by lack of proper
configuration of Kerberos on my FreeBSD client. On my Linux client I found
such a configuration in /etc/krb5.conf file. However, there's no such file
on my FreeBSD client, as the
This idea is great, it would be invaluable for many people trying to
integrate FreeBSD with FreeIPA. Currently there's only one post about
this at FreeBSD forums, but it's not detailed and tells nothing about
many cavets of the process.
You would have helped a lot of people to avoid
Unfortunately, putting that line in /etc/pam.d/system prevents me from
being able to locally login to the BSD client.
At the same time, the same line in /etc/pam.d/sshd or /etc/pam.d/login
doesn't give unexpected behaviours.
Bug, bug, bug...
17-Oct-14 14:15, Lukas Slebodnik пишет:
I would
On 10/17/2014 10:21 AM, Alexander Bokovoy wrote:
On Fri, 17 Oct 2014, Vaclav Adamec wrote:
Thanks for your time. Man pages were the first, but it's not working just
base on that. Find out that libsss_sudo is desperately needed and it's not
required by ipa-client rpm. So now I only need to
On 10/17/2014 01:01 PM, Orkhan Gasimov wrote:
That format is not simple for me, as I'm not a programmer. But after I check,
double-check and triple-check my FreeBSD - FreeIPA integration via SSSD and
assure that it works without unexpected behaviors, I'll probably write a
HOW-TO
on this
Of course! But for now I'm in process of checking my integration and
there are some things I don't like.
First and foremost, any change on the IPA server is not automatically
reflected on the BSD client.
Only after SSSD is manually restarted on the client, something like
it's cache is cleared
On (17/10/14 15:44), Orkhan Gasimov wrote:
Unfortunately, putting that line in /etc/pam.d/system prevents me from being
able to locally login to the BSD client.
At the same time, the same line in /etc/pam.d/sshd or /etc/pam.d/login
doesn't give unexpected behaviours.
Bug, bug, bug...
It works for
On 10/17/2014 01:28 PM, Orkhan Gasimov wrote:
Of course! But for now I'm in process of checking my integration and there are
some things I don't like.
First and foremost, any change on the IPA server is not automatically
reflected
on the BSD client.
Only after SSSD is manually restarted on
On (17/10/14 16:28), Orkhan Gasimov wrote:
Of course! But for now I'm in process of checking my integration and there
are some things I don't like.
First and foremost, any change on the IPA server is not automatically
reflected on the BSD client.
sssd uses few levels of caches. If you want to have
I found another solution (currently checked it only for adding/deleting
a sudo rule for a user, and also enabling/disabling a user) - add to the
[domain] section of the sssd.conf file: entry_cache_timeout = 5.
17-Oct-14 16:39, Lukas Slebodnik пишет:
sssd uses few levels of caches. If you
Hi,
maybe there is a case problem, if I try the following command, note some
capital letters:
# ipa config-mod --userobjectclasses=ipaObject
--userobjectclasses=ine*tO*rgperson --userobjectclasses=person
--userobjectclasses=posixaccount --userobjectclasses=inetuser
christof.schu...@ww.uni-erlangen.de wrote:
The FreeIPA is 3.0.0 server is running on CentOS 6.5.
The CA subsystem certificates have all been renewed and will expire not
until 2016. In the
I think the problems come from modifications a colleague did to
/etc/httpd/ipa-pki-proxy.conf ,
17 matches
Mail list logo