On 02/26/2015 01:15 PM, nat...@nathanpeters.com wrote:
On 02/25/2015 04:37 PM, nat...@nathanpeters.com wrote:
It does not seem to recognize the user in the secan attempt but the
first attempt seems to authenticate and then disconnect.
I do not see trace from accounting session but I suspect
Dmitri Pal wrote:
On 02/25/2015 05:39 PM, Hugh wrote:
On 2/25/2015 3:11 PM, Dmitri Pal wrote:
I think you can start with adding ntUser object class into the list of
the object classes in the IPA configuration in UI. That would apply it
to the new entries automatically.
How is that done? I'd
Hi,
for the record: The problem was a misconfigured Apache on the IPA master,
cf.
https://www.redhat.com/archives/freeipa-users/2015-February/msg00041.html
In my case, my Apache didn't load proxy_ajp_module and after this was
fixed, ipa-replica-install --setup-ca worked as expected.
Had an error on my options for the list and the replies failed to get
to me. We'll see if this reply works. :)
@Dmitri - Anyone coming through this service/host (OpenVPN with pam)
will be required to use 2-Factor. Their normal logins at their desk
are not required for 2-factor, it's ok if they
On 02/25/2015 04:37 PM, nat...@nathanpeters.com wrote:
It does not seem to recognize the user in the secan attempt but the
first attempt seems to authenticate and then disconnect.
I do not see trace from accounting session but I suspect that your pam
stack does not authorize authenticated
On 25.2.2015 19:18, Martin Basti wrote:
And I'm not sure if forwarding between 2 authoritative zones with the same
name
will work, because the zone is authoritative on IPA side, so IPA will return
authoritative answer NXDOMAIN and will not try to forward query.
You may need NS delegation
On 02/26/2015 12:40 PM, Matt Wells wrote:
Had an error on my options for the list and the replies failed to get
to me. We'll see if this reply works. :)
@Dmitri - Anyone coming through this service/host (OpenVPN with pam)
will be required to use 2-Factor. Their normal logins at their desk
are
Yes, we are trying to figure out why IPA users are not being handled
properly however
given that :
1. the method you suggested to troubleshoot my Solaris 10 system, adding
pam_permit.so to the stack, will never work because Solaris does not include
pam_permit.so.
so therefore
2. I had to come
Nathan Peters wrote:
Yes, we are trying to figure out why IPA users are not being handled
properly however
given that :
1. the method you suggested to troubleshoot my Solaris 10 system, adding
pam_permit.so to the stack, will never work because Solaris does not
include pam_permit.so.
so