On 04/13/2015 05:37 PM, Alexander Bokovoy wrote:
> On Mon, 13 Apr 2015, Gould, Joshua wrote:
>> I’ve looked at the docs and it looks as if I can specify an external
>> user who can have sudo rights via IPA.
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Do
I am personally not aware of such deployment. The linux-nfs.org NFS HOWTOs we
link from
http://www.freeipa.org/page/HowTos#Authentication
also uses no_root_squash.
To do this properly, I assume you would need have some notification mechanism
deployed on FreeIPA server, that would trigger the home
You do not need to uninstall the 4 server, you just need to install the CA
component on it:
# ipa-ca-install /path/to/replica.file
... and make it CRL/renewal master. See step 8 and later in
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authe
On 13.4.2015 16:07, Janne Blomqvist wrote:
> On 2015-04-10 12:05, Petr Spacek wrote:
>> On 10.4.2015 10:52, Janne Blomqvist wrote:
>>> On 2015-04-07 14:29, Martin Kosek wrote:
On 04/05/2015 08:03 PM, Dmitri Pal wrote:
> On 04/05/2015 12:51 PM, Janelle wrote:
>> Hello,
>>
>> Try
Thanks. Yes, the feature would be pretty useful. Do you have any thoughts
on the documentation blurb mentioned a couple of mails ago ( "Use a remote
user ...") ? The local root on the IPA server can be mapped to a
particular user on the NFS server. That bit sounds straightforward. The
other parts
On Tue, 14 Apr 2015, Martin Kosek wrote:
On 04/13/2015 05:37 PM, Alexander Bokovoy wrote:
On Mon, 13 Apr 2015, Gould, Joshua wrote:
I’ve looked at the docs and it looks as if I can specify an external
user who can have sudo rights via IPA.
https://access.redhat.com/documentation/en-US/Red_Hat_
We will get someone review the chapter again, to remove the uncertainty. Would
you then be willing to proof-read the result?
On 04/14/2015 10:37 AM, Prasun Gera wrote:
> Thanks. Yes, the feature would be pretty useful. Do you have any thoughts
> on the documentation blurb mentioned a couple of mai
On Tue, 14 Apr 2015, Prasun Gera wrote:
Thanks. Yes, the feature would be pretty useful. Do you have any thoughts
on the documentation blurb mentioned a couple of mails ago ( "Use a remote
user ...") ? The local root on the IPA server can be mapped to a
particular user on the NFS server. That bi
Getting FreeIPA Synology DSM5 working together is something I'm interested in
doing as well.
I'm happy to proof read as well
> On 14 Apr 2015, at 09:55, Martin Kosek wrote:
>
> We will get someone review the chapter again, to remove the uncertainty. Would
> you then be willing to proof-read t
On 04/14/2015 11:04 AM, Iain Bell wrote:
> Getting FreeIPA Synology DSM5 working together is something I'm interested in
> doing as well.
Just to make sure we are on the same page - someone would proof read the
problematic chapter in Red Hat docs:
https://access.redhat.com/documentation/en-US/R
I can proof read the revised documentation and try out any additional steps
that would help in enabling this feature (automatic home dir creation on
client login).
On Tue, Apr 14, 2015 at 6:17 AM, Martin Kosek wrote:
> On 04/14/2015 11:04 AM, Iain Bell wrote:
> > Getting FreeIPA Synology DSM5 wo
Thanks that actually helped. I have the CA moved and the old server
decommissioned now. Thanks.
Regards,
--
Aric Wilisch
awili...@gmail.com
> On Apr 14, 2015, at 3:07 AM, Martin Kosek wrote:
>
> You do not need to uninstall the 4 server, you just need
We have the option to deploy our production IPA environment on either
x86_64/VMWare or IBM Power. The RHEL7 IDM doc states that only x86_64 is
supported.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/prereqs.ht
On 04/14/2015 09:37 AM, Gould, Joshua wrote:
We have the option to deploy our production IPA environment on either
x86_64/VMWare or IBM Power. The RHEL7 IDM doc states that only x86_64
is supported.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Iden
On 04/13/2015 10:41 PM, Thomas Lau wrote:
Hi,
It's an in-house program which runs on one kerberos user.
You need to look what this program is doing.
I suspect it is doing some sort of kinit itself and does not rely on the
PAM stack, i.e it bypasses SSSD in the given scenario.
Can this be the
Thanks for confirmation. Enjoy the new and shiny FreeIPA 4.1+! :-)
On 04/14/2015 02:59 PM, Aric Wilisch wrote:
> Thanks that actually helped. I have the CA moved and the old server
> decommissioned now. Thanks.
>
> Regards,
> --
> Aric Wilisch
> awili...@g
Hello,
I'm trying to delete a group in IdM but when I do a ipa group-del "group" it
states the following;
Ipa: ERROR: "group": group not found
I do an ipa group-find and it displays the group with the current memebers.
I look in the WebgUI and I can see the group in there but it has no
informa
Joseph, Matthew (EXP) wrote:
> Hello,
>
>
>
> Im trying to delete a group in IdM but when I do a ipa group-del
> group it states the following;
>
> Ipa: ERROR: group: group not found
>
>
>
> I do an ipa group-find and it displays the group with the current memebers.
>
>
>
> I look
On Fri, Apr 10, 2015 at 08:48 PM, Jakub Hrozek wrote:
On Fri, Apr 10, 2015 at 12:39:20PM -0400, Dmitri Pal wrote:
On 04/10/2015 08:13 AM, Mateusz Malek wrote:
I'm about to migrate my OpenLDAP-based environment to FreeIPA, however
I've hit some weird performance problems. When I'm using IPA, i
Hey Rob,
It couldn't find the group when I did your command. I replaced show with find
and was able to find the dn number.
I can use the ldapdelete command to delete the entry right?
Thanks,
Matt
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Tuesday, April
Hey Rob,
So I'm trying to delete this group but I can't seem to find an example.
Would you be able to provide an example for me? Should I be telling the command
the nsuniqueid or the sn=groupname or the ipauniqueid?
Thanks,
Matt
-Original Message-
From: Rob Crittenden [mailto:rcrit...@
Hey Rob,
So I did the following command;
Ldapdelete -D "cn=Directory Manager" -h server_name -p 389
"cn=group_name,cn=groups,cn=accounts,dc=domain,dc=ca" and it comes back with
the following;
Ldap_delete: No such object
I also tried replacing the group_name with the nsuniqueid and still the sa
Joseph, Matthew (EXP) wrote:
> Hey Rob,
>
> So I did the following command;
>
> Ldapdelete -D "cn=Directory Manager" -h server_name -p 389
> "cn=group_name,cn=groups,cn=accounts,dc=domain,dc=ca" and it comes back with
> the following;
> Ldap_delete: No such object
>
> I also tried replacing th
David Dejaeghere wrote:
> Hi Rob,
>
> So you want to output of the command using pk12 with server cert and
> key? or with the ca chain in there too?
>
Oddly enough it is failing in exactly the same place. Those GoDaddy CA
certs are still being loaded from somewhere, I'm not sure where, and I
sus
I tried to do the following command;
Ldapdelete -D "cn=Directory Manager" -h server_name -p 389
"cn=nsuniqueid_random_set_of_numbers,cn=groups,cn=accounts,dc=domain,dc=ca"
And I get the ldap_delete: no such object
Matt
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Joseph, Matthew (EXP) wrote:
> I tried to do the following command;
> Ldapdelete -D "cn=Directory Manager" -h server_name -p 389
> "cn=nsuniqueid_random_set_of_numbers,cn=groups,cn=accounts,dc=domain,dc=ca"
> And I get the ldap_delete: no such object
Maybe this will help:
https://access.redhat.co
Hello
I mean I have a Problem with the ipa-getcert script.
system CentOS 7 (1503) and IPA 4.1.x
can any help or declare my mistake or is this a IPA Problem
I do a
kinit admin
ipa-getcert request -d /etc/pki/nssdb -n Server-Cert -K HOST/xxx.4gjn.prv -N
'CN=xxx.4gjn.prv,O=$4GJN.PRV'
and have
On Tue, Apr 14, 2015 at 08:18:38PM +0200, Günther J. Niederwimmer wrote:
> Hello
>
> I mean I have a Problem with the ipa-getcert script.
>
> system CentOS 7 (1503) and IPA 4.1.x
>
> can any help or declare my mistake or is this a IPA Problem
>
> I do a
>
> kinit admin
>
> ipa-getcert request
On 04/14/2015 05:36 PM, Mateusz Malek wrote:
On Fri, Apr 10, 2015 at 08:48 PM, Jakub Hrozek wrote:
On Fri, Apr 10, 2015 at 12:39:20PM -0400, Dmitri Pal wrote:
On 04/10/2015 08:13 AM, Mateusz Malek wrote:
I'm about to migrate my OpenLDAP-based environment to FreeIPA, however
I've hit some wei
On 04/14/2015 12:35 PM, thierry bordaz wrote:
On 04/14/2015 05:36 PM, Mateusz Malek wrote:
On Fri, Apr 10, 2015 at 08:48 PM, Jakub Hrozek wrote:
On Fri, Apr 10, 2015 at 12:39:20PM -0400, Dmitri Pal wrote:
On 04/10/2015 08:13 AM, Mateusz Malek wrote:
I'm about to migrate my OpenLDAP-based env
Hi
Dealing with AD --> Cert Trust I am reaching the following step:
ipa trust-add ad.company.com --admin --password
Active Directory domain administrator's password:
ipa: ERROR: AD DC was unable to reach any IPA domain controller. Most
likely it is a DNS or firewall issue
Reaching this
On Tue, 14 Apr 2015, g.fer.or...@unicyber.co.uk wrote:
Hi
Dealing with AD --> Cert Trust I am reaching the following step:
ipa trust-add ad.company.com --admin --password
Active Directory domain administrator's password:
ipa: ERROR: AD DC was unable to reach any IPA domain controller. Most
Hi,
Dne 14.4.2015 v 19:47 Rob Crittenden napsal(a):
David Dejaeghere wrote:
Hi Rob,
So you want to output of the command using pk12 with server cert and
key? or with the ca chain in there too?
Oddly enough it is failing in exactly the same place. Those GoDaddy CA
certs are still being loade
Hello,
Am Dienstag, 14. April 2015, 14:29:58 schrieb Nalin Dahyabhai:
> On Tue, Apr 14, 2015 at 08:18:38PM +0200, Günther J. Niederwimmer wrote:
> > Hello
> >
> > I mean I have a Problem with the ipa-getcert script.
> >
> > system CentOS 7 (1503) and IPA 4.1.x
> >
> > can any help or declare my
34 matches
Mail list logo