On 04/29/2015 07:15 PM, Andy Thompson wrote:
-Original Message-
From: thierry bordaz [mailto:tbor...@redhat.com]
Sent: Wednesday, April 29, 2015 1:07 PM
To: Andy Thompson
Cc: Ludwig Krispenz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On
On 04/25/2015 02:58 AM, Christopher Lamb wrote:
Hi All
I too am suffering from the infamous Web ui error “Your session has
expired. Please re-login.” using from browser(s) on remote client(s),
similar to the existing tickets:
On 04/30/2015 05:30 AM, Janelle wrote:
Hi all,
Just wondering if anyone has put together a guide for integrating PWM with
IPA?
I know there is a section on 389-ds, but that is kind of raw-389 and not the
highly modified-for-IPA 389-ds. I would like to set this up for my users, but
really
You got a first replica where you failed to delete the entry.
You got a second replica where you succeeded to delete the entry.
On first replica you can see messages like:
[29/Apr/2015:07:21:32 -0400] ldbm_back_delete - conn=0 op=0 Turning a
tombstone into a tombstone!
On 04/30/2015 12:41 PM, Andy Thompson wrote:
You got a first replica where you failed to delete the entry.
You got a second replica where you succeeded to delete the entry.
On first replica you can see messages like:
[29/Apr/2015:07:21:32 -0400] ldbm_back_delete - conn=0 op=0 Turning a
Hi Petr
Thanks, we solved this issue and reported that back on this thread. The
troubleshooting guide has even been updated as a result.
https://www.redhat.com/archives/freeipa-users/2015-April/msg00605.html
Your suggestion has however hit the nail on the head - the problem was
clock skew
Is there a trick to getting a users SSH key that’s attached to their FreeIPA
account to work on RHEL 5 servers? users can ssh into the RHEL 6 clients with
no issues but they still get prompted for their passwords on the RHEL 5 server,
so it’s not pushing down their ssh keys.
Thanks!
Regards,
On 04/29/2015 05:51 PM, Martin (Lists) wrote:
Am 29.04.2015 um 15:43 schrieb Ludwig Krispenz:
On 04/29/2015 03:17 PM, Martin (Lists) wrote:
Am 27.04.2015 um 09:45 schrieb Ludwig Krispenz:
On 04/26/2015 10:49 AM, Martin (Lists) wrote:
Hallo
after a reboot I get almost thousand of the
It appears that f82 is the user object and f87 is the group object. So you
are
right, I don't think f82 is what we were looking for, it just happened to have
the username in it when I grepped without filtering the uniqueid. I'm not
sure why it was having problems with the user group
On 04/30/2015 02:56 PM, Aric Wilisch wrote:
Is there a trick to getting a users SSH key that’s attached to their FreeIPA
account to work on RHEL 5 servers? users can ssh into the RHEL 6 clients with
no issues but they still get prompted for their passwords on the RHEL 5
server, so it’s not
On Thu, Apr 30, 2015 at 03:13:44PM +0200, Martin Kosek wrote:
On 04/30/2015 02:56 PM, Aric Wilisch wrote:
Is there a trick to getting a users SSH key that’s attached to their
FreeIPA account to work on RHEL 5 servers? users can ssh into the RHEL 6
clients with no issues but they still get
On (30/04/15 15:34), Jakub Hrozek wrote:
On Thu, Apr 30, 2015 at 03:13:44PM +0200, Martin Kosek wrote:
On 04/30/2015 02:56 PM, Aric Wilisch wrote:
Is there a trick to getting a users SSH key that’s attached to their
FreeIPA account to work on RHEL 5 servers? users can ssh into the RHEL 6
Hi,
If you are eager to try Fedora 22 beta and overall try FreeIPA in Fedora
22, be aware that trusts to Active Directory are currently broken due to
Samba 4.2.1 update in Fedora 22.
I've pushed build [1] of Samba today that at least allows Samba
processes to start properly but establishing
On Thu, Apr 30, 2015 at 04:32:30PM +0200, Lukas Slebodnik wrote:
On (30/04/15 15:34), Jakub Hrozek wrote:
On Thu, Apr 30, 2015 at 03:13:44PM +0200, Martin Kosek wrote:
On 04/30/2015 02:56 PM, Aric Wilisch wrote:
Is there a trick to getting a users SSH key that’s attached to their
I wish I could, but unfortunately these are RHEL 5 because the client has not
yet upgraded their software to work on 6 or 7, so I’m stuck with a RHEL 5
infrastructure for awhile.
As long as it authenticates and sudo works we may just have to live with the
keys not working.
Thanks for the
William Graboyes wrote:
Hi list,
The end goal is to eliminate self signed certs from user interaction
with FreeIPA, without having to roll out changes to each user in the
house (and remote locations). So basically changing the CA to a
trusted CA that will not bring scare the users with
Let me ask this a different way.
What is the easiest method of using a trusted third party cert for the web UI?
Running IPA 4.1.0 on Centos 7.
Thanks,
Bill
On 4/30/15 1:44 PM, Rob Crittenden wrote:
William Graboyes wrote:
Hi list,
The end goal is to eliminate self signed certs from user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi list,
The end goal is to eliminate self signed certs from user interaction
with FreeIPA, without having to roll out changes to each user in the
house (and remote locations). So basically changing the CA to a
trusted CA that will not bring scare
On 04/30/2015 04:50 PM, William Graboyes wrote:
Let me ask this a different way.
What is the easiest method of using a trusted third party cert for the web UI?
Make IPA CA-less with just certs from that 3rd party CA installed or
make IPA trust that CA and be a sub CA.
With respect, neither option is realistic in the common case. Unless I'm
mistaken, a CA-less installation will break in ~1 year when host
certificates expire and are not automatically renewed via certmonger.
Option 2 (sub-CA) is, as far as I can tell, also not feasible since no
public CA will sell
I have to agree with Benjamen here.
I guess it is time to get deep into API documentation. This is a hell of a lot
of hoops to jump through just so that users who don't have shell access can
easily change their passwords without having to see a scare page. Distributing
the IPA CA is not an
21 matches
Mail list logo