On 05/11/2015 05:14 PM, Thibaut Pouzet wrote:
Hi !
I am running into a weird problem with my IPA Server, and the
certificates management. My setup is :
CentOS 6.6
pki-ca-9.0.3-38.el6_6.noarch
ipa-server-3.0.0-42.el6.centos.x86_64
Linux ipa_server 2.6.32-504.16.2.el6.x86_64 #1 SMP Wed Apr
On Mon, May 11, 2015 at 08:52:08PM +0200, Vangass wrote:
OK. But the answer granted/declined comes from IPA. So why IPA doesn't
check its own HBAC rules at all?
Maybe the line 'account required pam_sss.so' isn't
necessary/required. I just want to do authentication by IPA HBAC rules.
On 05/12/2015 07:03 AM, Dylan Evans wrote:
Hi Jakub,
It's good to know it's going to happen, let's hope it gets into 1.13
and everyone has a very productive summer!
I've been watching IPA for a couple of years and this is the last
thing that's preventing it from being implemented in our
On Mon, May 11, 2015 at 05:14:16PM +0200, Thibaut Pouzet wrote:
There is one that remains expired, despite all the efforts I put into
renewing it. This is the one used for the pki-ca administration pages
reachable on ports 9443, 9444 and 9445. Here is its status after trying
to resubmit it :
On Tue, May 12, 2015 at 06:39:13PM +0200, Thibaut Pouzet wrote:
After doing what you recommended, the CSR have changed in the debug log :
Certificate Request:
Data:
Version: 0 (0x0)
Subject: O=ipa_domain, CN=ipa_server
Subject Public Key Info:
Le 12/05/2015 18:09, Nalin Dahyabhai a écrit :
On Mon, May 11, 2015 at 05:14:16PM +0200, Thibaut Pouzet wrote:
There is one that remains expired, despite all the efforts I put into
renewing it. This is the one used for the pki-ca administration pages
reachable on ports 9443, 9444 and 9445.
We’re using IPA Server 4.1.0-18. We have a trust between IPA and AD with SID
mapping. In our setup, AD would be example.com and IPA would be say
ipa.example.com.
I’m having some issues configuring both RHEL5 and AIX to work with the compat
tree. In both cases, kerberos works with IPA and AD
On 5/12/2015 1:11 PM, Nalin Dahyabhai wrote:
On Tue, May 12, 2015 at 06:39:13PM +0200, Thibaut Pouzet wrote:
There is no more this weird friendlyName :unable to print
attribute thing, but the NoSuchTokenException is still in the debug log
of pki-ca
Thank you for you answer though,
Hopefully I¹m missing something simple.
For an IPA user:
$ ldapsearch -x ³((uid=ipa_user)(objectclass=posixAccount))² -b
dc=ipa,dc=example,dc=com
This returns a match.
For an AD user:
$ ldapsearch -x ³((uid=ad_user)(objectclass=posixAccount))² -b
cn=compat,dc=ipa,dc=example,dc=com
Does not
Hello Team,
We have RHEL 7.1 and IPA server 4.1.0 in our environment as well as stack of
Oracle software that require existence of local passwordless users like
weblogic and oracle.
Users log in to servers via domain accounts at IPA server.
I’m trying to configure Sudo policy in IPA server
On 05/12/2015 04:44 PM, Andrey Ptashnik wrote:
Hello Team,
We have RHEL 7.1 and IPA server 4.1.0 in our environment as well as
stack of Oracle software that require existence of local passwordless
users like weblogic and oracle.
Users log in to servers via domain accounts at IPA server.
I'm
On 05/12/2015 04:48 PM, Gould, Joshua wrote:
Hopefully I¹m missing something simple.
For an IPA user:
$ ldapsearch -x ³((uid=ipa_user)(objectclass=posixAccount))² -b
dc=ipa,dc=example,dc=com
This returns a match.
For an AD user:
$ ldapsearch -x ³((uid=ad_user)(objectclass=posixAccount))² -b
On 5/12/2015 11:39 AM, Thibaut Pouzet wrote:
There is no more this weird friendlyName :unable to print
attribute thing, but the NoSuchTokenException is still in the debug log
of pki-ca
Hi,
Could you post or email me the CS.cfg and the log files of the CA? Thanks.
--
Endi S.
On Tue, 12 May 2015, Gould, Joshua wrote:
We’re using IPA Server 4.1.0-18. We have a trust between IPA and AD
with SID mapping. In our setup, AD would be example.com and IPA would
be say ipa.example.com.
I’m having some issues configuring both RHEL5 and AIX to work with the
compat tree. In both
For the NOPASSWD option, I found that using !authenticate in the sudo option
is what IPA wants instead.
$ ipa sudorule-add-option readfiles
Sudo Option: !authenticate
-
Added option !authenticate to Sudo rule readfiles
Hi Jakub,
It's good to know it's going to happen, let's hope it gets into 1.13
and everyone has a very productive summer!
I've been watching IPA for a couple of years and this is the last
thing that's preventing it from being implemented in our production
environment.
Thanks,
Dylan.
On 11 May
Hi all,
Thank you very much for all your feedback.
John, I've already tried your setup and it works nicely ... but I still
need to split services among VMs, so no chance anyway.
And I agree with you: it's a must-have feature. As Dylan, it's the last
thing that keeps me from moving it to
17 matches
Mail list logo
