As Alexander mentioned, the LDAP schema still exists to add POSIX
attributes to users and groups in AD but IDMU simply provides a
convenient Graphical interface to manage this. You should still be able
to use powershell or other windows tools to modify POSIX attributes
going forward, but in
Prashant Bapat wrote:
In our FreeIPA deployment the clients use pam_nss_ldapd with the
"compat" schema. No ipa-client.
I'm planning to apply the patched ipa_pwd_extop plugin to only 2 of the
replicas (out of 8) where the external app authenticates against IPA's
LDAP. These 2 replicas are more
On Tue, Jul 26, 2016 at 05:16:34AM -0500, Anthony Joseph Messina wrote:
> On Tuesday, July 26, 2016 2:40:38 PM CDT Fraser Tweedale wrote:
> > On Tue, Jul 26, 2016 at 01:45:19PM +1000, Fraser Tweedale wrote:
> > > On Mon, Jul 25, 2016 at 05:23:31PM -0500, Anthony Joseph Messina wrote:
> > > > After
On Tue, 26 Jul 2016, malo wrote:
Hello,
I am currently setting up an architecture involving FreeIPA to provide
SSO for SSH to the servers.
I have several servers (~1500) in a few datacenters all over the world
(North America, South America, Europe, Asia).
The idea here was to have 4
Hello,
I am currently setting up an architecture involving FreeIPA to provide
SSO for SSH to the servers.
I have several servers (~1500) in a few datacenters all over the world
(North America, South America, Europe, Asia).
The idea here was to have 4 masters/replicas per datacenter, with one
Linov Suresh wrote:
Removed the duplicate certificates and and tried to renew the
certificates, we were able to renew the certificates and "*ca-error:
Internal error: no response to
"http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert_num=63=true=true"*.;
gone this time.
Linov Suresh wrote:
I tried to create master replica using the option --setup-ca, it failed,
because of "Your system may be partly configured."
Please note we use different ipa package for master and replica.
master:
[root@caer ~]# rpm -q ipa-server
ipa-server-3.0.0-26.el6_4.2.x86_64
replica:
On Tuesday, July 26, 2016 2:40:38 PM CDT Fraser Tweedale wrote:
> On Tue, Jul 26, 2016 at 01:45:19PM +1000, Fraser Tweedale wrote:
> > On Mon, Jul 25, 2016 at 05:23:31PM -0500, Anthony Joseph Messina wrote:
> > > After upgrading to FreeIPA 4.3.1, I am getting "Error querying OCSP
> > > responder"
Hi all,
Still around the auditing problem with IPA, it seems the part related to
auditing is completely missing in IPA and that is not really good.
For instance, to find out who did what, who added or modified the permissions
or users or sudo rules, etc, all this need auditing and it needs to
This is the case I am after just to be more precise:
https://access.redhat.com/solutions/441893
It was requested 3yrs ago but no follow up so far.
From: Stefan Uygur
Sent: 26 July 2016 11:18
To: freeipa-users@redhat.com
Subject: who did what on IPAv3 - auditing
Hi all,
Still around the auditing
What we have done this as follows.
1. For all the changes, happening thru IPA APIs (either cmd line of WebUI)
you can capture these in the httpd error logs. We trigger alert emails on
important events such as new user addition etc.
2. For everything including the above, you can always enable the
Hi Stefan,
have you seen this:
https://access.redhat.com/solutions/772563
regards,
--- Ernedin ZAJKO
eza...@root.ba
> 340282366920938463463374607431768211456
On Tue, Jul 26, 2016 at 12:45 PM, Stefan Uygur
wrote:
> This is the case I am after just to be more
I've been following the doc here:
https://www.freeipa.org/page/Active_Directory_trust_setup
To get AD Trust setup for auth of our windows users and vice-versae.
I'm getting to the point of running ipa-adtrust-install and getting the
following:
[root@awse-util1 ~]# ipa-adtrust-install
Removed the duplicate certificates and and tried to renew the certificates,
we were able to renew the certificates and "*ca-error: Internal error: no
response to
"http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert_num=63=true=true
I tried to create master replica using the option --setup-ca, it failed,
because of "Your system may be partly configured."
Please note we use different ipa package for master and replica.
master:
[root@caer ~]# rpm -q ipa-server
ipa-server-3.0.0-26.el6_4.2.x86_64
replica:
[root@neit-lab01 ~]#
I was following the same documentation as IPA master for the replica for
the certificate renewal. But was unsuccessful.
Should we use "How do I manually renew Identity Management (IPA)
certificates after they have expired? (Replica IPA Server)" -
https://access.redhat.com/solutions/962373 ?
On
I've been following the doc here:
https://www.freeipa.org/page/Active_Directory_trust_setup
To get AD Trust setup for auth of our windows users and vice-versae.
I'm getting to the point of running ipa-adtrust-install and getting the
following:
[root@awse-util1 ~]# ipa-adtrust-install
17 matches
Mail list logo