Re: [Freeipa-users] Best and Secure Way for a System Account

Hello, many, many thanks, this was the Problem ;-) now I have a modifying entry "cn=users,cn=accounts,dc=example,dc=com" :-))) So now I hope I can configure my dovecot Server and the mailAlternatAddress was found! Thanks again. Am Freitag, 21. Oktober 2016, 16:21:35 schrieb Ludwig Krispenz:

Re: [Freeipa-users] cannot ssh in (sss_ssh_authorizedkeys returned status 1) ??

On 21/10/16 14:11, Sumit Bose wrote: On Fri, Oct 21, 2016 at 01:55:19PM +0100, lejeczek wrote: hi all I cannot ssh from a boxA (ipa-server-4.2.0-15.sl7_2.19.x86_64) to a boxB (ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64) I realize that to assume versions differences cause it is bit silly

[Freeipa-users] Certmonger (or similar) for FreeBSD?

We have a lot of FreeBSD systems that I would like to streamline certificate issuance and renewal. Ideally, we could leverage our FreeIPA system's CA to do this. But, certmonger doesn't run on FreeBSD (or does it?). What other means have other people tried, or would you recommend investigating,

Re: [Freeipa-users] IPA-AD trust group membership: display 'short' group names for *two* AD domains?

On Fri, Oct 21, 2016 at 04:07:16PM +1100, Robert Sturrock wrote: > > On Thu, Oct 20, 2016 at 04:46:01PM +1100, Robert Sturrock wrote: > > […] > > > However, when I try logging in as a student domain user > > > (student.example.au), > > > I don't see any of the groups (there should be 8): > > > >

[Freeipa-users] questions regarding OTP tokens

Hello, I have a couple of questions regarding the OTP tokens: 1. Can I limit the number of active tokens a regular user can have at a given time? If yes, then how? 2. Can I forbid the regular to generate OTP tokens? (they should only have a token assigned by an administrator) 3. Other

Re: [Freeipa-users] Best and Secure Way for a System Account

Hello Martin and List, Pardon me, but anything is wrong with the ldif i ldapmodify -D 'cn=Directory Manager' -W -f alias.ldif Enter LDAP Password: ldapmodify: invalid format (line 5) entry: "cn=users,cn=accounts,dc=4gjn,dc=com" I have search and read now any Days, but this FreeIPA / LDAP

[Freeipa-users] Do expired passwords remain usable indefinitely?

Question: when a password expires, does it remain in a usable state in the database indefinitely? For example, if someone comes along a year after their password has expired, can they still login once with that password? This is actually what I want, but I just want to confirm there's not

Re: [Freeipa-users] Promote CA-less replica

James Harrison wrote: Hi, Thanks again. Lastly, we've switched away from Ubuntu's FreeIPA due to a bad Samba compilation choice stopping AD trusts from working (samba isn't using MIT kerberos). We're now using CentOS 7.2. While we know the CentOS version will operate correctly, we only

Re: [Freeipa-users] cannot ssh in (sss_ssh_authorizedkeys returned status 1) ??

On Fri, Oct 21, 2016 at 01:55:19PM +0100, lejeczek wrote: > hi all > > I cannot ssh from a boxA (ipa-server-4.2.0-15.sl7_2.19.x86_64) to a boxB > (ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64) > I realize that to assume versions differences cause it is bit silly but > nothing changed except

Re: [Freeipa-users] Best and Secure Way for a System Account

On 10/21/2016 06:42 AM, Günther J. Niederwimmer wrote: Hello Martin and List, Pardon me, but anything is wrong with the ldif i ldapmodify -D 'cn=Directory Manager' -W -f alias.ldif Enter LDAP Password: ldapmodify: invalid format (line 5) entry: "cn=users,cn=accounts,dc=4gjn,dc=com" dn:

[Freeipa-users] Setting "preserve" as default action when deleting in webUI

Hi everyone, In order to prevent administrators to make mistakes that could have silly consequences, I would like to set "preserve" as the default selected action in freeipa's webui. What do you think would be the best way to achieve this ? Thank you in advance, Sebastien Julliot. --

[Freeipa-users] Replica or no replica

Hello After I have lost the entire IPA infrastructure (due to admin error:( ) I have recreated one server that I had a ipa backup for and restored the backup. First problem I had were the replication agreements with the now missing servers. I have used ipa-replica-manage del --force --clean for

[Freeipa-users] cannot ssh in (sss_ssh_authorizedkeys returned status 1) ??

hi all I cannot ssh from a boxA (ipa-server-4.2.0-15.sl7_2.19.x86_64) to a boxB (ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64) I realize that to assume versions differences cause it is bit silly but nothing changed except update of boxB's IPA a day before the problem occur. Also, there is a

Re: [Freeipa-users] Best and Secure Way for a System Account

Hello, Thanks for the answer, Am Freitag, 21. Oktober 2016, 07:11:58 schrieb Rich Megginson: > On 10/21/2016 06:42 AM, Günther J. Niederwimmer wrote: > > Hello Martin and List, > > > > Pardon me, but anything is wrong with the ldif i > > > > ldapmodify -D 'cn=Directory Manager' -W -f

Re: [Freeipa-users] Best and Secure Way for a System Account

On 10/21/2016 08:05 AM, Günther J. Niederwimmer wrote: Hello, Thanks for the answer, Am Freitag, 21. Oktober 2016, 07:11:58 schrieb Rich Megginson: On 10/21/2016 06:42 AM, Günther J. Niederwimmer wrote: Hello Martin and List, Pardon me, but anything is wrong with the ldif i ldapmodify -D

Re: [Freeipa-users] Best and Secure Way for a System Account

On 10/21/2016 04:05 PM, Günther J. Niederwimmer wrote: Hello, Thanks for the answer, Am Freitag, 21. Oktober 2016, 07:11:58 schrieb Rich Megginson: On 10/21/2016 06:42 AM, Günther J. Niederwimmer wrote: Hello Martin and List, Pardon me, but anything is wrong with the ldif i ldapmodify -D

Re: [Freeipa-users] Promote CA-less replica

Hello all, That is really good to know. Thank you for helping me out with this. James From: Rob Crittenden To: "jamesaharriso...@yahoo.co.uk" ; Martin Babinsky ; "freeipa-users@redhat.com"

[Freeipa-users] Question Time and DS

Hello, CentOS 7 1. is it possible to install the DS tools for installing / testing ACI (found in Redhat Docs) without destroy the FreeIPA installation? 2. What is the best way to have a correct time in KVM Clients (FreeIPA Server)? my way in the moment is" chrony", with NTP I have the Problem