On Mon, Oct 31, 2016 at 04:17:08PM -0400, Geordie Grindle wrote:
>
> Hello,
>
> I’m unable to ssh as ‘root’ onto any of my new CentOS 7 hosts. I’ve always
> been able to do so on CentOS6.x
>
> We normally have the file ‘/root/.k5login’ listing the designated system
> admins’ principals. Once
Jake,
I've seen this behaviour and am still struggling to find a solution.
The version of underlying OS and sssd are useful to know fwiw.
To trouble shoot HBAC:
- in *target machine* sssd.conf, add debug_level=7 to each stanza (can go
as high as 9, but I believe 7 will be sufficient)
-
Hey All,
Quick question on IPA Service discover and selection (ldap/kerberos in ad
trust).
Do IPA clients ping results of SRV records to determine which server they send
requests (for ldap/kerberos specifically)?
I have 8 AD Domain controllers, 2 in each location, and 4 ipa servers (2 in
Details:
ipa-client-install --version
4.2.0
sssd --version
1.13.0
krb5-config --version
Kerberos 5 release 1.13.2
cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
I hope this helps, also can I disable the allow-all rule per-host?
Thanks,
Jake
From: "Lachlan Musicman"
On 02.11.2016 03:03, 郑磊 wrote:
> Hello Timo Aaltonen,
> I got your mail information from the changelog file of the freeipa
> deb package. I'm using freeipa on Ubuntu, and having a test and research
> with the function of freeipa. At the same time, I have carried on the
> chinese translation to
Sorry for the late reply, I've seen this on the mailing list a few times and
wondered it myselfthis was my solution:
IPA has an option to use RADIUS password, which you can also override the
username. So for those users that are allowed to manage IPA, we have
google-auth and freeradius
Hey All,
I'm having some issues tracing HBAC policies, it seems whenever I disable the
allow_all policy, I'm no longer able to access services I have allowed in my
more-specific hbac policy.
What are the troubleshooting steps (logs) I can run on the client to see what
is being denied and by