Re: [Freeipa-users] cannot connect to ldaps during replica install, port 636 not listening

2017-03-03 Thread Chris Herdt
On Fri, Mar 3, 2017 at 4:22 AM, Tomas Krizek wrote: > > > On 03/02/2017 06:25 PM, Chris Herdt wrote: > > On Thu, Mar 2, 2017 at 10:06 AM, Martin Basti wrote: >> >> >> >> >> On 02.03.2017 16:55, Chris Herdt wrote: >> >> >> >> On Thu, Mar 2, 2017 at 2:48 AM,

[Freeipa-users] [solved] Re: GSSAPI for second hop (SSH)

2017-03-03 Thread Jason B. Nance
>I have a FreeIPA 4.4.0 setup with Active Directory trusts. Users >connecting to >Linux servers from their domain-joined workstations are not required to >enter a >password for the first connection. However, if they attempt to ssh to a >second >Linux machine from

Re: [Freeipa-users] GSSAPI for second hop (SSH)

2017-03-03 Thread Jason B. Nance
I have a FreeIPA 4.4.0 setup with Active Directory trusts. Users connecting to Linux servers from their domain-joined workstations are not required to enter a password for the first connection. However, if they attempt to ssh to a second Linux machine from the

Re: [Freeipa-users] GSSAPI for second hop (SSH)

2017-03-03 Thread Alexander Bokovoy
On pe, 03 maalis 2017, Jason B. Nance wrote: I have a FreeIPA 4.4.0 setup with Active Directory trusts. Users connecting to Linux servers from their domain-joined workstations are not required to enter a password for the first connection. However, if they attempt to ssh to a second Linux

Re: [Freeipa-users] GSSAPI for second hop (SSH)

2017-03-03 Thread Jason B. Nance
>> I have a FreeIPA 4.4.0 setup with Active Directory trusts. Users >> connecting to Linux servers from their domain-joined workstations are >> not required to enter a password for the first connection. However, >> if they attempt to ssh to a second Linux machine from the first they >> are being

Re: [Freeipa-users] GSSAPI for second hop (SSH)

2017-03-03 Thread Jason B. Nance
>>I have a FreeIPA 4.4.0 setup with Active Directory trusts. Users connecting >>to >>Linux servers from their domain-joined workstations are not required to enter >>a >>password for the first connection. However, if they attempt to ssh to a >>second >>Linux machine from the first they are

Re: [Freeipa-users] GSSAPI for second hop (SSH)

2017-03-03 Thread Robbie Harwood
"Jason B. Nance" writes: > I have a FreeIPA 4.4.0 setup with Active Directory trusts. Users > connecting to Linux servers from their domain-joined workstations are > not required to enter a password for the first connection. However, > if they attempt to ssh to a second

Re: [Freeipa-users] GSSAPI for second hop (SSH)

2017-03-03 Thread Alexander Bokovoy
On pe, 03 maalis 2017, Jason B. Nance wrote: Hello, I have a FreeIPA 4.4.0 setup with Active Directory trusts. Users connecting to Linux servers from their domain-joined workstations are not required to enter a password for the first connection. However, if they attempt to ssh to a second

[Freeipa-users] GSSAPI for second hop (SSH)

2017-03-03 Thread Jason B. Nance
Hello, I have a FreeIPA 4.4.0 setup with Active Directory trusts. Users connecting to Linux servers from their domain-joined workstations are not required to enter a password for the first connection. However, if they attempt to ssh to a second Linux machine from the first they are being

[Freeipa-users] Freeipa 4.4 creating users with expiration

2017-03-03 Thread Rakesh Rajasekharan
Hello, Am using Freeipa 4.4 version . I would like to create few users only valid for few days or months. So,is there a way to create few users with a preset expiration or auto lock those accounts after a few days Thanks Rakesh -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] renewing cert and migrating free-ipa 3.1

2017-03-03 Thread Rob Crittenden
Umarzuki Mochlis wrote: > At first ip-getcert list hows certificate error > > ca-error: Server failed request, will retry: -504 (libcurl failed to > execute the HTTP POST transaction, explaining: Peer's Certificate has > expired.). > > but after I changed ipa server's date to before expirate

Re: [Freeipa-users] ipa-client-install generates bad sssd.conf

2017-03-03 Thread Rob Crittenden
Harald Dunkel wrote: > On 03/03/17 10:14, Jakub Hrozek wrote: >> On Fri, Mar 03, 2017 at 09:56:55AM +0100, Harald Dunkel wrote: >>> >>> This is systemd-only? >>> >>> Wouldn't it be better to create a working sssd.conf, no matter >>> what? >> >> It is up to whoever is creating the sssd.conf. As I

Re: [Freeipa-users] renewing cert and migrating free-ipa 3.1

2017-03-03 Thread Umarzuki Mochlis
At first ip-getcert list hows certificate error ca-error: Server failed request, will retry: -504 (libcurl failed to execute the HTTP POST transaction, explaining: Peer's Certificate has expired.). but after I changed ipa server's date to before expirate date, it shows ca-error: Server failed

Re: [Freeipa-users] Can mount NFS, but user only gets the permission question marks

2017-03-03 Thread Kees Bakker
On 02-03-17 14:55, Brendan Kearney wrote: > On 03/02/2017 08:43 AM, Kees Bakker wrote: >> On 02-03-17 13:34, Brendan Kearney wrote: >>> On 03/02/2017 05:40 AM, Kees Bakker wrote: On 24-02-17 14:38, Brendan Kearney wrote: > On 02/24/2017 03:33 AM, Kees Bakker wrote: >> On 23-02-17

Re: [Freeipa-users] ipa-client-install generates bad sssd.conf

2017-03-03 Thread Harald Dunkel
On 03/03/17 10:14, Jakub Hrozek wrote: > On Fri, Mar 03, 2017 at 09:56:55AM +0100, Harald Dunkel wrote: >> >> This is systemd-only? >> >> Wouldn't it be better to create a working sssd.conf, no matter >> what? > > It is up to whoever is creating the sssd.conf. As I said, the change is >

Re: [Freeipa-users] cannot connect to ldaps during replica install, port 636 not listening

2017-03-03 Thread Tomas Krizek
On 03/02/2017 06:25 PM, Chris Herdt wrote: > On Thu, Mar 2, 2017 at 10:06 AM, Martin Basti >wrote: > > > > > On 02.03.2017 16:55, Chris Herdt wrote: >> >> >> On Thu, Mar 2, 2017 at 2:48 AM, Martin Basti >

Re: [Freeipa-users] ipa-client-install generates bad sssd.conf

2017-03-03 Thread Jakub Hrozek
On Fri, Mar 03, 2017 at 09:56:55AM +0100, Harald Dunkel wrote: > Hi Jakub, > > On 03/03/17 09:32, Jakub Hrozek wrote: > > On Fri, Mar 03, 2017 at 08:45:10AM +0100, Harald Dunkel wrote: > >> Hi folks, > >> > >> running freeipa client 4.3.2-5 and sssd 1.15.0-3 on > >> Debian Stretch > >

Re: [Freeipa-users] ipa-client-install generates bad sssd.conf

2017-03-03 Thread Harald Dunkel
Hi Jakub, On 03/03/17 09:32, Jakub Hrozek wrote: > On Fri, Mar 03, 2017 at 08:45:10AM +0100, Harald Dunkel wrote: >> Hi folks, >> >> running freeipa client 4.3.2-5 and sssd 1.15.0-3 on >> Debian Stretch > ~~ > This is important I guess. > > Since SSSD 1.15, SSSD allows to

Re: [Freeipa-users] ipa-client-install generates bad sssd.conf

2017-03-03 Thread Jakub Hrozek
On Fri, Mar 03, 2017 at 08:45:10AM +0100, Harald Dunkel wrote: > Hi folks, > > running freeipa client 4.3.2-5 and sssd 1.15.0-3 on > Debian Stretch ~~ This is important I guess. Since SSSD 1.15, SSSD allows to socket-activate the services, so it is no longer required to have them