Hi,
I’m wondering if anyone might be able to help me figure out why my KRA is
failing after a fairly recent installation. It's throwing exceptions about LDAP
authentication that look like the following (note, I’ve truncated some of the
stacks for brevity:
Apr 12 21:14:22 server[7515]: Could
Hello all! We've got 2 replicated instances of FreeIPA 4.4.0 from the EPEL
repository running on fully-updated CentOS 7 instances. We're going thru
an audit right now, and I have to provide some proof of certain things
related to IPA to our auditors. Unfortunately, the person who originally
set
Greetings,
I have a question about user policies which I hope some can provide some
guidance. I have a small set of users who are tightly restricted on our
network. They are only allowed to log into certain machines, and mount
specific filesystems located on other machines. At the moment
Hi Ronald,
> Some details regarding my setup: I have a CentOS 7.3 machine acting as
> an NFS server. It is a host within my IPA domain and enrolled as an IPA
> client.
>
> [root@ipanfs ~]# cat /etc/exports
>
> /homeshare*(rw,sec=krb5:krb5i:krb5p)
This isn't related to your issue but you
>> You cannot use indirect mounting and enablemkhomedir at the same time.
>> Indirect
>> mounts require that the directory you are attempting to mount already exists
>> on
>> the NFS server and that you let autofs fully manage the "parent" directory on
>> the client machine. In this case, no
On 2017-04-12 14:55, Jason B. Nance wrote:
[...]
You cannot use indirect mounting and enablemkhomedir at the same time. Indirect mounts require
that the directory you are attempting to mount already exists on the NFS server and that you
let autofs fully manage the "parent" directory on the
Hello,
I have the same error, can you explain how did you fixed, please?
Thanks & Regards.
__
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Rob,
IPA Version:
rpm -qa ipa-server
ipa-server-4.4.0-14.el7.centos.1.1.x86_64
Contents of httpd/error_log
[Wed Apr 12 08:53:21.442283 2017] [:error] [pid 19175] ipa: ERROR: non-public:
TypeError: 'NoneType' object is not iterable
[Wed Apr 12 08:53:21.442318 2017] [:error] [pid 19175]
list members,
i am using bind-dyndb-ldap without freeipa, and i consistently get the
below errors in my logs:
update_zone (syncrepl) failed for master zone DN
'idnsName=24.168.192.in-addr.arpa.,cn=dns,ou=Daemons,dc=bpk2,dc=com'.
Zones can be outdated, run `rndc reload`: unexpected error
Hello Rob,
doing it this way indeed works.
Thanks for helping me out.
Greetings, J.
2017-04-11 16:54 GMT+02:00 Rob Crittenden :
> Johan Vermeulen wrote:
> > Rob,
> >
> > thanks for helping me out.
> > I support some 80 laptop users at the moment, all running Centos7.
> >
Hi,
I am trying to automount user home shares from an NFS server. Up to now,
without success.
Some details regarding my setup: I have a CentOS 7.3 machine acting as
an NFS server. It is a host within my IPA domain and enrolled as an IPA
client.
[root@ipanfs ~]# cat /etc/exports
On Wed, Apr 12, 2017 at 09:47:06AM +0200, Jakub Hrozek wrote:
> You can drop this line as well, it's the default for the AD provider.
s/AD/IPA/
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more
On Wed, Apr 12, 2017 at 09:30:38AM +0200, Christoph Kaminski wrote:
> Hi
>
> are the files /etc/ldap.conf and /etc/openldap/ldap.conf for ipa client
> and/or server systeme necessary? What is the function of them?
They configure the openldap library. If you have an application (like
ldapsearch)
On Wed, Apr 12, 2017 at 09:34:59AM +0200, Christoph Kaminski wrote:
> Hi
>
> is this ok as config for sssd on centos 7 AND 6?
>
> [domain/hso]
> cache_credentials = True
> krb5_store_password_if_offline = True
> id_provider = ipa
> ldap_tls_cacert = /etc/ipa/ca.crt
You can drop this line as
Hi
is this ok as config for sssd on centos 7 AND 6?
[domain/hso]
cache_credentials = True
krb5_store_password_if_offline = True
id_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh, sudo, autofs
config_file_version = 2
domains = hso
[nss]
[pam]
[sudo]
[autofs]
Hi
is this ok as config for sssd on centos 7 AND 6?
[domain/hso]
cache_credentials = True
krb5_store_password_if_offline = True
id_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh, sudo, autofs
config_file_version = 2
domains = hso
[nss]
[pam]
[sudo]
[autofs]
Hi
are the files /etc/ldap.conf and /etc/openldap/ldap.conf for ipa client
and/or server systeme necessary? What is the function of them?
Greetz
Christoph Kaminski
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to
On Tue, Apr 11, 2017 at 10:50:34PM -0400, Tym Rehm wrote:
> So I want a user "bob" to ssh into server1 as the username of "support"
> with support@server1, but not let Bob ssh into support@server2. I have
> Bob's ssh public key added to the support user. I can block Bob from
> server1 or server2
18 matches
Mail list logo