Hi,
I've got my FreeIPA setup in an internal infrastructure, but I want to be
able to have users access the web UI externally. I tweaked the
ipa-rewrite.conf so it won't redirect me to the FQDN and then tried both a
nginx reverse proxy and port forwarding, both works if the client manually
sets
On Wed, 14 Aug 2013, Andrew Lau wrote:
Hi,
I've got my FreeIPA setup in an internal infrastructure, but I want to be
able to have users access the web UI externally. I tweaked the
ipa-rewrite.conf so it won't redirect me to the FQDN and then tried both a
nginx reverse proxy and port forwarding,
I followed your suggestions without much luck.
Adding the kerberos keytab didn't change anything, when I try login through
the UI it just redirects me again with the same notice:
Your session has expired. Please re-login.
However if I login with the incorrect details logs will show INFO: 401
On 08/14/2013 08:00 AM, Andrew Lau wrote:
Hi,
I've got my FreeIPA setup in an internal infrastructure, but I want to be
able to have users access the web UI externally. I tweaked the
ipa-rewrite.conf so it won't redirect me to the FQDN and then tried both a
nginx reverse proxy and port
Any suggestions or workaround, short of having to switch the IPA's hostname
to use a public domain?
Andrew
On Wed, Aug 14, 2013 at 5:36 PM, Petr Vobornik pvobo...@redhat.com wrote:
On 08/14/2013 08:00 AM, Andrew Lau wrote:
Hi,
I've got my FreeIPA setup in an internal infrastructure, but I
Rob, I got past this, as you indicated, by doing that after first running:
# ipa-ldap-updater --ldapi ./schema.update
Using a schema.update tip file I found in a note from you after some hard
core googling. Should that extra step have been necessary?
*
*
*Bret Wortman*
http://damascusgrp.com/
Aissa Brahimi wrote:
Hi,
I am having this issue:
IPA server: CentOS6.x
Host CentOS 5.x
2 different host and cannot join the IPA server:
Here the 2 different output I got:
There was a problem importing one of the required Python modules. The
error was:
No module named OpenSSL
It is a
Hi All,
Our current account management policy requires that users change their AD
passwords via a special portal, however I've noticed that this can be
bypassed by issuing passwd on a Linux system while logged in with AD
credentials, thus changing their AD password.
Any thoughts on the best way
I believe you. I'm not upset at all that things go sideways every now and
again. I'm surprised it doesn't happen more.
Original failure (or, at least, first occurrence of ERROR) follows:
2013-08-13T13:56:07Z INFO [Setting up Firefox extension]
2013-08-13T13:56:07Z DEBUG Loading StateFile from
On Wed, Aug 14, 2013 at 09:19:17AM -0400, Brian Lee wrote:
Hi All,
Our current account management policy requires that users change their AD
passwords via a special portal, however I've noticed that this can be
bypassed by issuing passwd on a Linux system while logged in with AD
Hi Sumit,
Thanks for the suggestion. I'll have to give this some thought, since we
have 100+ AD servers, this might not be well received by the AD team. If
anyone can think of a better mousetrap than this, let me know.
Thanks,
Brian
On Wed, Aug 14, 2013 at 9:37 AM, Sumit Bose
On Wed, 2013-08-14 at 09:23 +0300, Alexander Bokovoy wrote:
On Wed, 14 Aug 2013, Andrew Lau wrote:
Hi,
I've got my FreeIPA setup in an internal infrastructure, but I want to be
able to have users access the web UI externally. I tweaked the
ipa-rewrite.conf so it won't redirect me to the
On 14.8.2013 15:48, Brian Lee wrote:
Hi Sumit,
Thanks for the suggestion. I'll have to give this some thought, since we
have 100+ AD servers, this might not be well received by the AD team. If
anyone can think of a better mousetrap than this, let me know.
Thanks,
Brian
On Wed, Aug 14, 2013
On Wed, 2013-08-14 at 09:48 -0400, Brian Lee wrote:
Hi Sumit,
Thanks for the suggestion. I'll have to give this some thought, since
we have 100+ AD servers, this might not be well received by the AD
team. If anyone can think of a better mousetrap than this, let me
know.
Do you also block
On the AD side, they limit the potential to change the AD password by
deploying a modified the msgina.dll. Otherwise, the user still has the ways
to throw a wrench in the system, we're just doing our best to limit the
opportunity for this action.
On Wed, Aug 14, 2013 at 10:32 AM, Simo Sorce
Hello,
After installing FreeIPA I followed instructions from
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP to
use globally trusted certificates for HTTP/LDAP server interface to secure
other systems provisioning.
Then it went out that pki-tomcatd is not able to start
16 matches
Mail list logo
