I may need a little more direction here.
The output from getcert list-cas does not contain the string 'ca_renewal'.
What does this indicate?
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Tuesday, August 26, 2014 3:53 PM
To: Ott, Dennis; Freeipa-users@redha
Chris Whittle wrote:
> If I do this
>
> ldapsearch -LLL -H ldaps://DOMAIN:636 -x -D
> "uid=mac_slave,cn=users,cn=accounts,dc=domain,dc=com" -w 'nachopassword'
> -b "uid=awesomeuser,cn=users,cn=accounts,dc=domain,dc=com"
>
> It works fine
AFAICT there currently isn't a permission for the compat
If I do this
ldapsearch -LLL -H ldaps://DOMAIN:636 -x -D
"uid=mac_slave,cn=users,cn=accounts,dc=domain,dc=com" -w 'nachopassword' -b
"uid=awesomeuser,cn=users,cn=accounts,dc=domain,dc=com"
It works fine
**Mac_Slave is my automation user.
On Tue, Sep 2, 2014 at 3:40 PM, Chris Whittle wrote:
For testing I'm using
ldapsearch -LLL -H ldaps://DOMAIN636 -x -D "cn=directory manager" -w
'nachopassword' -b "cn=canlogin,cn=compat,dc=domain,dc=com"
If I do it with directory manager it works fine, if I use my automation
user (just a generic user with no extra permissions) it returns nothing, no
Chris Whittle wrote:
> hmmm...
> Is there not a permission or role in freeIPA that I could give a group
> or role just to see everything in
> my CN "cn=canlogin,cn=compat,dc=DOMAIN,dc=com"
Can you provide more details on what you're doing, and how you are
binding? Can you search the cn=users,cn=
Thanks Dmitri, I'm so close I can almost see the end!
On Tue, Sep 2, 2014 at 3:24 PM, Dmitri Pal wrote:
> On 09/02/2014 10:08 PM, Chris Whittle wrote:
>
> hmmm...
> Is there not a permission or role in freeIPA that I could give a group or
> role just to see everything in
> my CN "cn=canlogin,
On 09/02/2014 10:08 PM, Chris Whittle wrote:
hmmm...
Is there not a permission or role in freeIPA that I could give a group
or role just to see everything in
my CN "cn=canlogin,cn=compat,dc=DOMAIN,dc=com"
I thint it might be related to the new permission system that was
released in 4.0.
Sta
hmmm...
Is there not a permission or role in freeIPA that I could give a group or
role just to see everything in
my CN "cn=canlogin,cn=compat,dc=DOMAIN,dc=com"
On Tue, Sep 2, 2014 at 3:06 PM, Dmitri Pal wrote:
> On 09/02/2014 09:34 PM, Chris Whittle wrote:
>
> Ok Dmitri, I got it added using
On 09/02/2014 09:34 PM, Chris Whittle wrote:
Ok Dmitri, I got it added using what you sent and the following links
https://git.fedorahosted.org/cgit/slapi-nis.git/tree/doc/sch-getting-started.txt
and
https://www.redhat.com/archives/freeipa-users/2009-August/msg00013.html
I think i'm 90% there wi
Ok Dmitri, I got it added using what you sent and the following links
https://git.fedorahosted.org/cgit/slapi-nis.git/tree/doc/sch-getting-started.txt
and
https://www.redhat.com/archives/freeipa-users/2009-August/msg00013.html
I think i'm 90% there with the caveat that I can't seem to see what
per
On 09/02/2014 10:42 AM, Zip Ly wrote:
> @Martin
>
> The second admin is my service account. I use this account to communicate
> with our webapplication (it uses keytab and post/curl json to ipa). I can
> add users without a problem. But when it comes to changing password, the
> password is expired
I should never post pre-coffee... I was still on oftc.net (which I'm
never on) to check out cloud-init. Sorry folks
On Tue, Sep 2, 2014 at 8:17 AM, Jan Pazdziora wrote:
> On Tue, Sep 02, 2014 at 08:02:41AM -0400, Kodiak Firesmith wrote:
>> Hey Folks,
>> New FreeIPA user here, but a long-time IR
On Tue, Sep 02, 2014 at 08:02:41AM -0400, Kodiak Firesmith wrote:
> Hey Folks,
> New FreeIPA user here, but a long-time IRC user. I hopped on
> irc.freenode.net #freeipa as mentioned in the Contribute page of the
> FreeIPA website and found I was the only user. Did the channel move
> or is it dea
Hey Folks,
New FreeIPA user here, but a long-time IRC user. I hopped on
irc.freenode.net #freeipa as mentioned in the Contribute page of the
FreeIPA website and found I was the only user. Did the channel move
or is it dead?
Thanks!
- Kodiak
--
Manage your subscription for the Freeipa-users ma
@Martin
The second admin is my service account. I use this account to communicate
with our webapplication (it uses keytab and post/curl json to ipa). I can
add users without a problem. But when it comes to changing password, the
password is expired immediately.
I have only one password policy and
I restart client after change sssd.conf.
On 02-09-2014 11:13, Lukas Slebodnik wrote:
On (02/09/14 11:02), Tevfik Ceydeliler wrote:
Step 0
root@clnt:/home/awtadm# grep sudoers /etc/nsswitch.conf
sudoers_debug:1
sudoers: files sss
root@clnt:/home/awtadm# ipa-client-install --no-ntp
IPA clie
On (02/09/14 11:02), Tevfik Ceydeliler wrote:
>
>Step 0
>root@clnt:/home/awtadm# grep sudoers /etc/nsswitch.conf
>sudoers_debug:1
>sudoers: files sss
>
>root@clnt:/home/awtadm# ipa-client-install --no-ntp
>IPA client is already configured on this system.
>
>root@clnt:/home/awtadm# grep services
Step 0
root@clnt:/home/awtadm# grep sudoers /etc/nsswitch.conf
sudoers_debug:1
sudoers: files sss
root@clnt:/home/awtadm# ipa-client-install --no-ntp
IPA client is already configured on this system.
root@clnt:/home/awtadm# grep services /etc/sssd/sssd.conf
services = nss, pam, ssh, sudo
S
18 matches
Mail list logo
