Re: [Freeipa-users] Valid documentation for sudo setup for version 4.0.3

2014-10-17 Thread Alexander Bokovoy
On Fri, 17 Oct 2014, Vaclav Adamec wrote: Hi, is there any valid documentation/setup to get sudo working? http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/example-configuring-sudo.html is not usable, modification of another files are needed to get at least attempts to ldap (for

Re: [Freeipa-users] Valid documentation for sudo setup for version 4.0.3

2014-10-17 Thread Alexander Bokovoy
On Fri, 17 Oct 2014, Vaclav Adamec wrote: Mixture of bot method is result of testing, just registration via ipa-client (maybe CentOS 6 has only ipa-client-3.0.0-37 ?) definitely not setup anything about sudo. I'll try to build 4.0.3 client for CentOS 6, but right now: Installing 4.x (client or

Re: [Freeipa-users] Valid documentation for sudo setup for version 4.0.3

2014-10-17 Thread Vaclav Adamec
Thanks for your time. Man pages were the first, but it's not working just base on that. Find out that libsss_sudo is desperately needed and it's not required by ipa-client rpm. So now I only need to check sudo policy in IPA, as there is obviously some issue, but connection is working. yum

Re: [Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

2014-10-17 Thread Orkhan Gasimov
Replying to myself is great... Anyway, maybe this info will be useful for people like me, trying to integrate FreeBSD with FreeIPA. Solved some problems: 1. SSH-ing as existing IPA user rsiwal to my FreeBSD client fails. The same user can SSH or locally login to my Linux client. That

Re: [Freeipa-users] Valid documentation for sudo setup for version 4.0.3

2014-10-17 Thread Alexander Bokovoy
On Fri, 17 Oct 2014, Vaclav Adamec wrote: Thanks for your time. Man pages were the first, but it's not working just base on that. Find out that libsss_sudo is desperately needed and it's not required by ipa-client rpm. So now I only need to check sudo policy in IPA, as there is obviously some

Re: [Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

2014-10-17 Thread Alexander Bokovoy
On Fri, 17 Oct 2014, Orkhan Gasimov wrote: Replying to myself is great... Anyway, maybe this info will be useful for people like me, trying to integrate FreeBSD with FreeIPA. Solved some problems: 1. SSH-ing as existing IPA user rsiwal to my FreeBSD client fails. The same user can SSH or

Re: [Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

2014-10-17 Thread Lukas Slebodnik
On (17/10/14 12:27), Orkhan Gasimov wrote: Replying to myself is great... Anyway, maybe this info will be useful for people like me, trying to integrate FreeBSD with FreeIPA. Solved some problems: 1. SSH-ing as existing IPA user rsiwal to my FreeBSD client fails. The same user can SSH or locally

Re: [Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

2014-10-17 Thread Lukas Slebodnik
On (17/10/14 12:01), Alexander Bokovoy wrote: Didn`t find a solution yet. But I think this is caused by lack of proper configuration of Kerberos on my FreeBSD client. On my Linux client I found such a configuration in /etc/krb5.conf file. However, there's no such file on my FreeBSD client, as the

Re: [Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

2014-10-17 Thread Orkhan Gasimov
This idea is great, it would be invaluable for many people trying to integrate FreeBSD with FreeIPA. Currently there's only one post about this at FreeBSD forums, but it's not detailed and tells nothing about many cavets of the process. You would have helped a lot of people to avoid

Re: [Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

2014-10-17 Thread Orkhan Gasimov
Unfortunately, putting that line in /etc/pam.d/system prevents me from being able to locally login to the BSD client. At the same time, the same line in /etc/pam.d/sshd or /etc/pam.d/login doesn't give unexpected behaviours. Bug, bug, bug... 17-Oct-14 14:15, Lukas Slebodnik пишет: I would

Re: [Freeipa-users] Valid documentation for sudo setup for version 4.0.3

2014-10-17 Thread Martin Kosek
On 10/17/2014 10:21 AM, Alexander Bokovoy wrote: On Fri, 17 Oct 2014, Vaclav Adamec wrote: Thanks for your time. Man pages were the first, but it's not working just base on that. Find out that libsss_sudo is desperately needed and it's not required by ipa-client rpm. So now I only need to

Re: [Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

2014-10-17 Thread Martin Kosek
On 10/17/2014 01:01 PM, Orkhan Gasimov wrote: That format is not simple for me, as I'm not a programmer. But after I check, double-check and triple-check my FreeBSD - FreeIPA integration via SSSD and assure that it works without unexpected behaviors, I'll probably write a HOW-TO on this

Re: [Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

2014-10-17 Thread Orkhan Gasimov
Of course! But for now I'm in process of checking my integration and there are some things I don't like. First and foremost, any change on the IPA server is not automatically reflected on the BSD client. Only after SSSD is manually restarted on the client, something like it's cache is cleared

Re: [Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

2014-10-17 Thread Lukas Slebodnik
On (17/10/14 15:44), Orkhan Gasimov wrote: Unfortunately, putting that line in /etc/pam.d/system prevents me from being able to locally login to the BSD client. At the same time, the same line in /etc/pam.d/sshd or /etc/pam.d/login doesn't give unexpected behaviours. Bug, bug, bug... It works for

Re: [Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

2014-10-17 Thread Martin Kosek
On 10/17/2014 01:28 PM, Orkhan Gasimov wrote: Of course! But for now I'm in process of checking my integration and there are some things I don't like. First and foremost, any change on the IPA server is not automatically reflected on the BSD client. Only after SSSD is manually restarted on

Re: [Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

2014-10-17 Thread Lukas Slebodnik
On (17/10/14 16:28), Orkhan Gasimov wrote: Of course! But for now I'm in process of checking my integration and there are some things I don't like. First and foremost, any change on the IPA server is not automatically reflected on the BSD client. sssd uses few levels of caches. If you want to have

Re: [Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

2014-10-17 Thread Orkhan Gasimov
I found another solution (currently checked it only for adding/deleting a sudo rule for a user, and also enabling/disabling a user) - add to the [domain] section of the sssd.conf file: entry_cache_timeout = 5. 17-Oct-14 16:39, Lukas Slebodnik пишет: sssd uses few levels of caches. If you

Re: [Freeipa-users] Migration fails with custom objectClasses

2014-10-17 Thread Ludwig Krispenz
Hi, maybe there is a case problem, if I try the following command, note some capital letters: # ipa config-mod --userobjectclasses=ipaObject --userobjectclasses=ine*tO*rgperson --userobjectclasses=person --userobjectclasses=posixaccount --userobjectclasses=inetuser

Re: [Freeipa-users] ipa-client-install (Invalid Request) - no Host-Certificate

2014-10-17 Thread Rob Crittenden
christof.schu...@ww.uni-erlangen.de wrote: The FreeIPA is 3.0.0 server is running on CentOS 6.5. The CA subsystem certificates have all been renewed and will expire not until 2016. In the I think the problems come from modifications a colleague did to /etc/httpd/ipa-pki-proxy.conf ,