christof.schu...@ww.uni-erlangen.de wrote:
> The FreeIPA is 3.0.0 server is running on CentOS 6.5.
>
> The CA subsystem certificates have all been renewed and will expire not
> until 2016. In the
>
> I think the problems come from "modifications" a colleague did to
> /etc/httpd/ipa-pki-proxy.conf
Hi,
maybe there is a case problem, if I try the following command, note some
capital letters:
# ipa config-mod --userobjectclasses=ipaObject
--userobjectclasses=ine*tO*rgperson --userobjectclasses=person
--userobjectclasses=posixaccount --userobjectclasses=inetuser
--userobjectclasses=organ
I found another solution (currently checked it only for adding/deleting
a sudo rule for a user, and also enabling/disabling a user) - add to the
[domain] section of the sssd.conf file: "entry_cache_timeout = 5".
17-Oct-14 16:39, Lukas Slebodnik пишет:
sssd uses few levels of caches. If you wa
1. I use FreeBSD 10.0 64-bit.
(For some files bits are also important - for example, on a 32-bit
machine the same configuration of
/usr/local/etc/sssd/sssd.conf file introduces problems because of the
line "enumerate = True" in the [domain] section; only after that line is
commented out, sssd s
On (17/10/14 13:33), Martin Kosek wrote:
>On 10/17/2014 01:28 PM, Orkhan Gasimov wrote:
>> Of course! But for now I'm in process of checking my integration and there
>> are
>> some things I don't like.
>> First and foremost, any change on the IPA server is not automatically
>> reflected
>> on the
On (17/10/14 16:28), Orkhan Gasimov wrote:
>Of course! But for now I'm in process of checking my integration and there
>are some things I don't like.
>First and foremost, any change on the IPA server is not automatically
>reflected on the BSD client.
sssd uses few levels of caches. If you want to h
On 10/17/2014 01:28 PM, Orkhan Gasimov wrote:
> Of course! But for now I'm in process of checking my integration and there are
> some things I don't like.
> First and foremost, any change on the IPA server is not automatically
> reflected
> on the BSD client.
> Only after SSSD is manually restarte
On (17/10/14 15:44), Orkhan Gasimov wrote:
>Unfortunately, putting that line in /etc/pam.d/system prevents me from being
>able to locally login to the BSD client.
>At the same time, the same line in /etc/pam.d/sshd or /etc/pam.d/login
>doesn't give unexpected behaviours.
>Bug, bug, bug...
>
It work
Of course! But for now I'm in process of checking my integration and
there are some things I don't like.
First and foremost, any change on the IPA server is not automatically
reflected on the BSD client.
Only after SSSD is manually restarted on the client, something like
it's cache is cleared h
On 10/17/2014 01:01 PM, Orkhan Gasimov wrote:
> That format is not simple for me, as I'm not a programmer. But after I check,
> double-check and triple-check my FreeBSD - FreeIPA integration via SSSD and
> assure that it works without unexpected behaviors, I'll probably write a
> HOW-TO
> on this
That format is not simple for me, as I'm not a programmer. But after I
check, double-check and triple-check my FreeBSD - FreeIPA integration
via SSSD and assure that it works without unexpected behaviors, I'll
probably write a HOW-TO on this process and post it at FreeBSD forums.
I'll then shar
On 10/17/2014 10:21 AM, Alexander Bokovoy wrote:
> On Fri, 17 Oct 2014, Vaclav Adamec wrote:
>> Thanks for your time. Man pages were the first, but it's not working just
>> base on that. Find out that libsss_sudo is desperately needed and it's not
>> required by ipa-client rpm. So now I only need
Unfortunately, putting that line in /etc/pam.d/system prevents me from
being able to locally login to the BSD client.
At the same time, the same line in /etc/pam.d/sshd or /etc/pam.d/login
doesn't give unexpected behaviours.
Bug, bug, bug...
17-Oct-14 14:15, Lukas Slebodnik пишет:
I would recc
On Fri, 17 Oct 2014, Orkhan Gasimov wrote:
This idea is great, it would be invaluable for many people trying to
integrate FreeBSD with FreeIPA. Currently there's only one post about
this at FreeBSD forums, but it's not detailed and tells nothing about
many cavets of the process.
You would have
This idea is great, it would be invaluable for many people trying to
integrate FreeBSD with FreeIPA. Currently there's only one post about
this at FreeBSD forums, but it's not detailed and tells nothing about
many cavets of the process.
You would have helped a lot of people to avoid frustration
1. You wrote:
File /etc/pam.d/system is included by /etc/pam.d/login. I cannot see a
difference.
There should not be any difference, but the frustrating point is - THERE
IS DIFFERENCE! That's why I replied to that post at FreeBSD forums. A
bug might be present either in PAM modules or in SSSD
On (17/10/14 12:01), Alexander Bokovoy wrote:
>>Didn`t find a solution yet. But I think this is caused by lack of proper
>>configuration of Kerberos on my FreeBSD client. On my Linux client I found
>>such a configuration in /etc/krb5.conf file. However, there's no such file
>>on my FreeBSD client,
On (17/10/14 12:27), Orkhan Gasimov wrote:
>Replying to myself is great... Anyway, maybe this info will be useful for
>people like me, trying to integrate FreeBSD with FreeIPA.
>
>Solved some problems:
>
>1. "SSH-ing as existing IPA user "rsiwal" to my FreeBSD client fails. The
>same user can SSH o
On Fri, 17 Oct 2014, Orkhan Gasimov wrote:
Replying to myself is great... Anyway, maybe this info will be useful
for people like me, trying to integrate FreeBSD with FreeIPA.
Solved some problems:
1. "SSH-ing as existing IPA user "rsiwal" to my FreeBSD client fails.
The same user can SSH or l
On Fri, 17 Oct 2014, Vaclav Adamec wrote:
Thanks for your time. Man pages were the first, but it's not working just
base on that. Find out that libsss_sudo is desperately needed and it's not
required by ipa-client rpm. So now I only need to check sudo policy in IPA,
as there is obviously some is
Replying to myself is great... Anyway, maybe this info will be useful
for people like me, trying to integrate FreeBSD with FreeIPA.
Solved some problems:
1. "SSH-ing as existing IPA user "rsiwal" to my FreeBSD client fails.
The same user can SSH or locally login to my Linux client. "
That ha
Thanks for your time. Man pages were the first, but it's not working just
base on that. Find out that libsss_sudo is desperately needed and it's not
required by ipa-client rpm. So now I only need to check sudo policy in IPA,
as there is obviously some issue, but connection is working.
yum install
22 matches
Mail list logo