>>>Does it work for the same user from the client if you reset password on
the server, authenticate from the client and then force reset again on the
server?
When I force reset a user, he stil faces the same error "token
manipulation" when tries to login to a client. However, when he tries
getting
Hi folks, really pleased with the latest versions of FreeIPA. Very robust,
quite impressive!
In the process of setting it up, I ended up having to move servers a couple of
times. The original server is gone, just replicas that installed cleanly with
each other.
The problem is I didn't realize
sipazzo wrote:
>
> Good morning, I created a "service" password policy that prevents password
> expiration and gave it a priority of 0. I then created a "service" user group
> and applied the policy to the group. I added my admin user to this group so
> their password would not expire. However,
On 01/12/2015 12:55 PM, Rakesh Rajasekharan wrote:
This is the full log,
Jan 12 17:45:15 10-5-68-5 sshd[29753]: pam_sss(sshd:account): User
info message: Password expired. Change your password now.
Jan 12 17:45:15 10-5-68-5 sshd[29753]: Accepted password for
hq-testuser from 10.5.68.184 port 5
Good morning, I created a "service" password policy that prevents password
expiration and gave it a priority of 0. I then created a "service" user group
and applied the policy to the group. I added my admin user to this group so
their password would not expire. However, it continues to expire a
On Mon, Jan 12, 2015 at 11:25:16PM +0530, Rakesh Rajasekharan wrote:
> This is the full log,
Sorry, I meant the full krb5_child.log ...
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on
This is the full log,
Jan 12 17:45:15 10-5-68-5 sshd[29753]: pam_sss(sshd:account): User info
message: Password expired. Change your password now.
Jan 12 17:45:15 10-5-68-5 sshd[29753]: Accepted password for hq-testuser
from 10.5.68.184 port 54048 ssh2
Jan 12 17:45:16 10-5-68-5 sshd[29753]: pam_un
On Mon, Jan 12, 2015 at 04:01:32PM +0530, Rakesh Rajasekharan wrote:
> under /var/log/secure.. have this error
> passwd: pam_sss(passwd:chauthtok): Password change failed for user
> hq-testuser: 22 (Authentication token lock busy)
It looks like the log was trucated, can you post more context?
Aut
OpenAFS?
On Jan 12, 2015 11:04 AM, "Craig White"
wrote:
> *From:* freeipa-users-boun...@redhat.com [mailto:
> freeipa-users-boun...@redhat.com] *On Behalf Of *Dale Macartney
> *Sent:* Sunday, January 11, 2015 2:16 PM
> *To:* freeipa-users@redhat.com
> *Subject:* [Freeipa-users] Group Policy-like
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dale Macartney
Sent: Sunday, January 11, 2015 2:16 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] Group Policy-like features in FreeIPA
Morning folks
I am currently working on a little pet proj
On 12.1.2015 16:31, brendan kearney wrote:
> Can someone up-channel an issue with getfedora.org? The site changed URLs,
> and the cert was not amended to include the new URL as a Subject
> Alternative Name and now cert mismatches are occurring.
Please open a ticket on
https://fedorahosted.org/fed
Myles Merrell wrote:
> I'm trying to add a 'backup' user AND a 'backup' group.
>
> At one point in the past a backup group did exist.
>
> I have a backup group. I then try to create a new user and get the
> following error:
> IPA Error 4024
> Unable to create private group. A group 'backup' alre
I'm trying to add a 'backup' user AND a 'backup' group.
At one point in the past a backup group did exist.
I have a backup group. I then try to create a new user and get the following
error:IPA Error 4024Unable to create private group. A group 'backup' already
exists.
I also tried creating the
Can someone up-channel an issue with getfedora.org? The site changed URLs,
and the cert was not amended to include the new URL as a Subject
Alternative Name and now cert mismatches are occurring.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listin
Hi,
no ideas about this one?
I'm unsure if I did something wrong, but since I installed both systems
the same way, I really don't know, what could be wrong.
One thing that may be related: The working system (the one that doesn't
fail to create a replica with "--setup-ca") went productive in
On 01/11/2015 04:01 AM, Rakesh Rajasekharan wrote:
Hi,
I am having some issues with freeipa. Whenever I change the password
for any user,
He is not able to change the password. and he gets error
"authentication token manipualtion error"
Changing password for user hq-testuser.
Current Passwo
On 01/12/2015 06:52 AM, Martin Kosek wrote:
On 01/12/2015 10:04 AM, Petr Spacek wrote:
On 11.1.2015 22:16, Dale Macartney wrote:
Morning folks
I am currently working on a little pet project which I think some would
find useful.
I would like to introduce some group policy like functionality in
On 01/12/2015 10:04 AM, Petr Spacek wrote:
> On 11.1.2015 22:16, Dale Macartney wrote:
>> Morning folks
>>
>> I am currently working on a little pet project which I think some would
>> find useful.
>>
>> I would like to introduce some group policy like functionality into a
>> FreeIPA domain.
>>
>>
under /var/log/secure.. have this error
passwd: pam_sss(passwd:chauthtok): Password change failed for user
hq-testuser: 22 (Authentication token lock busy)
On Mon, Jan 12, 2015 at 3:25 PM, Rakesh Rajasekharan <
rakesh.rajasekha...@gmail.com> wrote:
> This is what I get now a=in the krb5_child.log
This is what I get now a=in the krb5_child.log after setting the debug_level
Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709 [unpack_buffer]
(0x0100): ccname: [FILE:/tmp/krb5cc_71061_XX] keytab:
[/etc/krb5.keytab]
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709
[set_lifetime_o
On Mon, 12 Jan 2015, John Obaterspok wrote:
2015-01-11 16:33 GMT+01:00 Jakub Hrozek :
On Sun, Jan 11, 2015 at 11:00:16AM +0100, John Obaterspok wrote:
> 2015-01-10 13:32 GMT+01:00 Gianluca Cecchi :
>
> > To get the whole root environment you have to run
> > su - root
> > did you try with it?
>
On 11.1.2015 22:16, Dale Macartney wrote:
> Morning folks
>
> I am currently working on a little pet project which I think some would
> find useful.
>
> I would like to introduce some group policy like functionality into a
> FreeIPA domain.
>
> For example:
> In an environment running FreeIPA Se
On (12/01/15 14:12), Rakesh Rajasekharan wrote:
>The sssd version is 1.11.6
>
>The password does not get changed, whatever password gets generated by ipa
>user-mod --random stays valid even after attempting the change.
>
>krb5_child.log does not have any contents.
The logging in sssd is dibsabled b
The sssd version is 1.11.6
The password does not get changed, whatever password gets generated by ipa
user-mod --random stays valid even after attempting the change.
krb5_child.log does not have any contents.
Thanks,
Rakesh
On Sun, Jan 11, 2015 at 9:01 PM, Jakub Hrozek wrote:
> On Sun, Jan 11
2015-01-11 16:33 GMT+01:00 Jakub Hrozek :
> On Sun, Jan 11, 2015 at 11:00:16AM +0100, John Obaterspok wrote:
> > 2015-01-10 13:32 GMT+01:00 Gianluca Cecchi :
> >
> > > To get the whole root environment you have to run
> > > su - root
> > > did you try with it?
> > >
> >
> > ahh... that works fine
25 matches
Mail list logo