On 07/09/2015 11:09 AM, Rudolf Gabler wrote:
Hi,
we are dealing with a huge number of mail aliases which are not purely user
aliases but distribution-lists, actions on distribution-list and so on
(mailman).
There was a former sendmail.schema in fedora-ds (we are using fds 21 at the
moment),
On 07/08/2015 10:11 AM, ilaria cianci wrote:
Hi All,
I am a new user and I have a question about FreeIPA authentication methods.
Can FreeIPA select different auth methods (i.e. otp, password, etc) for the
same user based on the service he wants to access? I mean using this user
should use
On 07/09/2015 01:25 PM, Joseph, Matthew (EXP) wrote:
Hello,
We are currently in the process of replacing our IdM 3.x server with 4.x.
There are going to be some major directory changes during the upgrade so I need
to keep both the old and new IdM servers up and running separately.
This
The FreeIPA team is proud to announce FreeIPA v4.2.0 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. The
builds for Fedora 22 and Fedora Rawhide will be available in the
official COPR repository
https://copr.fedoraproject.org/coprs/mkosek/freeipa-4.2/.
This
On Thu, 2015-07-09 at 17:56 -0700, Janelle wrote:
Hello,
I see 4.2 is released today with lots of cool new features. I think I
understand the new Vault, but am not familiar with KRA? Wondering if
there might be some information on what this is?
KRA is the name of the Dogtag project
On Fri, Jul 10, 2015 at 10:26:11AM +0200, Petr Vobornik wrote:
The FreeIPA team is proud to announce FreeIPA v4.2.0 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. The builds
for Fedora 22 and Fedora Rawhide will be available in the official COPR
repository
On 07/10/2015 02:56 AM, Janelle wrote:
Hello,
I see 4.2 is released today with lots of cool new features. I think I
understand the new Vault, but am not familiar with KRA? Wondering if there
might be some information on what this is?
~Janelle
KRA (or DRM) is the Dogtag subsystem we use for
On Fri, Jul 10, 2015 at 10:26:11AM +0200, Petr Vobornik wrote:
The FreeIPA team is proud to announce FreeIPA v4.2.0 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. The builds
for Fedora 22 and Fedora Rawhide will be available in the official COPR
repository
On Fri, Jul 10, 2015 at 02:40:58PM +0200, Jan Pazdziora wrote:
On Fri, Jul 10, 2015 at 10:26:11AM +0200, Petr Vobornik wrote:
The FreeIPA team is proud to announce FreeIPA v4.2.0 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. The builds
for Fedora 22 and Fedora
On 07/10/2015 02:40 PM, Jan Pazdziora wrote:
On Fri, Jul 10, 2015 at 10:26:11AM +0200, Petr Vobornik wrote:
The FreeIPA team is proud to announce FreeIPA v4.2.0 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. The builds
for Fedora 22 and Fedora Rawhide will be
Le 30 juin 2015 à 10:16, Alexandre Ellert aell...@numeezy.com a écrit :
Could you please provide the content of logfile:
`/var/log/pki/pki-tomcat/ca/debug', around the time the error
occurs?
Thanks,
Fraser
When the pki-tomcatd service is trying to start, I see this message in
On Fri, Jul 10, 2015 at 04:09:45PM +0200, Petr Vobornik wrote:
Some of the dependencies are still in updates-testing repository. They have
been added to the COPR repository.
Now FreeIPA 4.2 could be installed even with the updates-testing repo
disabled. Sorry for your inconvenience.
I
Hello,
I setup an ubuntu client for freeIPA 4.1.4, and sudo rules do not seem to
work.
I then realized that I used ipa-client-install version 3.3.4.
Is this a plausible cause ?
And if so, where can I get a more recent version for ubuntu/debian ?
Thanks,
Karl
--
Manage your subscription for the
hi,
earlier today I was reading a post about the new freeipa version on my
mobile device and got plenty of warnings about an invalid certificate. On a
fedora laptop no warnings, but this is the problem:
$ curl -LIv https://www.freeipa.org
* Rebuilt URL to: https://www.freeipa.org/
* Hostname
On 07/10/2015 04:51 PM, Jan Pazdziora wrote:
On Fri, Jul 10, 2015 at 04:09:45PM +0200, Petr Vobornik wrote:
Some of the dependencies are still in updates-testing repository. They have
been added to the COPR repository.
Now FreeIPA 4.2 could be installed even with the updates-testing repo
On 07/10/2015 02:55 PM, Jan Pazdziora wrote:
On Fri, Jul 10, 2015 at 02:40:58PM +0200, Jan Pazdziora wrote:
On Fri, Jul 10, 2015 at 10:26:11AM +0200, Petr Vobornik wrote:
The FreeIPA team is proud to announce FreeIPA v4.2.0 release!
It can be downloaded from
On Thu, Jul 09, 2015 at 08:59:11PM -0700, Angelo Pantano wrote:
I have the exact same problem, have a windows AD that trusts IPA server and
an IPA client that connect to the IPA server via sssd.If I try to ssh on
the IPA client using an AD user it fails authentication. The same happens
if I
I have the exact same problem, have a windows AD that trusts IPA server and
an IPA client that connect to the IPA server via sssd.If I try to ssh on
the IPA client using an AD user it fails authentication. The same happens
if I try to su - ADuser.
Basically IPA server is not correctly proxying
I have a freeipa server trusting an active directory domain, if I ssh to
the ipa server everything works, but if I try to ssh on an ipa client the
authentication fails.
I noticed on the server that the wbinfo -n 'AD\Domain Users' is failing:
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
On Fri, 10 Jul 2015, Angelo Pantano wrote:
I have a freeipa server trusting an active directory domain, if I ssh to
the ipa server everything works, but if I try to ssh on an ipa client the
authentication fails.
I noticed on the server that the wbinfo -n 'AD\Domain Users' is failing:
failed to
On Fri, 10 Jul 2015, Angelo Pantano wrote:
and this is the error I see in krb5_child.log
(Fri Jul 10 12:38:05 2015) [[sssd[krb5_child[13235 [main] (0x0400):
Will perform online auth
(Fri Jul 10 12:38:05 2015) [[sssd[krb5_child[13235 [get_and_save_tgt]
(0x0400): Attempting kinit for
On Fri, 10 Jul 2015, Angelo Pantano wrote:
I am using sssd and from ipa clients the authentication is not working
(works fine if I ssh on the ipa-server). I thought it could be due to the
external groups being empty and not mapping the AD users.
Anyway this is the krb5.conf on the ipa client:
I am using sssd and from ipa clients the authentication is not working
(works fine if I ssh on the ipa-server). I thought it could be due to the
external groups being empty and not mapping the AD users.
Anyway this is the krb5.conf on the ipa client:
#File modified by ipa-client-install
On (10/07/15 16:19), Karl Forner wrote:
Hello,
I setup an ubuntu client for freeIPA 4.1.4, and sudo rules do not seem to
work.
I then realized that I used ipa-client-install version 3.3.4.
Is this a plausible cause ?
And if so, where can I get a more recent version for ubuntu/debian ?
Never
On Fri, 10 Jul 2015, Angelo Pantano wrote:
I still had it because I am in the middle of a PoC for a migration, the
legacy used pam_ldap and if I just remove it not only the error does not go
away, but in the secure logs you also see this new error:
Jul 10 14:08:17 ip-10-237-186-172 sshd[7361]:
On Fri, 10 Jul 2015, Angelo Pantano wrote:
ok I managed to fix it by running:
yum remove pam_ldap; sed -i '/pam_ldap/d' /etc/pam.d/*
Thanks for pointing me to the dns problem though, that was the real deal.
Is there a way to setup ipa-client without messing up with resolv.conf?
like disabling
On 07/08/2015 11:31 AM, Orion Poplawski wrote:
But then when I go to make a replica:
# ipa-replica-prepare ipa1.nwra.com --dirsrv_pkcs12=nwra.com.p12
--dirsrv_pin=XX --http_pkcs12=nwra.com.p12 --http_pin=XX
Directory Manager (existing master) password:
(SEC_ERROR_LIBRARY_FAILURE)
I removed the stanza, but anyway I found one problem was the DNS. I needed
to setup the nameserver in resolv.conf with the ip of the ipa server. I can
kinit now but ssh is still failing, connection gets closed instead of
letting me in:
secure.log says:
Jul 10 13:19:01 ip-10-237-186-172
On Fri, 10 Jul 2015, Angelo Pantano wrote:
I removed the stanza, but anyway I found one problem was the DNS. I needed
to setup the nameserver in resolv.conf with the ip of the ipa server. I can
kinit now but ssh is still failing, connection gets closed instead of
letting me in:
secure.log says:
I still had it because I am in the middle of a PoC for a migration, the
legacy used pam_ldap and if I just remove it not only the error does not go
away, but in the secure logs you also see this new error:
Jul 10 14:08:17 ip-10-237-186-172 sshd[7361]: PAM unable to
30 matches
Mail list logo
