One way to do it is write a small script which will fetch the keys from
LDAP.
As for authentication, I make the SSH public key anonymously readable for
everyone.
On 11 September 2015 at 05:00, Gustavo Mateus
wrote:
> Hi,
>
> I'm trying to setup my Amazon Linux instances to be able to fetch the
Hi,
I'm trying to setup my Amazon Linux instances to be able to fetch the IPA
users public ssh key.
Do I have to setup a binddn and bindpw in the ldap.conf file and use
/usr/libexec/openssh/ssh-ldap-wrapper or is there a better way to do it?
Thanks,
Gustavo
--
Manage your subscription for the F
Following instructions from here...
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html
RHEL6 server
# rpm -qa ipa-server
ipa-server-3.0.0-42.el6.x86_64
RHEL7 server
# rpm -q ipa-server
ipa-ser
Thanks all!
(And I should have known that it would be Mo's work.)
--
Ian Pilcher arequip...@gmail.com
"I grew up before Mark Zuckerberg invented friendship"
So I did a bit of googling and tinker panic 0 only makes sense for virtual
machines. Is there any way to confirm if it is indeed a hardware issue ?
On Thu, Sep 10, 2015 at 5:16 AM, Andrew Holway
wrote:
> Thats odd. You would normally not need it on bare metal. It could be
> broken hardware.
>
>
On 10.9.2015 17:22, Alexander Bokovoy wrote:
> On Thu, 10 Sep 2015, Martin Kosek wrote:
>> On 09/08/2015 08:13 PM, Ian Pilcher wrote:
>>> Now that I'm actually using IPA authentication for a few services within
>>> my house, I'm going to set up a simple "start page" with a few links,
>>> including
Hello:
So recently, we received some new workstations that I loaded with Ubuntu 12.04.
The person who had this sysadmin position before me set up the IPA domain and
had it running for quite some time. I went to add one of the systems to the
domain through a script he created, something in the c
On Thu, 10 Sep 2015, Martin Kosek wrote:
On 09/08/2015 08:13 PM, Ian Pilcher wrote:
Now that I'm actually using IPA authentication for a few services within
my house, I'm going to set up a simple "start page" with a few links,
including a link to IPA web UI for password changes. I'd like to use
Hi,
I'm not sure I understood all of your problem, but here are some
information that may help:
- First, you don't change a certificate, but you can revoke it a make a new
one
- If you need to add a SubjectAltName to a certificate, you may have
realized that the -D parameter makes the request to g
On 9/10/15 7:55 AM, Martin Kosek wrote:
On 09/09/2015 09:50 PM, Janelle wrote:
Hello,
I was wondering if anyone has played with thee extended logging of IPA and
specifically SSSD and the kibana dashboards they put together.
https://www.freeipa.org/page/Centralized_Logging
I can't seem to get "
The hardware is not very old (ivybridge). The entries appear every few
minutes in the log. The /etc/ntp.conf has not been modified manually. It
lists 3 servers - 0.rhel.pool.ntp.org, 1 and 2. At the end, there are also
a couple of additional local servers with the comment added by
/sbin/dhclient-sc
On 09/09/2015 09:50 PM, Janelle wrote:
> Hello,
>
> I was wondering if anyone has played with thee extended logging of IPA and
> specifically SSSD and the kibana dashboards they put together.
> https://www.freeipa.org/page/Centralized_Logging
>
> I can't seem to get "clients" to send the login i
On 09/08/2015 08:13 PM, Ian Pilcher wrote:
> Now that I'm actually using IPA authentication for a few services within
> my house, I'm going to set up a simple "start page" with a few links,
> including a link to IPA web UI for password changes. I'd like to use
> the FreeIPA logo, but I've only bee
On 10.9.2015 15:38, Günther J. Niederwimmer wrote:
> Hello,
>
> what is the best way to include a external Nameserver for a IPA Host?
>
> My DNS (DNSSEC) server is running on a extra Instance (KVM) now I have setup
> a
> extra Instance for a IPA Master Server and I have now to include the CNAMe
Hello,
what is the best way to include a external Nameserver for a IPA Host?
My DNS (DNSSEC) server is running on a extra Instance (KVM) now I have setup a
extra Instance for a IPA Master Server and I have now to include the CNAMe
Server like "smtp.example.com CNAME imap.example.com" or cvan I
Thomas Suiter wrote:
> Is there an equivalent host/computer default objectclasses that there is
> for ipa config-mod groupobjectclasses/--userobjectclasses ? We are
> wanting to add some additional attributes to all of the servers, Im
> able to add the object class to individual servers but not
Thats odd. You would normally not need it on bare metal. It could be broken
hardware.
On 10 September 2015 at 14:05, Prasun Gera wrote:
> Thanks. I'm not virtualizing though. Should I still add it ?
>
> On Thu, Sep 10, 2015 at 5:02 AM, Andrew Holway
> wrote:
>
>> Hi,
>>
>> I assume you are virt
Thanks. I'm not virtualizing though. Should I still add it ?
On Thu, Sep 10, 2015 at 5:02 AM, Andrew Holway
wrote:
> Hi,
>
> I assume you are virtualising.
>
> Try adding "tinker panic 0" to /etc/ntp.conf.
>
> It should make it tolerant to heavily drifting virtual clocks.
>
> Cheers,
>
> Andrew
Hi,
I assume you are virtualising.
Try adding "tinker panic 0" to /etc/ntp.conf.
It should make it tolerant to heavily drifting virtual clocks.
Cheers,
Andrew
On 10 September 2015 at 13:46, Prasun Gera wrote:
> OS: RHEL 7.1 w IDM
>
> I'm seeing these messages in my master's log messages. I
OS: RHEL 7.1 w IDM
I'm seeing these messages in my master's log messages. I don't know if it's
related, but I think I started seeing them after I set up a replica.
Everything seems to be working fine, but I'm worried that things will break
if delta grows beyond a point. I tried steps in
https://ac
Hello Steven!
I would like to help you but unfortunately I have no chance to guess
what went wrong.
To help us help you please report any issue in a way described on
FreeIPA Troubleshooting page (http://www.freeipa.org/page/Troubleshooting).
Most importantly we need the following:
1. Versi
Now all is ok :)
# ipa trust-add --type=ad mydomain.com --admin Administrator --password
Active Directory domain administrator's password:
---
Added Active Directory trust for realm "mydomain.com"
-
On 09/09/2015 06:32 PM, Thomas Suiter wrote:
Is there an equivalent host/computer default objectclasses that there
is for ipa config-mod –groupobjectclasses/--userobjectclasses ? We
are wanting to add some additional attributes to all of the servers,
I’m able to add the object class to ind
23 matches
Mail list logo