On Wed, Nov 11, 2015 at 10:26:11PM +0100, John Obaterspok wrote:
> Thanks Simo & Fraser,
>
> Creating a .netrc file on the client computer with according to the SO
> postings with below content made things work perfectly!
> machine gitserver.my.lan username '' password ''
> machine gitserver
On Wed, Nov 11, 2015 at 02:50:20PM -0800, Prasun Gera wrote:
> I'll try this on an aws instance and report. Some googling also suggests
> that the additional step of "pk12util -i ipa.example.com.p12 -d
> /etc/httpd/alias" is needed, which is similar to what you suggested. A few
> more questions:
>
On Wed, Nov 11, 2015 at 03:41:34PM -0500, Rob Crittenden wrote:
> Martin Kosek wrote:
> >On 11/10/2015 10:59 PM, Fraser Tweedale wrote:
> >>On Tue, Nov 10, 2015 at 07:02:42PM +0100, Natxo Asenjo wrote:
> >>>hi,
> >>>
> >>>do we need to keep all the MasterCRL-MMDD-HHMMSS.der files or can we
> >>
Thanks Simo & Fraser,
Creating a .netrc file on the client computer with according to the SO
postings with below content made things work perfectly!
machine gitserver.my.lan username '' password ''
machine gitserver username '' password ''
I would like to use TLS and I've made it work by
I'll try this on an aws instance and report. Some googling also suggests
that the additional step of "pk12util -i ipa.example.com.p12 -d
/etc/httpd/alias" is needed, which is similar to what you suggested. A few
more questions:
1) How would renewals work ? the pem files can be renewed on expiration
Do we know what the status of getting these packages prepped and into the
mainstream repos (like EPEL, I suppose)?
I'm just curious as I try and keep my repos minimal on servers (for obvious
reasons), but I would really like to begin testing/using the functionality
in 4.2.
Thanks as always!
Chr
Martin Kosek wrote:
On 11/10/2015 10:59 PM, Fraser Tweedale wrote:
On Tue, Nov 10, 2015 at 07:02:42PM +0100, Natxo Asenjo wrote:
hi,
do we need to keep all the MasterCRL-MMDD-HHMMSS.der files or can we
purge them on a regular basis (say, keep 60 days dump the rest)?
$ ls -l | wc -l
3621
On 11/10/2015 10:59 PM, Fraser Tweedale wrote:
On Tue, Nov 10, 2015 at 07:02:42PM +0100, Natxo Asenjo wrote:
hi,
do we need to keep all the MasterCRL-MMDD-HHMMSS.der files or can we
purge them on a regular basis (say, keep 60 days dump the rest)?
$ ls -l | wc -l
3621
this is in a server i
On 11/10/2015 02:59 PM, Dominik Korittki wrote:
Hello folks,
I created a replica IPA host with version 4.1.0-18.el7.centos.4,
while the initial master is a FreeIPA 3.3.3.
Everything seems to work fine with the new host except for one thing:
We have a special IPA user, which has the rights for
On Wed, Nov 11, 2015 at 11:37:47AM -0700, Orion Poplawski wrote:
> On 11/11/2015 12:57 AM, Jakub Hrozek wrote:
> > On Tue, Nov 10, 2015 at 11:44:12AM -0700, Orion Poplawski wrote:
> >> I see that AD trust users don't get their posix shell set:
> >>
> >> # getent passwd user
> >> u...@ad.nwra.com:*:
On 11/11/2015 12:57 AM, Jakub Hrozek wrote:
> On Tue, Nov 10, 2015 at 11:44:12AM -0700, Orion Poplawski wrote:
>> I see that AD trust users don't get their posix shell set:
>>
>> # getent passwd user
>> u...@ad.nwra.com:*:2260345:2260345:A User:/export/home/user:
>>
>> I can fix this on the clients
On 11/11/2015 12:57 AM, Jakub Hrozek wrote:
> On Tue, Nov 10, 2015 at 11:44:12AM -0700, Orion Poplawski wrote:
>> I see that AD trust users don't get their posix shell set:
>>
>> # getent passwd user
>> u...@ad.nwra.com:*:2260345:2260345:A User:/export/home/user:
>>
>> I can fix this on the clients
Fraser Tweedale wrote:
On Tue, Nov 10, 2015 at 08:30:47PM -0800, Prasun Gera wrote:
You are right in that the fullchain.pem doesn't have the root certificate.
I ran "openssl x509 -in chain.pem -noout -text", and saw that it
had Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3, and Subjec
On 11.11.2015 11:57, Torsten Harenberg wrote:
Dear all,
on our secondary IPA server (running 4.1.4) we did an upgrade of FC from
21 to 22, as 21 is running out of support.
The upgrade process itself went smoothly, however, 386DS segfaults now:
ns-slapd[1427]: segfault at 7fffe301413e ip
Yesterday I came in to 3 of my 4 freeipa replicas in an unusable state and
replication was not connecting any of the hosts to each other. My
first/primary host was still servicing authentication requests, but the others
were in varying states of usability. I’ve investigated logs on all 4 nodes
On Wed, 11 Nov 2015, Oliver Dörr wrote:
Hi,
i've tried user_mod instead because of https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/pwd-expiration.html
and got
Error-code:2100
Error-name:ACIError
Error-msg:Insufficient access: Insufficient 'write' privilege to
th
Hi,
i've tried user_mod instead because of
https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/pwd-expiration.html
and got
Error-code:2100
Error-name:ACIError
Error-msg:Insufficient access: Insufficient 'write' privilege to the
'krbPasswordExpiration' attribute of e
Hi,
i'm still working with the JSON API and I now have the problem, that I
want to add a user with a not expired password. I've tried setattr and
addattr with the following JSON code, but both fail.
{"params":[[],{"givenname":"Oliver","userpassword":"start123","uid":"k812339","version":"2.151",
I have a few issues with sudo rules(FreeIPA 4.1.4-4 on Fedora 22) that I
would greatly appreciate some help with. The core of the issue is that
sudo rules fail to work when using ldap instead of ipa when you assign
user groups and host groups to the sudo rule in place of explicitly
adding users
Dear all,
on our secondary IPA server (running 4.1.4) we did an upgrade of FC from
21 to 22, as 21 is running out of support.
The upgrade process itself went smoothly, however, 386DS segfaults now:
ns-slapd[1427]: segfault at 7fffe301413e ip 7fffeeb1fa08 sp
7fffd3d8 error 4 in libdb-
On 11/10/2015 08:14 PM, Gronde, Christopher (Contractor) wrote:
Removed the bad mapping. Krb5kdc service still will not start. Here is the
access log.
[10/Nov/2015:14:12:16 -0500] conn=Internal op=-1 ADD dn="ou=Netscape Directory
Team,cn=monitor"
[10/Nov/2015:14:12:16 -0500] conn=Internal op
On Tue, Nov 10, 2015 at 11:44:12AM -0700, Orion Poplawski wrote:
> I see that AD trust users don't get their posix shell set:
>
> # getent passwd user
> u...@ad.nwra.com:*:2260345:2260345:A User:/export/home/user:
>
> I can fix this on the clients with override_shell, but that would apply to the
22 matches
Mail list logo
