Sorry, the second link should be
https://www.redhat.com/archives/freeipa-users/2016-February/msg00059.html
Stefan Zecevic
The little commuter in the big red scooter
On Mon, May 16, 2016 at 10:56 AM, Simo Sorce wrote:
> On Mon, 2016-05-16 at 09:03 -0700, Stefan Zecevic wrote:
> > Hello all,
>
Hello all,
New req coming down the pipe which is RSA 2 factor auth and IPA
integration. Does anyone have a good source to start reading up on this?
I have been reading the freeipa docs and setting up the otp and what not..
but wondering if anyone has specific RSA integration docs/info?
On Mon, 2016-05-16 at 09:03 -0700, Stefan Zecevic wrote:
> Hello all,
>
> I have been testing to see if freeIPA is a workable solution in our mixed
> CentOS and Macintosh environment. I've been doing all this testing on
> virtual machines. So far, on my own, everything I need seems to be working
>
On Mon, 2016-05-16 at 17:00 +0100, lejeczek wrote:
> hi users/devel
>
> I'm trying to grasp the concepts - can IPA be plugged into AD domain,
> be part of it as a subdomain?
No, the only trust type we handle is a Forest level trust, so FreeIPA
needs to be its own forest in AD terms.
> I'm guessi
Hello all,
I have been testing to see if freeIPA is a workable solution in our mixed
CentOS and Macintosh environment. I've been doing all this testing on
virtual machines. So far, on my own, everything I need seems to be working
with the exception of resetting expired passwords on the Macintosh
(
hi users/devel
I'm trying to grasp the concepts - can IPA be plugged into AD domain,
be part of it as a subdomain?
I'm guessing it'd be quite common scenario, I see wiki describes
opposite arrangement, but how##SELECTION_END## how to have IPA as
ipa.activedir.local whereas activedir.local is top d
Thanks for the reply.
Yes it will. But my question is a bit different.
I want to be able to ensure that each and every user is forced to setup
atleast 1 OTP.
I have set "Default user authentication types" to "password + OTP". With
this users who have OTP, have to use OTP. But if a user does not
Certmonger cannot communicate with CA; the result of getlist cert shows:
RPC failed at server. Certificate operation cannot be completed: Unable to
communicate with CMS (Not Found)
After setting time back, from /var/log/pki-ca/debug I get:
[30/Dec/2015:08:10:25][main]: CMS:Caught EBaseException
On 16.5.2016 15:33, Martin Kosek wrote:
> On 05/16/2016 02:03 PM, Günther J. Niederwimmer wrote:
>> Hello,
>>
>> I have a question about the named.conf, is it possible to change the
>> named.conf, to mace ACL or views, or is named.conf overwritten from freeipa-
>> module ?
>>
>
> Hello,
>
> Free
On Mon, 16 May 2016, Lachlan Musicman wrote:
Hola,
We have an interesting scenario that is hard to find any information on.
Due to permission restrictions, a NAS that is mounted and visible by both
AD and 'nix clients, every user belongs to a particular primary group.
What scope these primary
On Mon, May 16, 2016 at 03:27:39PM +0200, Martin Kosek wrote:
> On 05/16/2016 05:28 AM, Lachlan Musicman wrote:
> > Hola,
> >
> > We have an interesting scenario that is hard to find any information on.
> >
> > Due to permission restrictions, a NAS that is mounted and visible by both
> > AD and
On 05/16/2016 02:03 PM, Günther J. Niederwimmer wrote:
> Hello,
>
> I have a question about the named.conf, is it possible to change the
> named.conf, to mace ACL or views, or is named.conf overwritten from freeipa-
> module ?
>
Hello,
FreeIPA indeed replaces default named.conf during installa
On 05/13/2016 05:24 PM, Thomas Heil wrote:
> Hi,
>
> On 13.05.2016 16:12, Petr Spacek wrote:
>> On 13.5.2016 15:25, Thomas Heil wrote:
>>> Hi,
>>>
>>> I would like to reduce the vector of brute force attacks in my web
>>> application written in php. Users can login via passord and otp which
>>> ar
On 05/16/2016 05:28 AM, Lachlan Musicman wrote:
> Hola,
>
> We have an interesting scenario that is hard to find any information on.
>
> Due to permission restrictions, a NAS that is mounted and visible by both AD
> and
> 'nix clients, every user belongs to a particular primary group.
>
> When
Hi,
my article detailing on Fedora 24 improvements for single sign-on use is
published by Fedora Magazine:
https://fedoramagazine.org/single-sign-on-improvements-fedora-24/
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/list
On 16.05.2016 13:44, Günther J. Niederwimmer wrote:
Am Montag, 16. Mai 2016, 13:13:04 CEST schrieb Petr Spacek:
On 16.5.2016 08:47, Martin Kosek wrote:
On 05/14/2016 07:49 PM, Günther J. Niederwimmer wrote:
Hello,
Thanks for answer,
Am Freitag, 13. Mai 2016, 09:40:05 CEST schrieb Martin Ko
On Mon, 16 May 2016, Günther J. Niederwimmer wrote:
Hello,
In FreeIpa UI it is possible to insert more then one EmailAdresses, but i
can't found a way to figure out to have the correct Password / Mailaddresses
together (Dovecot) the only way I found is user / password.
My search Filter is in t
Hello,
In FreeIpa UI it is possible to insert more then one EmailAdresses, but i
can't found a way to figure out to have the correct Password / Mailaddresses
together (Dovecot) the only way I found is user / password.
My search Filter is in the Moment
user_filter = (&(objectClass=posixaccount)
On Mon, 16 May 2016, Ben .T.George wrote:
HI
So basically RBAC cannot apply against system user (ssh) ?
For enforcing anything at a client side we have HBAC.
For enforcing permission checks in the LDAP database we have RBAC.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-
HI
So basically RBAC cannot apply against system user (ssh) ?
On Mon, May 16, 2016 at 11:29 AM, Alexander Bokovoy
wrote:
> On Sat, 14 May 2016, Ben .T.George wrote:
>
>> Hi List,
>>
>> i have one working setup with HBAC and sudo rules.
>>
>> I would like to know more about RBAC. like what is
Hello,
I have a question about the named.conf, is it possible to change the
named.conf, to mace ACL or views, or is named.conf overwritten from freeipa-
module ?
--
mit freundlichen Grüßen / best regards,
Günther J. Niederwimmer
--
Manage your subscription for the Freeipa-users mailing lis
Am Montag, 16. Mai 2016, 13:13:04 CEST schrieb Petr Spacek:
> On 16.5.2016 08:47, Martin Kosek wrote:
> > On 05/14/2016 07:49 PM, Günther J. Niederwimmer wrote:
> >> Hello,
> >>
> >> Thanks for answer,
> >>
> >> Am Freitag, 13. Mai 2016, 09:40:05 CEST schrieb Martin Kosek:
> >>> On 05/12/2016 04:
On 16.5.2016 08:47, Martin Kosek wrote:
> On 05/14/2016 07:49 PM, Günther J. Niederwimmer wrote:
>> Hello,
>>
>> Thanks for answer,
>>
>> Am Freitag, 13. Mai 2016, 09:40:05 CEST schrieb Martin Kosek:
>>> On 05/12/2016 04:41 PM, Günther J. Niederwimmer wrote:
Hello,
I have the Problem to f
On 05/16/2016 12:20 PM, Prashant Bapat wrote:
> Any suggestions on how to achieve this ?
>
`ipa config-mod --user-auth-type=otp` will force otp auth for users with
an OTP token.
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/list
On 05/14/2016 12:01 AM, Adam Kaczka wrote:
> Hi all,
>
> I have inherited a IPA system that has an expired cert and the old admins
> have
> left; I followed (http://www.freeipa.org/page/IPA_2x_Certificate_Renewal) but
> running into errors when I try to renew the CA certs even after time is
>
Any suggestions on how to achieve this ?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 13/05/16 14:14, Sumit Bose wrote:
On Wed, May 11, 2016 at 05:17:03PM +0100, lejeczek wrote:
.. if possible, would you know?
hi everybody,
I'm trying, and hoping it is possible to realm join an AD but is such a
way so I tap my IPA into specific OU within that AD.
I'm not exactly sure what y
On Sat, 14 May 2016, Ben .T.George wrote:
Hi List,
i have one working setup with HBAC and sudo rules.
I would like to know more about RBAC. like what is RBAC and what can be
achieved with RBAC.
anyone please share some good topics about this as i am getting so many and
the information's mentio
28 matches
Mail list logo