First, I'm sorry if this mail is not helpful enough, I'm really just replying
to the part I'm familiar with
On Mon, May 15, 2017 at 03:54:22PM +0200, Ronald Wimmer wrote:
> Hi,
>
> I am confronted with a behaviour for which I do not have an explanation for.
>
> I am using NFS4 Kerberos
On 05/15/2017 02:26 PM, Kat wrote:
> Hi all --
>
> Just wondering if there are any good examples of using the vault
> features to secure store, use passwords? I have devs that like to
> store them in git and well, I will discipline them appropriately, but
> I wante to see about using the vault.
Harald Dunkel wrote:
> Hi folks,
>
> I have to renew (or replace) the externally signed certificate
> on my ipa servers using a new ca. Apparently the tool of choice
> is ipa-cacert-manage.
>
> Of course I found https://www.freeipa.org/page/Howto/CA_Certificate_Renewal.
> Problem is, I cannot
Hi,
I am confronted with a behaviour for which I do not have an explanation for.
I am using NFS4 Kerberos automounted homeshares and and recently I got a
permission denied (reproducible when I restart autofs on the server I
want to connect to) from the Windows Domain. So here's what I tried:
Hi all --
Just wondering if there are any good examples of using the vault
features to secure store, use passwords? I have devs that like to store
them in git and well, I will discipline them appropriately, but I wante
to see about using the vault. Is it as simple as it appears to be? Just
Hi folks,
I have to renew (or replace) the externally signed certificate
on my ipa servers using a new ca. Apparently the tool of choice
is ipa-cacert-manage.
Of course I found https://www.freeipa.org/page/Howto/CA_Certificate_Renewal.
Problem is, I cannot estimate the risk and if its worth the
On (13/05/17 06:52), Harald Dunkel wrote:
>Hi folks,
>
>RHEL 7.3, sssd 1.14.0:
>
>If /etc/selinux/config says "SELINUX=disabled", then pam seems to fail
>(without telling why) and users cannot login. *Extremely* painful.
>
>Do you think ipa-client-install could add
>
> selinux_provider =
Hi.
I used 3 servers with freipa. Replica worked fine. Autentication also
But today I configured squid and looked errors.
I used ext_kerberos_ldap_group_acl -g domainusers@ -D SOME.LAN -S dc1
user_in_domainusers
ERR
Next ext_kerberos_ldap_group_acl -g domainusers@ -D SOME.LAN -S dc2
Ok
First
The messages you see could be transient messages, and if replication is
working than this seems to be the case. If not we would need more data
to investigate: deployment info, relicaIDs of all servers, ruvs, logs,.
Here is some background info: there are some scenarios where a csn could
Hi Goran
Exact same issue here with the same troubleshooting steps taken(I've tried
to reinitialize the replicas with success msg) - no luck so far.
I've additionally have run ipa_check_consistency script:
FreeIPA servers:ipa1 ipa2 ipa3STATE
On 12.05.2017 12:25, tuxderlinuxfuch...@gmail.com wrote:
> Thanks!
>
> I followed this manual:
> https://help.ubuntu.com/lts/serverguide/sssd-ad.html#sssd-ad-mkhomedir
>
> added the line
>
> sessionrequiredpam_mkhomedir.so skel=/etc/skel/ umask=0022
>
> to the file
On su, 14 touko 2017, Patrick Hemmer wrote:
I'm exploring using AD trusts, and am trying to find a good way to get
better management of trusted objects within FreeIPA.
One example, I add an AD user to an external group, and then add that
group to a POSIX group. When I want to view all the
12 matches
Mail list logo