[Freeipa-users] CentOS patch management on FreeIPA server

Hi All, I'm using FreeIPA server VERSION: 4.4.0, API_VERSION: 2.213 and running on CentOS 7 and have one replica server as well. I need to patch up centos system as per PCI DSS compliance. Let me know whether I can proceed as usual or to follow any sequential steps to achieve the task.

Re: [Freeipa-users] IPA Compat + ID Views + AIX 7.1

Thank you for pointing that out. I should of course have been more specific: native aix sudo does not support ldap and therefore sudorules from ldap, but it is possible to install a different sudo version with ldap enabled. Unfortunately, in our case, using external rpm's is not an option.

Re: [Freeipa-users] Spam

On ke, 17 touko 2017, Christopher Lamb wrote: and I was feeling left out because I wasn't getting any spam, despite other users reporting it. Then I posted a new thread a few days ago, and within seconds I got several spams, and did so for each post I made on that thread. So I as far as I

Re: [Freeipa-users] Spam

to be more precise, a few minutes after I post, and a few seconds after I get the mail with my post from freeipa-users From: Christopher Lamb/Switzerland/IBM@IBMCH To: "freeipa-users@redhat.com" Date: 17/05/2017 06:26 Subject:Re: [Freeipa-users] Spam

Re: [Freeipa-users] Spam

and I was feeling left out because I wasn't getting any spam, despite other users reporting it. Then I posted a new thread a few days ago, and within seconds I got several spams, and did so for each post I made on that thread. So I as far as I can see something is picking up fresh posts,

Re: [Freeipa-users] Spam

Me too. I received a lot of spam messages from Amy Kristen. ср, 17 мая 2017 г. в 3:16, Vinny Del Signore : > Hi Andrew, > > I just sent my first mail today around 5:30pm EST and have already > received five spam e-mails from "Amy Kristen". Three of these included nude >

Re: [Freeipa-users] Spam

Hi Andrew, I just sent my first mail today around 5:30pm EST and have already received five spam e-mails from "Amy Kristen". Three of these included nude photos. These are the two e-mail addresses used so far. Hoping this stops. -Vin Amy Kristen Amy Kristen

[Freeipa-users] Spam

Whats up with this wierd spam. This is the only list where I see this. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Confused: LDAP authentication of AD users

Hi Dan > With a one-way trust from FreeIPA 4.4 to Active Directory on WinServ2012r2, I > am > trying to use FreeIPA LDAP for user authentication. > Is that supposed to work? In the way you have described it, no. AD users/groups will not be in the FreeIPA LDAP. So attempting to authenticate a

Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7

On 17 May 2017 8:50:02 AM NZST, "Robert L. Harris" wrote: >I can, though that's what I did 2 days ago, fresh install from latest >ISO. > > >On Tue, May 16, 2017 at 2:40 PM Andrew Holway >wrote: > >> I have a feeling that there is something

[Freeipa-users] Confused: LDAP authentication of AD users

With a one-way trust from FreeIPA 4.4 to Active Directory on WinServ2012r2, I am trying to use FreeIPA LDAP for user authentication. Is that supposed to work? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to

Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7

I can, though that's what I did 2 days ago, fresh install from latest ISO. On Tue, May 16, 2017 at 2:40 PM Andrew Holway wrote: > I have a feeling that there is something broken with your image. Could you > try installing Centos from ISO? > > > On 16 May 2017 at

Re: [Freeipa-users] Why OTP not working

Andrey Dudin writes: > I trying to use OTP auth in Freeipa but have some problems. OTP (with RADIUS) works for me. > I have user *test:* > > [root@ipa-centos]# ipa user-show test ... Did you enable --user-auth-type=otp with "ipa config-mod"? I have: [root@freeipa1

Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7

I have a feeling that there is something broken with your image. Could you try installing Centos from ISO? On 16 May 2017 at 22:37, Robert L. Harris wrote: > > I left SELinux enabled, no change, still streaming the same error: > > [Tue May 16 14:36:48.957848 2017]

Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7

I left SELinux enabled, no change, still streaming the same error: [Tue May 16 14:36:48.957848 2017] [:error] [pid 10780] NSS_Initialize failed. Certificate database: /etc/httpd/alias. [Tue May 16 14:36:48.957883 2017] [:error] [pid 10780] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED [Tue

Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7

Yea, I would try installing IPA then making the changes that you want. I think SELinux should be left enabled however. It makes admin super fun! :) On 16 May 2017 at 21:57, Robert L. Harris wrote: > > I did disable selinux as it gave errors setting up my standard

Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7

I did disable selinux as it gave errors setting up my standard users, etc. I can roll back the snapshot, set it at 4Gigs of RAM and re-enable selinux and then try again. On Tue, May 16, 2017 at 1:52 PM Andrew Holway wrote: > This is pretty weird. FreeIPA installation

Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7

This is pretty weird. FreeIPA installation normally works. Has the operating system image been changed or optimised somehow? Perhaps SELinux has been disabled? Have you tried installing Centos7 from the ISO? On 16 May 2017 at 21:48, Robert L. Harris wrote: > >2

[Freeipa-users] Why OTP not working

Hello all. I trying to use OTP auth in Freeipa but have some problems. I have user *test:* [root@ipa-centos]# ipa user-show test User login: test First name: test Last name: test Home directory: /home/test Login shell: /bin/sh Principal name: t...@mydomain.com Principal alias:

Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7

2 Gigs, it's a VM. The VM didn't report any memory issues ( no alarms on VMWare ) On Tue, May 16, 2017 at 12:29 PM Andrew Holway wrote: > Hallo, > > How much memory do you have on the machine. I have a sneaking suspicion > that you're running out. > > Ta, > >

Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7

Hallo, How much memory do you have on the machine. I have a sneaking suspicion that you're running out. Ta, Andrew On 16 May 2017 at 17:16, Robert L. Harris wrote: > > Last night I rolled back my snapshot. Here's what I have after the yum > install > > "minimal"

[Freeipa-users] UI customization: Default values on host addition

I've extended the UI for host addition by including a multivalued widget which stores puppetVar values (as well as the accompanying Python plugin to handle it and schema update in the directory). This works well, but I'd like to add one more thing and am not sure how to do it. There are certain

Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7

Last night I rolled back my snapshot. Here's what I have after the yum install "minimal" install of Centos7 + basic build. {0}:/var/log>cat /etc/*elease CentOS Linux release 7.3.1611 (Core) NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7"

Re: [Freeipa-users] Password and OTP auth

Thanks, but I think I have a problem. I have test user: [root@ipa-centos]# ipa user-show test User login: test First name: test Last name: test Home directory: /home/test Login shell: /bin/sh Principal name: t...@mydomain.com Principal alias: t...@mydomain.com Email address:

Re: [Freeipa-users] IPA Compat + ID Views + AIX 7.1

As far as I found out, it is not possible to integrate sudo rules from IPA into AIX. sudo on aix does not support that. You will have to maintain /etc/sudoers by som other means. Thats where you are mistaken. It is possible to integrate sudo rules into AIX, I've done it and have documented it

Re: [Freeipa-users] Password and OTP auth

On Tue, May 16, 2017 at 04:48:42PM +0300, Andrey Dudin wrote: > Hello all. > > tell me please. Is it possible to use password and otp auth at the one > moment? > > For example I have DEV/STAGE servers and want to be able use password auth > for ssh, but for PROD servers I want to use OTP auth

[Freeipa-users] Freeipa and limiting access by group (memberOf)

Hi Folks, Last week I deployed freeipa on a CentOS7 VM. The installation went very smoothly using: yum install ipa-server and ipa-server-install My issue is with connecting a CentOS 7 client. On my client, I yum installed ipa-client and ipa-admintools. I than ran

[Freeipa-users] Password and OTP auth

Hello all. tell me please. Is it possible to use password and otp auth at the one moment? For example I have DEV/STAGE servers and want to be able use password auth for ssh, but for PROD servers I want to use OTP auth for same user. -- Manage your subscription for the Freeipa-users mailing

Re: [Freeipa-users] is ipa-cert-manage safe to use?

On 05/15/17 16:44, Rob Crittenden wrote: > > I'm confused. You mention replacing some "externally signed certificate" > and yet then ask switching to externally signed certificates. What is > the current configuration? What is signing the existing server certs? Or > do you have an external CA

Re: [Freeipa-users] SSSD Cache and Service Tickets

On 2017-05-15 21:27, Jakub Hrozek wrote: [...] On Mon, May 15, 2017 at 03:54:22PM +0200, Ronald Wimmer wrote: Hi, I am confronted with a behaviour for which I do not have an explanation for. I am using NFS4 Kerberos automounted homeshares and and recently I got a permission denied