Re: [Freeipa-users] FreeIPA for Linux desktop deployment

On 04/30/2011 12:10 PM, JR Aquino wrote: On Apr 29, 2011, at 11:45 PM, "nasir nasir"mailto:kollath...@yahoo.com>> wrote: Hi All, First of all, many thanks indeed to the developers and community for making some great strides in the open source IPA world ! I am planning for a Linux deployment

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

On 05/01/2011 08:49 AM, nasir nasir wrote: Thanks for all the replies and great suggestions! I do appreciate it a lot. Apologies for being a bit confusing about the cetralized /home foder in my previous mail. What I want is that all the users should have their /home folder stored in the stora

Re: [Freeipa-users] Questions from Steven Jones

On 05/03/2011 08:46 AM, Dmitri Pal wrote: I am posting Steven's questions as they have been sent to the wrong list and were on hold. Hi Seem to be having issues postinganyway I notice that free-ipa really wants to work best as its own d

Re: [Freeipa-users] extending FreeIPA

On 05/06/2011 08:49 AM, Simo Sorce wrote: On Wed, 2011-05-04 at 17:41 -0700, Stephen Ingram wrote: I currently maintain a directory with MTA configuration data in it (among other items). I'm wondering what is the best way to add to the FreeIPA schema without stepping on current and future schema

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

this possible? if so could anyone suggest me some guide lines or docs for the same ? Did you try installing the ipa-client rpms with Alien? Thanks and Regards, Nidal --- On *Mon, 5/2/11, Adam Young //* wrote: From: Adam Young Subject: Re: [Freeipa-users] FreeIPA for Linux de

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

e and installed it on the kubuntu machine(without any error). Still, its the same. Any idea ? Thanks and regards, Nidal --- On *Sun, 5/8/11, Adam Young //*wrote: From: Adam Young Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment To: "nasir nasir" Cc

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

On 05/09/2011 09:12 AM, Dmitri Pal wrote: On 05/08/2011 07:39 PM, Adam Young wrote: On 05/08/2011 06:20 AM, nasir nasir wrote: Thanks indeed again for the reply. I went through the deployment guide and installed and configured FreeIPA 2.0 on a RHEL 6.1 beta machine for testing. I also

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

uld be a good validation that the entire problem is just in the NFS configuration. Thanks indeed in advance and regards, Nidal --- On *Mon, 5/9/11, Adam Young //* wrote: From: Adam Young Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment To: "nasir

Re: [Freeipa-users] FreeIPA questions

On 05/09/2011 03:36 PM, SR wrote: I'm new to FreeIPA and this list so please forgive me for the n00b questions. I have what I think is a pretty straight-forward use for FreeIPA. We have an Active Directory environment with a few hundred users. We are starting to increase our number of Macs and

Re: [Freeipa-users] failure to un-install FreeIPA

On 05/10/2011 04:32 AM, Martin Kosek wrote: On Tue, 2011-05-10 at 03:58 +, Steven Jones wrote: I am trying to un-install freeipa with ipa-server-install --uninstall and its saying not installed, but when I try to install its saying already installed! oops. Is there a way to force the scr

Re: [Freeipa-users] failure to un-install FreeIPA

On 05/10/2011 05:02 PM, Steven Jones wrote: VMware local consoleI cant cut and paste outputs or scroll back when its a KDE rdp to a windows 7 vmware guest and then into the vmware thick client and then to a "local" console simply doesnt work... Bit messy but I get a Linux desktop Ye

Re: [Freeipa-users] fatal error for ipa with dns.

Can you attach the file /var/log/ipa-server-install.log? On 05/10/2011 10:14 PM, Steven Jones wrote: I have installed ipa but Im getting this error, named wont run as wont kinit admin. = May 11 14:11:40 vuwunicoipamt01 named[3132]: starting BIND 9.7.3-RedHat-9.7.3-1.el6 -u n

Re: [Freeipa-users] fatal error for ipa with dns.

Very cool. I've had a slew on DNS related issues when trying to set things up in a small virtual environment using DNSMasq, so I feel your pain. Please send a quick write up of your set up if you get everything working. On 05/10/2011 11:02 PM, Steven Jones wrote: Hi, Fixed I think, forgot

Re: [Freeipa-users] fatal error for ipa with dns.

eeipa-users-boun...@redhat.com] on behalf of Adam Young [ayo...@redhat.com] Sent: Wednesday, 11 May 2011 3:16 p.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] fatal error for ipa with dns. Very cool. I've had a slew on DNS related issues when trying to set things up in a sma

Re: [Freeipa-users] fatal error for ipa with dns.

On 05/11/2011 11:00 AM, Rob Crittenden wrote: Steven Jones wrote: Hi, Nope looks like DNS is barfed big time... == [root@vuwunicoipamt01 ~]# host vuwunicoipamt01.unix.vuw.ac.nz vuwunicoipamt01.unix.vuw.ac.nz has address 130.195.81.236 [root@vuwunicoipamt01 ~]# ipa dns-resolve

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

On 05/12/2011 03:30 PM, nasir nasir wrote: Adam, I tried to follow your recommendations with RHEL 6.1 beta on server and client machine. Centralized login and such things work. I have NFS service too working. But automount is not working. For the time being I configured my server as NFS serv

Re: [Freeipa-users] /var/log/dirsrv/slapd-* permissions

On 05/13/2011 06:11 AM, Charlie Derwent wrote: Hi First time posting on the mailing list so go easy on me :-) I've installed freeipa on our network and noticed that no real user owns the folders /var/log/dirsrv/slapd-PKI-IPA and /var/log/dirsrv/slapd-TEST-NET. Isn't this going to cause logro

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

On 05/13/2011 12:13 PM, nasir nasir wrote: Adam, Thanks indeed! I tried your suggestions. -- I can mkdir -- When I try to chown, I get the following error *chown: changing ownership of `nasir': Operation not permitted* Could you please explain me what do you mean by 'You probably need rw

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

tity management, but not autmount. You can probably just chkconfig off autofs on the nfs server. I'm not sure if there is a cleaner solution. Thanks and regards, Nidal * * --- On *Fri, 5/13/11, Adam Young //*wrote: From: Adam Young Subject: Re: [Freeipa-users] FreeIPA for

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

On 05/13/2011 02:40 PM, nasir nasir wrote: I was trying to see whether I could mount the NFS share manually. Thats why I tested the first step. I have two machines configured now. One IPA server and the other one as IPA client(with --mkhomedir switch) configured as an NFS server too. Here the

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

I'm guessing that the user you are trying to create is test1? And the directory /xtra/home/test1 does not yet exist? Does a precreated directory automount? On 05/16/2011 08:08 AM, nasir nasir wrote: Thanks indeed for the reply! I updated the autofs package with version *5.0.5-30.el6.i68

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

If I manually create one home folder( e.g */xtra/home/abc* ) under than, then I can mount it, but nothing can be written to it by the user as it gives permission denied error. Yes, but it should allow the root user to create and chown the directory, so the autocreation of home dirs should

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

Lets try to isolate it a little further. If you log in to that machine as root, and then do su - nasir, does it let you create the directory or give you the same error? I'm guessing it is ssh that is complaining here. If the mount point is set up correctly, you should be able to crete and ch

Re: [Freeipa-users] FreeIPA for Linux desktop deployment

On 05/17/2011 02:03 AM, nasir nasir wrote: Further to my previous mail, let us try to isolate it even more by comparing the login attempts to the NFS server(hugayat.cohort.org) and another IPA client(rhel.cohort.org) This is the relevant /var/log/message in the two cases *1. ssh -l nasir huga

Re: [Freeipa-users] fine-grained permissions for DNS tasks

On 12/12/2013 04:26 PM, Stephen Ingram wrote: Is it possible to restrict user to say a DNS Administrator role for only one domain in the system? Steve ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/fr

Re: [Freeipa-users] 4202 error no modifications can be performed

then I cant revert or save. Are you using the latest RHEL bits or the tip from upstream? regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones [steven.jo...@vuw.ac.nz] Sent: Tuesday, 24 May 2011 11:30 a.m. To:

Re: [Freeipa-users] 4202 error no modifications can be performed

On 05/23/2011 10:59 PM, Steven Jones wrote: It needs to be disabled then as it locks up the gui and its then stuffed regards From: Rob Crittenden [rcrit...@redhat.com] Sent: Tuesday, 24 May 2011 2:27 p.m. To: Steven Jones Cc: d...@redhat.com; Adam

Re: [Freeipa-users] FreeIPA 2, adding Samba attributes

On 06/09/2011 03:37 PM, John S. Skogtvedt wrote: Den 09. juni 2011 14:31, skrev Simo Sorce: You probably want to use the DNA plugin to generate the sambaSid for you once you have a domain SID, it's not too difficult and will be much less error prone. Simo. Thanks. The solution outlined at htt

Re: [Freeipa-users] Multiple host records in the GUI

On 06/13/2011 12:20 PM, Sigbjorn Lie wrote: Hi, How come I cannot see multiple records for the same host in the WEB GUI? I can see the records when I'm using the CLI. This goes for multiple A records for the same hostname, but also if a hostname has an A record and a record. Only the A

Re: [Freeipa-users] extracting info and injecting info

On 06/14/2011 04:33 PM, Steven Jones wrote: Hi, That's excellentit wont be me but our IdM developers...who will want to look, since its Oracle IdM I suspect Java type stuff but im clueless on programming..I can hand this to them when they ask. JSON is much friendlier, and it is what

Re: [Freeipa-users] Custom Fields on UI

On 06/23/2011 08:35 AM, Attila Bogár wrote: Hi, When I apply the following ldif, the custom fields are not appearing on the web interface (ipa restart doesn't help). -- 8< -- dn: cn=ipaConfig,cn=etc,dc=linguamatics,dc=com changetype: modify replace: ipaCustomFields ipaCustomFields: "Employee

Re: [Freeipa-users] ipa-client-install errors via kickstart

On 06/26/2011 08:35 AM, Charlie Derwent wrote: On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden > wrote: Charlie Derwent wrote: On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden mailto:rcrit...@redhat.com>

Re: [Freeipa-users] ipa-client-install errors via kickstart

On 06/27/2011 11:01 AM, Rob Crittenden wrote: Charlie Derwent wrote: On Mon, Jun 27, 2011 at 2:07 PM, Adam Young mailto:ayo...@redhat.com>> wrote: __ On 06/26/2011 08:35 AM, Charlie Derwent wrote: On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden mailto:rcrit...@redh

Re: [Freeipa-users] Automounter maps

Good point. Take a look at the test day instructions, I found them very useful for setting up both SUDO and automount. https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount On 06/30/2011 11:08 AM, Ondrej Valousek wrote: On 30.06.2011 16:55, Rob Crittenden wrote: Look at the out

Re: [Freeipa-users] Automounter maps

On 07/01/2011 03:48 AM, Ondrej Valousek wrote: Hi, On 30.06.2011 17:29, Dmitri Pal wrote: Can you please rephrase? Do you mean that instead of documenting what we already have or in addition to it, we should also document how to configure automount with DNS? Does DNS allow specifying the sear

Re: [Freeipa-users] Is it possible FreeIPA for Web Apps SingleSignOn like CAS?

In order to authenticate through the firewall you have to allow kinit and kerberos web traffic through, which means opening port 88. If you are unwilling to do that, you need to come up with an authentication solution that will pass through firewalls, which means either basic auth, digest, or

Re: [Freeipa-users] Unable to start IPA server after server reboot

On 08/02/2011 09:42 AM, Ondrej Valousek wrote: Hi Rob, It was just "polaris" - so I tried: [root@polaris etc]# hostname polaris.example.com and it started working - Magic! That means that we rely on the fact that hostname is set to FQDN, right? Isn't it too strong requirement? Maybe we should g

Re: [Freeipa-users] Use of FreeIPA or FreeIPA LDAP server to hold private keys

On 08/03/2011 12:21 PM, Ian Stokes-Rees wrote: On Wed Aug 3 10:37:45 2011, Stephen Gallagher wrote: As a general rule, I would think that having your private key stored somewhere that an admin other than yourself can reset the password and have access to would be really dangerous. Most especia

Re: [Freeipa-users] Use of FreeIPA or FreeIPA LDAP server to hold private keys

On 08/03/2011 01:16 PM, Ian Stokes-Rees wrote: On 8/3/11 12:38 PM, Adam Young wrote: I think what you are interested in is the Data Recovery Manager (DRM...hey, we had the acronym first, but we also call it Key Recovery ) aspect of Certificate Server. That is awesome. That is exactly

Re: [Freeipa-users] Use of FreeIPA or FreeIPA LDAP server to hold private keys

DRM is the way to go. However it does not support symmetric keys now. This is the pert that we need for volume keys. May be it is the vault to store all sorts of keys. This is something that needs to be designed and looked at as a broader perspective. Adam likes to repeat a phase about dreamin

Re: [Freeipa-users] Clarification about FreeIPA milestones

On 08/05/2011 03:29 PM, Dmitri Pal wrote: Hello, IPA 2.1 is getting close to its release so it is time to set some expectations and explain our roadmap moving forward a little bit. First it is planned to have couple bug fixing iterations on top of 2.1. That translates into 2.1.1 and 2.1.2 milest

Re: [Freeipa-users] extending FreeIPA

On 08/06/2011 03:18 PM, Stephen Ingram wrote: On Fri, May 6, 2011 at 1:11 PM, Adam Young wrote: On 05/06/2011 08:49 AM, Simo Sorce wrote: On Wed, 2011-05-04 at 17:41 -0700, Stephen Ingram wrote: I currently maintain a directory with MTA configuration data in it (among other items). I&#

Re: [Freeipa-users] extending FreeIPA

On 08/06/2011 04:29 PM, Stephen Ingram wrote: On Sat, Aug 6, 2011 at 12:18 PM, Stephen Ingram wrote: On Fri, May 6, 2011 at 1:11 PM, Adam Young wrote: On 05/06/2011 08:49 AM, Simo Sorce wrote: On Wed, 2011-05-04 at 17:41 -0700, Stephen Ingram wrote: I currently maintain a directory with

Re: [Freeipa-users] Using FreeIPA web interface from a windows client(IE)

On 09/23/2011 03:31 PM, Rob Crittenden wrote: Jimmy wrote: I have been using the interface from a Linux client on Firefox just fine, but now I need to configure a windows client to access the web interface. I have the win7 client logged in using a FreeIPA user, authenticated against the realm, a

Re: [Freeipa-users] Certificate error when modifying/deleting a host

On 09/27/2011 04:22 PM, Sigbjorn Lie wrote: On 09/27/2011 09:54 PM, Sigbjorn Lie wrote: On 09/27/2011 12:34 AM, Dmitri Pal wrote: On 09/25/2011 05:49 PM, Sigbjorn Lie wrote: Hi, I have a host that refuses to be modified or deleted. I get the same error from the webui and the cli. I am using

Re: [Freeipa-users] Certificate error when modifying/deleting a host

Siggi, This is my comment in the ticket: https://fedorahosted.org/freeipa/ticket/1889 We are working on a tool in the PKI project that will perform these steps in an automated fashion. There are three files that need to be addressed. On the tomcat side, the files are in the Tomcat instanc

Re: [Freeipa-users] Certificate error when modifying/deleting a host

After talking with the PKI developer that is fixing this, I found out that one other file needs to be modified: /var/lib/pki-ca/conf/CS.cfg http.port=8080 https.port=8443 On 09/27/2011 07:55 PM, Adam Young wrote: Siggi, This is my comment in the ticket: https://fedorahosted.org

Re: [Freeipa-users] Certificate error when modifying/deleting a host

On 09/28/2011 05:03 PM, Sigbjorn Lie wrote: On 09/28/2011 03:33 AM, Adam Young wrote: After talking with the PKI developer that is fixing this, I found out that one other file needs to be modified: /var/lib/pki-ca/conf/CS.cfg http.port=8080 https.port=8443 On 09/27/2011 07:55 PM, Adam

Re: [Freeipa-users] Certificate error when modifying/deleting a host

On 09/28/2011 05:59 PM, Sigbjorn Lie wrote: On 09/28/2011 11:35 PM, Adam Young wrote: On 09/28/2011 05:03 PM, Sigbjorn Lie wrote: On 09/28/2011 03:33 AM, Adam Young wrote: After talking with the PKI developer that is fixing this, I found out that one other file needs to be modified: /var

Re: [Freeipa-users] user login exposes all users in UI

On 09/28/2011 01:13 PM, Stephen Ingram wrote: When logging into the FreeIPA UI as a user, most everything is removed with the exception of the Identity tab and the Users list. Although I'm guessing that LDAP needs to expose the users list to all users just as anyone can view the passwd file on an

Re: [Freeipa-users] Install problem with --setup-dns

On 09/30/2011 01:10 PM, Mark A Cinense wrote: Hi, new to the list. I have been pounding away at this for the past month or so, and I am stumped as to why when installing IPA, it keeps wanting to setup DNS with a domain name of ipaserver.test.mark.cinense.org

Re: [Freeipa-users] Complaint web browsers

On 10/17/2011 10:36 PM, Steven Jones wrote: Hi, I have only used Firefox 3.x as shipped with RHEL to admin IPA, what are others using? ie what are compliant/suitable? We are only claiming to support Firefox, 3 on forward should all work, but we only test the versions with Fedora and RHEL.

Re: [Freeipa-users] Complaint web browsers

Lets distinguish between Supported browsers for the kerberos case and the Supported browser for the Basic auth enabled case: For Kerberos, it is as I said previously: it will work on the others, but you have to know how to configure. You are not going to get IE Kerberos support without a si

Re: [Freeipa-users] No hosts showing as enrolled

On 10/21/2011 02:04 PM, Sigbjorn Lie wrote: Hi, I've updated to freeipa-server-2.1.3-2.fc15.x86_64. There is no hosts showing as enrolled in the webui. In the CLI hosts are reported to have a keytab. Is this a known issue? Rgds, Siggi PS. KUDOS on the speed of lookups! MASSIVE improvement

Re: [Freeipa-users] No hosts showing as enrolled

On 10/21/2011 02:29 PM, Sigbjorn Lie wrote: On 10/21/2011 08:15 PM, Adam Young wrote: On 10/21/2011 02:04 PM, Sigbjorn Lie wrote: Hi, I've updated to freeipa-server-2.1.3-2.fc15.x86_64. There is no hosts showing as enrolled in the webui. In the CLI hosts are reported to have a keyta

Re: [Freeipa-users] No hosts showing as enrolled

On 10/21/2011 07:05 PM, Sigbjorn Lie wrote: On 10/21/2011 10:02 PM, Adam Young wrote: On 10/21/2011 02:29 PM, Sigbjorn Lie wrote: On 10/21/2011 08:15 PM, Adam Young wrote: On 10/21/2011 02:04 PM, Sigbjorn Lie wrote: Hi, I've updated to freeipa-server-2.1.3-2.fc15.x86_64. There is no

Re: [Freeipa-users] Unique world wide UIDS

On 10/26/2011 08:49 PM, Steven Jones wrote: Hi, Readng the docs on the 32bit UIDs it says it makes an attempt to give out a unique rangewould it be possible / practical if RH (would want to) ran some sort of database or registration function to try and insure that? regards Steven Jones

Re: [Freeipa-users] Unique world wide UIDS

On 10/26/2011 09:35 PM, Adam Young wrote: On 10/26/2011 08:49 PM, Steven Jones wrote: Hi, Readng the docs on the 32bit UIDs it says it makes an attempt to give out a unique rangewould it be possible / practical if RH (would want to) ran some sort of database or registration function to

Re: [Freeipa-users] Freeipa-users] Overall Design of Policy Related Components

On 11/01/2011 01:04 PM, Rodney Mercer wrote: On Tue, 2011-11-01 at 12:00 -0400, freeipa-users-requ...@redhat.com wrote: On 10/31/2011 05:20 PM, Rodney Mercer wrote: We have previously developed Solaris RBAC authorization within our application to validate users and roles to our application's i

Re: [Freeipa-users] ipa-client-install error

CentOS is far behind RHEL. Many of the issues you will find have been fixed in released versions of IPA. This one is due, I think to an earlier issue with directory server that has since been upgraded. You might want to see if the versions shipped with Scientifix Linux work better for you, b

Re: [Freeipa-users] ipa-client-install error

On 11/04/2011 07:07 PM, Dmitri Pal wrote: On 11/04/2011 04:23 PM, Jimmy wrote: I see. I have ipa-client-2.0-9.el6.x86_64 on the CentOS 6 client. I guess the proper fix is to use the SL packages Adam referenced? Correct. It looks like Scientific Linux is behind as well: The packages on ht

Re: [Freeipa-users] FreeIPA on CentOS 5.6

On 11/09/2011 02:27 PM, Stephen Gallagher wrote: On Wed, 2011-11-09 at 14:23 -0500, Boris Epstein wrote: So what OS would not be too old to run FreeIPA on? Would we be talking CentOS 6? Boris. Well, RHEL 6.2 (due out before the end of the year) will include a fully-supported version of FreeIPA

Re: [Freeipa-users] Kerberos authentication setup

On 11/11/2011 03:52 PM, Boris Epstein wrote: Hello all, I've got my FreeIPA seemingly running on a Fedora 16 machine but I can not log into it from a browser as I get the "Your kerberos ticket is no longer valid." message. So the question is: is there a good guide on how to set up the Kerbero

Re: [Freeipa-users] Kerberos authentication setup

On 11/11/2011 04:50 PM, Boris Epstein wrote: On Fri, Nov 11, 2011 at 4:18 PM, Dmitri Pal wrote: On 11/11/2011 03:52 PM, Boris Epstein wrote: Hello all, I've got my FreeIPA seemingly running on a Fedora 16 machine but I can not log into it from a browser as I get the "Your kerberos ticket is n

Re: [Freeipa-users] Delete host: Unable to communicate with CMS (Not Found)

On 11/17/2011 10:58 AM, Dan Scott wrote: On Wed, Nov 16, 2011 at 14:01, Rob Crittenden wrote: Dan Scott wrote: On Wed, Nov 16, 2011 at 10:39, Rob Crittendenwrote: Dan Scott wrote: On Wed, Nov 16, 2011 at 09:23, Rob Crittenden wrote: Dan Scott wrote: Hi, I receive the following error

Re: [Freeipa-users] Annoying issue with Firefox and kerberos ticket

On 11/21/2011 05:10 PM, Rob Crittenden wrote: Steven Jones wrote: Hi, I got Firefox on the IPA server (RHEL6.2beta 64bit) working yesterday, today the Kerberos ticket had expired, so re-run kinit admin and hit re-try but I still have to re-configure Firefox.this seems oddis this a kn

Re: [Freeipa-users] Annoying issue with Firefox and kerberos ticket

So let me get this straight: A system that works fine one day does not work the next. You have a Kerberos TIcket, it expires. The webUI doesn't work. You then do a kinit and reload the browser, and it does not work. THen you go through the initialization steps, including configuring the

Re: [Freeipa-users] Some feature requests

On 11/28/2011 04:16 PM, Steven Jones wrote: Hi, a) Auto setup in RH satellite to allow auto joining to freeIPA from a baremetal kickstart. That is a Satellite, not FreeIPA, request. b) Setup/config (info etc) to allow a gluster system to join to IPA. What would a gluster system require

Re: [Freeipa-users] "User Administrator" role member doesn't see "User Groups" under identity tab

On 12/13/2011 02:09 PM, Rob Crittenden wrote: Ian Levesque wrote: Hello, I'm running version 2.0.0-23 under Scientific 6.1. I've noticed that users in the "User Administrator" role, don't have access via the web UI to actually manage groups. The only link under "Identity" is "Users". CLI ma

Re: [Freeipa-users] Optionistic approach for new DNS API

On 12/14/2011 04:41 PM, Martin Kosek wrote: Hello all, we just had a good discussion with Rob and Endi about different approach to the new DNS API. Current DNS API proposal (patches 174-176) introduced new API based on different commands, e.g. for MX RR type: ipa dnsrecord-mx-add ZONE NAME --pr

Re: [Freeipa-users] Multi-tennancy and Freeipa

I opened a ticket for multitenancy https://fedorahosted.org/freeipa/ticket/2201 Here is a detailed write up of the issues. http://freeipa.org/page/Multitenancy Please provide any feedback that you have and I will update. ___ Freeipa-users mailing l

Re: [Freeipa-users] Multi-tennancy and Freeipa

each of the tenant subtrees would be for a subset of the machines in the system. But that is really only one view of it, and I think I can see where you are coming from: you want to be able to manage,say customers, but use the same rules for them as you do for employees? On Fri, Dec 1

Re: [Freeipa-users] Using DHCPD with IPA

On 01/24/2012 09:11 PM, ~Stack~ wrote: Crud. This looks like it could be difficult. I don't preserve anything on those machines. At least not right now... It is a boot strap issue. For a shared nothing boot like you are doing, there needs to be a way for the new machine to securely get its id

Re: [Freeipa-users] WebUI With Windows, Firefox, and MIT Kerberos

On 01/28/2012 01:53 PM, Erinn Looney-Triggs wrote: On 1/27/2012 4:53 PM, JR Aquino wrote: On Jan 27, 2012, at 5:31 PM, Jr Aquino wrote: Has anyone successfully gotten firefox in windows with firefox and mit kerberos? I've followed several how to's, but i cant get firefox to take/pass my tgt.

Re: [Freeipa-users] Roles and permissions

On 02/07/2012 03:54 PM, Steven Jones wrote: Hi, "Users in group A can manage the membership of group B Users in group A can manage this small set of attributes of members of group B" Yes, I can see that delegating is going to be very hard to do securely / properly.at least with [my] limite

Re: [Freeipa-users] FreeIPA DogTag PKI as a regular Certification Authority?

On 02/12/2012 04:00 PM, Marco Pizzoli wrote: Hi, I see DogTag PKI used as a certificate server for the enrollment of hosts and services. What about the enrollment of normal X509v3 certificates? I have not seen, correct me if I'm wrong, any reference to the possibility to use it as a regular CA