So I am a partial noob to this so I appreciate any leeway / help ahead of time.
We found http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8 and we're just wanting to use the directory functions of Free IPA for now.
Walking through the directory until works until we try
I was able to take that script and with some customizing get it to work
with Mavericks This should work, I tried to do a find and replace to
make it work like the github one.
On Wed, Apr 16, 2014 at 5:40 PM, Fredy Sanchez fredy.sanc...@modmed.comwrote:
Sure Rob, we'll put something
One of the big rocks I am trying to accomplish is the ability to audit
access information and password resets. I know the audit capabilities is
on the road map for the future so I'm trying to make due with what I have.
1) is all the above information in the access log?
2) do you know of any 3rd
I am wanting to use Free IPA as the authentication source for Google Apps. I can't seem to find any documentation on how to accomplish this. Anyone have any experience they would be willing to share? Or install is on CentOS 6.5 fyi.
___
Freeipa-users
/2014 01:59 AM, Chris Whittle wrote:
I am wanting to use Free IPA as the authentication source for Google
Apps. I
can't seem to find any documentation on how to accomplish this. Anyone
have any
experience they would be willing to share? Or install is on CentOS 6.5
fyi.
I did a brief
Thank you Simo! Does anyone have any more info/experience on using GADS
and FreeIPA that they would be willing to share?
On Fri, Apr 25, 2014 at 7:39 AM, Simo Sorce sso...@redhat.com wrote:
On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote:
Thanks Martin, I found a few notes on FreeIPA
I've seen a lot of people have issues with making GADS work with FreeIPA.
Does anyone have it working and care to share how?
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
experience with GADS so I started a new one for simplification.
On Mon, Apr 28, 2014 at 7:17 AM, Dmitri Pal d...@redhat.com wrote:
On 04/28/2014 08:11 AM, Chris Whittle wrote:
I've seen a lot of people have issues with making GADS work with FreeIPA.
Does anyone have it working and care
have it working, but I have Atlassian Crowd sitting between FreeIPA
and the Google Apps log in.
On 28 Apr 2014 15:44, Simo Sorce s...@redhat.com wrote:
On Mon, 2014-04-28 at 08:24 -0400, Dmitri Pal wrote:
On 04/28/2014 08:22 AM, Chris Whittle wrote:
Ha! that was my thread about SAML vs GADS
I am working on my mac setups and am wanting to ping the server every so often and check to see if their user is enabled or disabled. If Disabled then I will show them the login screen, log them out or something else.. What I need is how to check to see if they are enabled or not through bash...
the following command,
ipa user-status username. However, if you have several replicated IPA
servers, you will see the status of the account on each IPA server along
with the account status.
I hope this helps.
-Mike
-Original Message-
From: Chris Whittle
Sent: May 12, 2014 10:31 AM
Is there a doc anywhere?
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Let me be more specific... I just want to use my wildcard ssl for the UI so
that it doesn't give an error we you access it, anyone done this before?
___
Freeipa-users mailing list
Freeipa-users@redhat.com
Thanks Simo, I'm finding a lot of posts on certs but none that really tells
me what I need to do...
Any more help would be extremely appreciated.
On Sun, May 18, 2014 at 11:31 AM, Simo Sorce s...@redhat.com wrote:
On Sat, 2014-05-17 at 13:26 -0500, Chris Whittle wrote:
Let me be more
:
On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote:
Thanks Martin, I found a few notes on FreeIPA and GADS but most
were people
saying not to do it on principal but nothing saying if it's
possible or not.
I like the SAML option, including the mysterious ipsilon (Is there
anything
Actually is this it?
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
On Sun, May 18, 2014 at 8:31 PM, Chris Whittle cwhi...@gmail.com wrote:
Thanks Simo, I'm finding a lot of posts on certs but none that really
tells me what I need to do...
Any more help would
All I am trying to fix right now is so when the user comes to the web ui
they have a valid cert.
On May 19, 2014 2:01 AM, Martin Kosek mko...@redhat.com wrote:
On 05/17/2014 04:22 AM, Chris Whittle wrote:
I have an existing key and crt that has be successfully installed on
other
subdomain
and to the point, but I have the same question. :)
On May 16, 2014, at 9:08 PM, Chris Whittle cwhi...@gmail.com wrote:
Is there a doc anywhere?
CC-ing Petr Vobornik to help with that. You can already achieve some
theming
with overriding the CSS + utilizing Web UI plugins we already have in
FreeIPA
Web
://www.freeipa.org/page/V3/Drop_selfsign_functionality)
Thanks
On Mon, May 19, 2014 at 7:15 AM, Simo Sorce s...@redhat.com wrote:
On Sun, 2014-05-18 at 20:58 -0500, Chris Whittle wrote:
Actually is this it?
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
I think so, yeah
Awesome... Can ipsilon be installed on the same server as FreeIPA?
On Mon, May 19, 2014 at 7:16 AM, Simo Sorce s...@redhat.com wrote:
On Sun, 2014-05-18 at 20:40 -0500, Chris Whittle wrote:
Anything new on ipsilon?
I released 0.2.3: https://fedorahosted.org/ipsilon/
It is still a bit
Okta's search probably
returns no results anyway. It may be better to keep that blank IMO.
Martin
On 08/12/2014 03:46 PM, Chris Whittle wrote:
http://www.freeipa.org/page/HowTo/Integrate_With_Okta
On Sat, Aug 9, 2014 at 11:31 PM, Dmitri Pal d...@redhat.com wrote:
On 08/08/2014 04:26
We are looking at ONELogin as well as OKTA for our SSO to work with
FreeIPA.
The way they integrate with LDAP is a little different.
The question I have is how does FreeIPA support SHA or SSHA for password
encryption?
*From One Login's help doc on LDAP*
*--password-crypt: *Defines the
Here is what I get if I try to start it manually... Any ideas?
[root@itservices /]# /usr/sbin/ipactl start
Starting Directory Service
Starting dirsrv:
COLLECTIVEBIAS-COM... [ OK ]
PKI-IPA... [ OK ]
How is the best way to determine the version?
On Wed, Aug 20, 2014 at 2:29 AM, Martin Kosek mko...@redhat.com wrote:
On 08/19/2014 11:08 PM, Chris Whittle wrote:
Here is what I get if I try to start it manually... Any ideas?
[root@itservices /]# /usr/sbin/ipactl start
Starting
if you are running on RHEL/CentOS.
FreeIPA 4.0 later also show version with
$ ipa --version
or in Web UI.
Martin
On 08/20/2014 02:54 PM, Chris Whittle wrote:
How is the best way to determine the version?
On Wed, Aug 20, 2014 at 2:29 AM, Martin Kosek mko...@redhat.com wrote:
On 08/19
Is there instructions anywhere? My FreeIPA 3 on CentOS died so I'm
starting over
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Thanks Timo so Fedora is really the only one it's supported on for now?
On Wed, Aug 20, 2014 at 11:55 PM, Timo Aaltonen tjaal...@ubuntu.com wrote:
On 21.08.2014 04:27, Chris Whittle wrote:
Is there instructions anywhere? My FreeIPA 3 on CentOS died so I'm
starting over
But just Centos 7 right?
On Fri, Aug 22, 2014 at 10:19 AM, Timo Aaltonen tjaal...@ubuntu.com wrote:
On 22.08.2014 18:16, Chris Whittle wrote:
Thanks Timo so Fedora is really the only one it's supported on for now?
Fedora/RHEL/Centos etc, yes. Maybe by x-mas we'll have something in
Debian
I'm trying to install the repo from
https://copr.fedoraproject.org/coprs/pviktori/freeipa/ and when I go to
install I get
yum install freeipa-server
Loaded plugins: fastestmirror, langpacks
Repository pviktori-freeipa is listed more than once in the configuration
Thanks, i was following the instructions
On Aug 22, 2014 11:18 PM, James purplei...@gmail.com wrote:
On Sat, Aug 23, 2014 at 12:13 AM, Chris Whittle cwhi...@gmail.com wrote:
I'm trying to install the repo from
https://copr.fedoraproject.org/coprs/pviktori/freeipa/ and when I go to
install
ipa-server does work but only for 3.3.3 I'm wanting 4
On Sat, Aug 23, 2014 at 7:16 AM, Chris Whittle cwhi...@gmail.com wrote:
Thanks, i was following the instructions
On Aug 22, 2014 11:18 PM, James purplei...@gmail.com wrote:
On Sat, Aug 23, 2014 at 12:13 AM, Chris Whittle cwhi
On Sat, Aug 23, 2014 at 8:23 AM, Dmitri Pal d...@redhat.com wrote:
On 08/23/2014 02:22 PM, Chris Whittle wrote:
ipa-server does work but only for 3.3.3 I'm wanting 4
Try the epel repo
http://copr-be.cloud.fedoraproject.org/results/pviktori/freeipa/epel-7-x86_64/
On Sat, Aug 23, 2014
to actually install. Only the fedora repos in
that same tree have packages.
~K
On 8/23/14 12:29 PM, Dmitri Pal wrote:
On 08/23/2014 08:33 PM, Chris Whittle wrote:
Thanks Dmitri,
I'm going to sound like a noob for a second but how do I add that repo?
I added a repo call pviktori-epel-7
:
On 08/23/2014 09:46 PM, Chris Whittle wrote:
Thanks Kat, so what do I need to do? I have a brand new Centos 7 Server
and I am itchy to install FreeIPA 4...
I suspect there are only two options:
1. Wait for project developers to produce a build for CentOS 7
2. Try to do it yourself by building
Pal wrote:
On 08/23/2014 09:46 PM, Chris Whittle wrote:
Thanks Kat, so what do I need to do? I have a brand new Centos 7 Server
and I am itchy to install FreeIPA 4...
I suspect there are only two options:
1. Wait for project developers to produce a build for CentOS 7
2. Try to do
Trying to do this
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
And I keep getting Error unable to get local issuer certificate getting
chain.
I'm wondering if it's because of this from the doc
The certificate in mysite.crt must be signed by the CA used when
installing
I have 4 installed and I get it when I try to generate the pk12
On Aug 25, 2014 3:50 AM, Jan Cholasta jchol...@redhat.com wrote:
Hi,
Dne 25.8.2014 v 03:04 Chris Whittle napsal(a):
Trying to do this
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
And I keep getting
!
Thanks!
On Mon, Aug 25, 2014 at 6:24 AM, Chris Whittle cwhi...@gmail.com wrote:
I have 4 installed and I get it when I try to generate the pk12
On Aug 25, 2014 3:50 AM, Jan Cholasta jchol...@redhat.com wrote:
Hi,
Dne 25.8.2014 v 03:04 Chris Whittle napsal(a):
Trying to do this
http
. Then restart the both instances (bottom of the freeipa link) and
you should be good to go.
On Mon, Aug 25, 2014 at 8:45 AM, Chris Whittle cwhi...@gmail.com wrote:
I found this but I think it's just IPA certs?
http://www.freeipa.org/page/V4/CA_certificate_renewal
Basically I want to use my
be completed: Unable to communicate with CMS
(Internal Server Error)
On Mon, Aug 25, 2014 at 1:34 PM, Chris Whittle cwhi...@gmail.com wrote:
ok I think I got it again... If anyone is looking for this here is the
answer that worked for me
1. Here are the steps
1.
http
I've got my server up and running great with one exception every time I
reboot I have to login and flush the iptables or nothing can connect.
I've found a ton of fixes and none seem to work, I'm on FC20 does anyone
have experience with it and wouldn't mind helping?
--
Manage your subscription
are not yet in place).
The context here was for an IdM server but I also used the same approach
for the IdM replica
and RHEL 7 clients.
hth,
-m
On 08/25/2014 10:22 PM, Chris Whittle wrote:
I've got my server up and running great with one exception every time I
reboot I have to login
So I have a user called mac_slave that is used to verify a that a user is
active or not and also used to bind a mac laptop to freeipa's ldap.
What I want to do is limit what that used can do and see, for example I
wwant to keep them from logging in to my macs (i think i can do that by
moving them
ipa-server-certinstall -d --dirsrv_pin=PKPASSWORD DOMAIN.COM.p12
Step 4 reboot
Step 5 You can dance if you wanna...
On Mon, Aug 25, 2014 at 2:02 PM, Chris Whittle cwhi...@gmail.com wrote:
I spoke a little too soon... It's working fine (browser is using new cert
and also ldaps is using
We are going to use a SSO provider like OneLogin to enforce a password
policy how can we disable FreeIPA from doing it also?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
I am trying to limit who can login to my macs and I'm having to stick to
what OSX will let me do.
Currently I can only limit users using the searchbase and right now it's
cn=users,cn=accounts,dc=DOMAIN,dc=com
This works fine unless I wanted to create a user that I wanted in LDAP for
other
permissions I need to give a user to view my NIS view. Right now
Directory Manager can see it but that is it.
Any ideas?
On Tue, Sep 2, 2014 at 9:00 AM, Chris Whittle cwhi...@gmail.com wrote:
Thanks Dimitri, before I get too far this rabbit hole (cause it looks a
little scary) let me make sure
hmmm...
Is there not a permission or role in freeIPA that I could give a group or
role just to see everything in
my CN cn=canlogin,cn=compat,dc=DOMAIN,dc=com
On Tue, Sep 2, 2014 at 3:06 PM, Dmitri Pal d...@redhat.com wrote:
On 09/02/2014 09:34 PM, Chris Whittle wrote:
Ok Dmitri, I got
Thanks Dmitri, I'm so close I can almost see the end!
On Tue, Sep 2, 2014 at 3:24 PM, Dmitri Pal d...@redhat.com wrote:
On 09/02/2014 10:08 PM, Chris Whittle wrote:
hmmm...
Is there not a permission or role in freeIPA that I could give a group or
role just to see everything in
my CN cn
, no
error, just empty space
if I add -v (verbose) i get
ldap_initialize( ldaps://domain.com:636/??base )
filter: (objectclass=*)
requesting: All userApplication attributes
Thanks everyone!
On Tue, Sep 2, 2014 at 3:31 PM, Rob Crittenden rcrit...@redhat.com wrote:
Chris Whittle wrote:
hmmm
If I do this
ldapsearch -LLL -H ldaps://DOMAIN:636 -x -D
uid=mac_slave,cn=users,cn=accounts,dc=domain,dc=com -w 'nachopassword' -b
uid=awesomeuser,cn=users,cn=accounts,dc=domain,dc=com
It works fine
**Mac_Slave is my automation user.
On Tue, Sep 2, 2014 at 3:40 PM, Chris Whittle cwhi
That worked, but having issues get it to work with the OSX Directory
Utility.
I'm wondering if it's because when you go against the OU normally it's
returning more info about the user versus what's being returned from the
compat view I'm going to experiment with the attributes it's returning
and
Thanks Rob for the explanation!
I think I have it working, I just have to test a machine and verify.
On Wed, Sep 3, 2014 at 12:47 PM, Rob Crittenden rcrit...@redhat.com wrote:
Chris Whittle wrote:
That worked, but having issues get it to work with the OSX Directory
Utility.
I'm
-compat-entry-attribute: loginShell=%{loginShell}
schema-compat-entry-attribute: homeDirectory=%{homeDirectory}
On Wed, Sep 3, 2014 at 1:04 PM, Chris Whittle cwhi...@gmail.com wrote:
Thanks Rob for the explanation!
I think I have it working, I just have to test a machine and verify.
On Wed
Look at nsaccountlock if it's TRUE then they are disabled.
On Thu, Sep 4, 2014 at 7:20 AM, Sebastian Leitz sebastian.le...@etes.de
wrote:
Hello,
I am trying to use bind-dyndb-ldap to connect my BIND to an LDAP server
for zones. I have a tiny question regarding this and both the project
authorization in
FreeIPA though is HBAC where you would configure which group of users can
login
to which machines.
But this is only being enforced when SSSD is on the client machine, so it
may
not be working for all your machines.
Martin
On 09/03/2014 10:45 PM, Chris Whittle wrote
Search the list for a post by me and certs... Basically there is a install
flag that will do all the work for you once you have it the cert in the
right format.
On Sep 10, 2014 5:53 PM, William Graboyes wgrabo...@cenic.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello list,
57 matches
Mail list logo