n ourselves to using self-signed
certificates for the UI. End users can import IPA CA root cert if they
choose.
On Thu, Apr 30, 2015 at 2:45 PM, Dmitri Pal wrote:
On 04/30/2015 04:50 PM, William Graboyes wrote:
Let me ask this a different way.
What is the easiest method of using a trusted thi
allow not running CA everywhere because there were requests to allow
a subset but the initial design assumed a CA on every replica.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https
kinit usera? Have you checked the KDC log?
Look at the usera entry, may be there is some strange attribute there
that causes this failure. Compare with admin entry. May be it will shed
some light.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your
36:53 2015 from xxx.xxx.xxx.xxx
Could not chdir to home directory /home/sbx.local/aduser1: No such
file or directory
$
Any and all help is appreciated.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users ma
gain, logging in with the password, not OTP, works just fine.
Confusing,
~J
Do you get any SELinux AVCs?
May be it is an issue of the ticket cache permissions/labels?
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Fre
't be sent in clear. You need to encrypt the data. To
encrypt it you need another key - the host key. The encryption of the
data in this context is called tunneling . FAST is the Kerberos protocol
feature to provide tunneling of the data sent over the wire. To use FAST
one needs to use -T
a way to change the hashing scheme in IPA directory so that
hashes would become accepted but I do not recall the setting from top of
my head.
In general this is not yet supported. We are working on the feature for 4.2.
http://www.freeipa.org/page/V4/User_Life-Cycle_Management
--
Thank you
x27;t need the master_kdc, admin_server, default_domain entries?
With a recent version of libkrb5 I don't think you need to set
master_kdc, libkrb5 should be able to follow referrals itself.
admin_servre, if unset, defaults to KDC. default_domain doesn't need to
be set either.
--
Thank you,
referrals for the trusted domains. Adding
the entry to krb5.conf in only a work-around here.
bye,
Sumit
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
d/wiki/DesignDocs/IntegrateSSSDWithCIFSClient
Feel free to ask whatever you want, any suggestions will be welcome.
Thanks!
Regards,
A.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www
server for further information and
let us know if you encounter some problem.
Have a nice day!
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
stly sure this is the issue.
Thanks in advance for any help.
What version are you using?
This sounds familiar. I vaguely remember a bug being fixed in this area
some time ago.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription f
ually requested this
feature.
I think for the future planning it would be best if you can comment in
the ticket and add your justification.
We will consider it in the next planning cycle.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription fo
e/Troubleshooting
Things to think about:
- DNS configuration
- Is hostname correct and properly resolvable
- Is time correct (time zone?)
- Are there any SELinux denials?
2015-05-08T17:47:16Z DEBUG File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 646, in ru
This is the first time anyone from the community actually requested this
feature.
I think for the future planning it would be best if you can comment in
the ticket and add your justification.
We will consider it in the next planning cycle.
--
Thank you,
Dmitri Pal
Director of Engineering fo
bug.cgi?product=Red%20Hat%20Enterprise%20Linux%207&component=doc-Linux_Domain_Identity_Management_Guide
Thank you and have a nice day!
AFAIR some time ago we stopped fetching host cert by default. There was
no use of it so we decided not issue a cert that has not practical use.
--
Thank
make it. I think 1.14 is
more
realistic.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Ma
hat I would try.
How can I configure this behavior in IPA server?
Regards,
Andrey
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to
--
/ Alexander Bokovoy
[(&(uid=goul09)(objectclass=posixAccount))][cn=accounts,dc=unix,dc=osumc,dc
=edu]
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinf
a
>>>> base cn=compat,dc=ipa,dc=example,dc=com.
>>>>
>>>> Simple ldapsearch needs to include proper filter, like what SSSD or
>>>> nss_ldap are using. slapi-nis is programmed to specifically respond to
>>>> their queries, not to an
o
option is what IPA wants instead.
$ ipa sudorule-add-option readfiles
Sudo Option: !authenticate
-
Added option "!authenticate" to Sudo rule "readfiles"
-
From: Dmitri Pal
one of the RADIUS servers
for one of the major 2FA vendors I know exactly how that happens.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go
S36/dKskhGK125gvpEgU8pWM4+POQDtWlHjFHw5Ml
1ZCZHxrQOp/drolh50uMTl6QrZSKt0U3Kikw+zzj5itAEtbhVrnfw7nvJHlhPsy/
7CG2WMv/iwXzif+ogSN6ClkOxSTqHftS2BW9uMP7meLNK0tRiCtTVSXSXIizTR96
ZbCb9zbETfHYj2KE3nLeKAeycaN15+8NK1YgVYEh+ZqbsgdFgD6src6X/NP3v3dX
kzyr3+tqYdDbgibcYyhd
=5KCr
-END PGP SIGNATURE-
--
Thank
.
People have done it for the same reason and in the same way.
Thanks,
Bill
On 5/13/15 5:00 PM, Dmitri Pal wrote:
On 05/13/2015 07:40 PM, William Graboyes wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi List,
I am trying to figure out a method of allowing users who do not have
sh
ome*
duplicates. This means that the other RADIUS packets are *not*
duplicates and probably represent a subsequent AS-REQ on the KDC from
kinit.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mail
nswer?
If not starting 4.1 IPA has a tool that can change the chaining and also
convert from CA-less to CA-full. I am not sure it can do the reverse so
you might in fact have to start over.
http://www.freeipa.org/page/V4/CA-less_to_CA-full_conversion
--
Thank you,
Dmitri Pal
Director of Engineerin
the ticket to do it in UI/CLI
https://fedorahosted.org/freeipa/ticket/2801
But I do not remember the procedure of top of my head.
It might be found in the archives as it was explained couple times in
the past.
Thanks,
Bill
On 5/13/15 5:28 PM, Dmitri Pal wrote:
On 05/13/2015 08:18 PM, William
stuser does not exist
However, all that works for my account.
Please help. Thanks in advance.
What do you use on the client? SSSD?
What is the OS version?
What SSSD logs show?
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription
s
mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.red
On 06/22/2015 08:03 AM, Michael Ströder wrote:
HI!
I'd be glad if this RFE could make it into 1.13.x:
https://fedorahosted.org/sssd/ticket/2411
Ciao, Michael.
It was and is not planned for 1.13.
It is targeting 1.14 but patches are always welcome.
--
Thank you,
Dmitri Pal
Direct
owsAD scenario". TLDR; not possible in the
compat tree as of right now.
Do we have a ticket for this?
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-u
n some manuals.
It might be a feature or switch of the ldapclient command.
HTH
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freei
On 06/23/2015 03:02 PM, Alexander Bokovoy wrote:
On Tue, 23 Jun 2015, Dmitri Pal wrote:
On 06/17/2015 09:56 AM, Alexander Bokovoy wrote:
On Wed, 17 Jun 2015, Henry Hofmann wrote:
Ok, how can I configure the map of source attributes (mail or any
other) to compat tree?
Go back in archives in
during Red Hat Summit.
I seems that this is one of the emerging issues for the trust environments.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go
zdziora
Senior Principal Software Engineer, Identity Management
Engineering, Red Hat
Was this resolved in some way?
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mail
itional setting may be required?
Regards,
Rudi Gabler
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 06/26/2015 11:26 PM, Alexander Bokovoy wrote:
- Original Message -
On 06/23/2015 03:02 PM, Alexander Bokovoy wrote:
On Tue, 23 Jun 2015, Dmitri Pal wrote:
On 06/17/2015 09:56 AM, Alexander Bokovoy wrote:
On Wed, 17 Jun 2015, Henry Hofmann wrote:
Ok, how can I configure the map
2 Subject DN CN=CA
Subsystem,O=EXAMPLE.COM. Error: User not found
5651.TP-Processor5 - [22/Jun/2015:15:12:59 MESZ] [3] [3] Servlet
caUpdateDomainXML: Failed to authorize: Invalid Credential..
It would be great if someone could give a hint where to look and what user
can't authenticate and w
s you see them.
Yes, please be more specific . The bugs that were mentioned by Jakub are
making its way into downstream. If there are any other issues you are
concerned about please let us know.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage
r directly or indirectly
trough user group. Effective rights are used only for attributes
(attributeslevelrights). Object level rights are not provided to Web
UI yet.
In other words:
1. create empty RBAC role
2. assign there all users who should read stuff.
Exception is DNS (and maybe some
se_data.png after
successful login?
Was this resolved or we need to file a ticket to track some bug?
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
he applications. But I am not sure this is what you are looking for.
Can you please describe the problem you are trying to solve?
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.red
on
so if you figure it out please share the results with the list.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org
help to solve the problem but some pointers would helpful to understand
the issue first.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to
troubleshoot from SSH
and SSSD.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
ed Hat support organization please contact me offline
and share the details.
If you have consistent problems we want them fixed.
As a Red Hat representative I can definitely say that we have many
customers running IdM in production.
It is true that Red Hat does not provide formal training.
We he
ww.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
ww.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
: freeipa-users-boun...@redhat.com
<mailto:freeipa-users-boun...@redhat.com>
[mailto:freeipa-users-boun...@redhat.com
<mailto:freeipa-users-boun...@redhat.com>] On Behalf Of Dmitri Pal
Sent: Friday, April 4, 2014 4:45 PM
To: freeipa-users@redhat.com <mailto:
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users
.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
2008/05/03/ns103eb2365be169abbe3a45088a10a/
I suspect there should be some tool on Solaris that takes password and
creates an obfuscated string like this.
Thanks
Dmitri
Thanks.
On Thu, Apr 10, 2014 at 12:09 PM, Dmitri Pal <mailto:d...@redhat.com>> wrote:
On 04/10/2014 11:41 AM, quest monger wrote:
Th
y any virus transmitted
by this email.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM
eeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA client installation for Solaris 11.
Dmitri Pal wrote:
On 04/10/2014 12:18 PM, quest monger wrote:
Sorry about that. So I am Looking at the Solaris 10 client
documentation here -
http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/C
y.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
lely for
the intended recipients. Any unauthorized interception of this message or the
use or disclosure of the information it contains may violate the law and
subject the violator to civil or criminal penalties. If you believe you have
received this message in error, please notify th
.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
on/
Simo, it might make sense to put some designs on the wiki for people to
become familiar.
Bryce
This electronic message contains information generated by the USDA solely for
the intended recipients. Any unauthorized interception of this message or the
use or disclosure of the information it co
ct the violator to civil or criminal penalties. If you believe you have
received this message in error, please notify the sender and delete the email
immediately.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
in the enterprise repository that is just broken...
Help?
Most likely there some DNS issues. Please check your DNS, /etc/hosts, etc.
Can you provide any client install logs?
That would really help.
Also http://www.freeipa.org/page/Troubleshooting might be helpful.
--
Thank you,
Dmitri Pal
Sr
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
an/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
9-12 months.
Thanks
Dmitri
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat
rs mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
lties. If you believe you have received this message in error,
please notify the sender and delete the email immediately.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dm
re. For example do you want to configure SUDO or
automaint integration on the provisioned host? Do you want to generate
and upload host fingerprint, etc. Where is the right place to track this
work?
This is all that comes to mind so far.
--
Thank you,
Dmitri Pal
Sr. Engine
On 04/23/2014 05:07 PM, Stephen Benjamin wrote:
Hi,
- Original Message -
From: "Dmitri Pal"
To: freeipa-users@redhat.com, stben...@redhat.com
Sent: Wednesday, April 23, 2014 10:16:16 PM
Subject: Re: [Freeipa-users] FreeIPA + Foreman 1.5
On 04/23/2014 10:00 AM, Stephen Benj
On 04/23/2014 07:23 PM, Stephen Benjamin wrote:
- Original Message -
From: "Dmitri Pal"
To: "Stephen Benjamin"
Cc: freeipa-users@redhat.com
Sent: Thursday, April 24, 2014 12:28:48 AM
Subject: Re: [Freeipa-users] FreeIPA + Foreman 1.5
Several questions:
- Is it u
stem where your service will be running.
Assuming it is fedora, RHEL, CentOS and such (not sure about Debian and
Ubuntu, they might have certmonger too) you install ipa-client and it
will configure certmonger to use IPA. See certmonger man pages to get
the certs for the services.
--
Thank you,
y but
it might be a good exercise to try to set it up for a real use case.
What do you think?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/ma
ctl start `ls /usr/lib/systemd/system/*-domainname.service | rev | cut
-d'/' -f 1 | rev`
? ;-)
Martin
Are you planning to have a toggle for SSH integration?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
istinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
might have certmonger too) you install ipa-client and it will
configure certmonger to use IPA. See certmonger man pages to get the certs
for the services.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users ma
On 04/25/2014 09:52 AM, Stephen Benjamin wrote:
- Original Message -
From: "Dmitri Pal"
To: "Martin Kosek" , "Stephen Benjamin"
Cc: "Jan Cholasta" , freeipa-users@redhat.com, "Tomas Babej"
Sent: Friday, April 25, 2014 3:42:39 PM
On 04/25/2014 09:51 AM, Simo Sorce wrote:
On Fri, 2014-04-25 at 09:29 -0400, Dmitri Pal wrote:
On 04/25/2014 08:39 AM, Simo Sorce wrote:
On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote:
Thanks Martin, I found a few notes on FreeIPA and GADS but most were people
saying not to do it on
On 04/25/2014 10:29 AM, Stephen Benjamin wrote:
- Original Message -
From: "Dmitri Pal"
To: "Stephen Benjamin"
Cc: "Martin Kosek" , "Jan Cholasta" ,
freeipa-users@redhat.com, "Tomas Babej"
Sent: Friday, April 25, 2014 3:59:31 PM
Subj
s better but does require MCollective installed
and Ruby knowledge.
Or we use Cockpit for that matter:
http://sgallagh.wordpress.com/2013/12/09/proposal-freeipa-role-for-fedora-servers/
On Fri, Apr 25, 2014 at 9:18 AM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 04/25/2014 05:06 AM, Petr Spacek w
to do it several times pays off.
Then check if there is a DS instance for PKI. If there is remove it and
try again.
--
*Bret Wortman*
http://damascusgrp.com/
http://about.me/wortmanbret
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://w
t.com/mailman/listinfo/freeipa-users
There was a thread last week. It had some hints. Also it ended up with
Simo needing to put documentation about Ipsilon IdP so that we can show
how to federate FreeIPA and Google but this is not done yet.
--
Thank you,
Dmitri Pal
Sr. Engineering Manage
57 AM, Dmitri Pal wrote:
On 04/28/2014 07:52 AM, Bret Wortman wrote:
I'm trying to stand up a new ipa server on a clean box, and I keep
getting this error so _something_ is amiss but I'm not sure what:
:
Configuring certificate server (pki-tomcatd): Estimated time 3
minutes 30 sec
is basically SAML) and I asked
for someone who had experience with GADS so I started a new one for
simplification.
I do not think we have a better answer for you other than what Martin
mentioned and SAML IdP Simo is working on.
On Mon, Apr 28, 2014 at 7:17 AM, Dmitri Pal <mailt
what your DNS setup is? If it is a different subnet can
it be that it sees some other Kerberos and/or LDAP server (AD for
example) and gets confused?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-user
Original Message
Subject:Re: [Freeipa-users] dse.ldif and dse.ldif.bak are lost
Date: Wed, 30 Apr 2014 08:37:01 -0400
From: Dmitri Pal
Reply-To: d...@redhat.com
Organization: Red Hat
To: artj...@free.fr
On 04/30/2014 05:26 AM, artj...@free.fr wrote
t.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
0064 4 463 6272
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc
velopment?
We can help you and guide you with what actually can be done short term
and long term.
Thanks in Advance,
Leigh
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https
t.com/mailman/listinfo/freeipa-users
I am not a specialist but it seems that no authentication methods are
configured.
See the SASL line.
Can it be that the authentication mechanism is configured as SASL
instead of GSSAPI?
--
Thank you,
Dmitri Pal
Sr. Engineering Mana
) on the server with
different UIDs. These users would have trouble getting in without
cleaning the cache.
LS
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr.
e each IPA system a SOA for the same domain
and still have the DNS records replicate between them?
thanks,
Bob Harvey
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Tha
the server being queried, so it can be used as a true
multimaster DNS
solution.
Hope this helps
> On Tue, May 13, 2014 at 10:04 AM, Dmitri Pal
mailto:d...@redhat.com>> wrote:
> On 05/13/2014 09:59 AM, Bob wrote:
&
please notify the sender and delete the email immediately.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
nks,
carl
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Read about GSS proxy.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-use
.pdf
I would like to especially point you to the CA-less integration type.
HTH,
Martin
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering
sequent usage should be quite fast.
rob
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
__
vices = nss, pam, ssh
config_file_version = 2
domains = foo.net
[nss]
[pam]
[sudo]
[autofs]
[ssh]
[pac]
On the other hand, if you meant something else, then I hope the
answer's in the file. ;-)
On 05/22/2014 10:15 AM, Dmitri Pal wrote:
On 05/22/2014 09:43 AM, Bret Wortman wrote:
What we
entication, the user information is always refreshed from
the server, even with enumeration.
I do not think they have enumeration this is why this seems irrelevant.
This is to ensure correct and precise
group membership at login time.
On 05/22/2014 11:07 AM, Dmitri Pal wrote:
On 05/22/201
.
On 05/22/2014 11:07 AM, Dmitri Pal wrote:
On 05/22/2014 10:36 AM, Bret Wortman wrote:
I found that our slower system was using FQDNs for the list of IPA
servers; our faster system was using IPs. I'm switching now, letting
Puppet distribute the update and will see if it helps.
That
ilman/listinfo/freeipa-users
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
___
Freeipa-user
301 - 400 of 1617 matches
Mail list logo
