On (18/12/13 20:40), Joshua Nager wrote:
Does this mean I should be able to login with the credentials supplied by
the ipa-server? If so, I can not.
The host box does not recognize any user accounts in the ipa domain at all.
Any help is much appreciated as I would love to get this working.
Is
On (20/12/13 18:42), Dimitar Georgievski wrote:
Hi Dmitri,
One follow up question about the management of the SSSD local cache. I've
tried to clean cache entries with the sss_cache utility, but it looks like
this utility is not working. I was able to confirm with ldbsearch that
records for
On (23/12/13 10:16), Dimitar Georgievski wrote:
Hi Lukas,
Does the LDAP entry need to be removed or just modified? Could the LDAP
entry be a sudo policy assigned to the user?
sudo rules are special case, I didn't noticed anything about sudo rules
in the previous mail. There is periodical task in
On (06/02/14 18:33), Shree wrote:
First of all, the ipa-replica-install did not allow me to use the --setup-ca
option complaining that a cert already exists, replicate creation was
successful after I skipped the option.
Seems like the replica is one except
1) There is no CA Service running on
On (10/03/14 13:55), Jitse Klomp wrote:
Hello all,
I'm migrating our OpenLDAP-based IdM-system to IPA. Instead of using
migrate-ds I used some custom scripts to import all of our users (~250)
and groups (~85) with IPA commands (ipa user-add etc.). To move
passwords I configured the ipa-server to
On (10/03/14 15:19), Jitse Klomp wrote:
On 10-03-14 14:59, Jitse Klomp wrote:
On 10-03-14 14:35, Lukas Slebodnik wrote:
On (10/03/14 13:55), Jitse Klomp wrote:
Hello all,
I'm migrating our OpenLDAP-based IdM-system to IPA. Instead of using
migrate-ds I used some custom scripts to import all
On (10/03/14 16:35), Jitse Klomp wrote:
On 10-03-14 16:10, Lukas Slebodnik wrote:
On (10/03/14 15:19), Jitse Klomp wrote:
On 10-03-14 14:59, Jitse Klomp wrote:
On 10-03-14 14:35, Lukas Slebodnik wrote:
On (10/03/14 13:55), Jitse Klomp wrote:
Hello all,
I'm migrating our OpenLDAP-based IdM-system
On (10/03/14 16:58), Lukas Slebodnik wrote:
On (10/03/14 16:35), Jitse Klomp wrote:
On 10-03-14 16:10, Lukas Slebodnik wrote:
On (10/03/14 15:19), Jitse Klomp wrote:
On 10-03-14 14:59, Jitse Klomp wrote:
On 10-03-14 14:35, Lukas Slebodnik wrote:
On (10/03/14 13:55), Jitse Klomp wrote:
Hello all
On (10/03/14 15:14), Rob Crittenden wrote:
Jitse Klomp wrote:
On 10-03-14 18:57, Sumit Bose wrote:
On Mon, Mar 10, 2014 at 05:23:59PM +0100, Jitse Klomp wrote:
On 10-03-14 17:03, Lukas Slebodnik wrote:
On (10/03/14 16:58), Lukas Slebodnik wrote:
On (10/03/14 16:35), Jitse Klomp wrote:
On 10-03-14
On (10/03/14 21:47), Lukas Slebodnik wrote:
On (10/03/14 15:14), Rob Crittenden wrote:
Jitse Klomp wrote:
On 10-03-14 18:57, Sumit Bose wrote:
On Mon, Mar 10, 2014 at 05:23:59PM +0100, Jitse Klomp wrote:
On 10-03-14 17:03, Lukas Slebodnik wrote:
On (10/03/14 16:58), Lukas Slebodnik wrote:
On (10
On (13/03/14 14:51), Jitse Klomp wrote:
2014-03-11 16:15 GMT+01:00 Jitse Klomp jitsekl...@gmail.com:
On 03/11/2014 03:06 PM, Sumit Bose wrote:
On Mon, Mar 10, 2014 at 11:09:48PM +0100, Jitse Klomp wrote:
On 10-03-14 22:06, Sumit Bose wrote:
Thank you. Maybe there is a change in return
On (21/03/14 09:32), Arthur Faizullin wrote:
Will it be represented in documentationwiki? :)
It is written in manual pages:
man sssd-sudo
- CONFIGURING SUDO TO COOPERATE WITH SSSD
- CONFIGURING SSSD TO FETCH SUDO RULES
Any contribution is welcomed.
If you want to upgrade
On (08/04/14 12:52), Nathan Broadbent wrote:
I know I'm missing something simple. But I just can't get this ipa
client to accept any sudo rules.
I rand into the same issue. It's not documented anywhere, but you need to
enable the 'sudo' service in /etc/sssd/sssd.conf
You need to change:
On (08/04/14 13:34), Nathan Broadbent wrote:
man sssd-sudo says:
CONFIGURING SSSD TO FETCH SUDO RULES
All configuration that is needed on SSSD side is
to extend the list of services with sudo in [sssd] section of
sssd.conf(5).
On (11/04/14 11:22), rashard.ke...@sita.aero wrote:
I changed the permissions to world readable to test, afterward I changed
it back to be readable only by the owner. The problem then reappeared.
[rkelly@replicahostname ~]$ ls -lZa| grep krb
-r rootroot?
On (01/05/14 15:53), Dean Hunter wrote:
On Thu, 2014-05-01 at 16:32 -0400, Dmitri Pal wrote:
On 05/01/2014 04:07 PM, Dean Hunter wrote:
I just noticed that I had been incorrectly setting the NIS domain
name since upgrading to Fedora 20 and FreeIPA 3.3.4, yet I appear to
be successfully
On (03/05/14 10:39), Dean Hunter wrote:
On Sat, 2014-05-03 at 12:36 +0200, Lukas Slebodnik wrote:
On (01/05/14 15:53), Dean Hunter wrote:
On Thu, 2014-05-01 at 16:32 -0400, Dmitri Pal wrote:
On 05/01/2014 04:07 PM, Dean Hunter wrote:
I just noticed that I had been incorrectly
On (08/05/14 19:46), Dean Hunter wrote:
On Mon, 2014-05-05 at 10:02 -0400, Rob Crittenden wrote:
Dean Hunter wrote:
On Sat, 2014-05-03 at 22:50 +0200, Lukas Slebodnik wrote:
On (03/05/14 10:39), Dean Hunter wrote:
On Sat, 2014-05-03 at 12:36 +0200, Lukas Slebodnik wrote:
On (01/05/14
On (11/07/14 08:36), Orion Poplawski wrote:
On 07/08/2014 03:53 AM, Petr Viktorin wrote:
The FreeIPA team is proud to announce FreeIPA v4.0.0!
It can be downloaded from http://www.freeipa.org/page/Downloads. As this is a
major release, we did not add it to any stable Fedora release (yet), but we
On (11/07/14 16:04), Dmitri Pal wrote:
On 07/11/2014 10:57 AM, Lukas Slebodnik wrote:
On (11/07/14 08:36), Orion Poplawski wrote:
On 07/08/2014 03:53 AM, Petr Viktorin wrote:
The FreeIPA team is proud to announce FreeIPA v4.0.0!
It can be downloaded from http://www.freeipa.org/page/Downloads
On (24/07/14 13:57), Rob Crittenden wrote:
Petr Spacek wrote:
On 24.7.2014 18:26, Chris Whittle wrote:
Would CentOS7 work with FreeIPA 4?
In theory - it could work. However you will have to build few new
packages, including 389 DS, Kerberos libs, Dogtag CA and bind-dyndb-ldap.
I'm
On (07/08/14 07:39), Curtis L. Knight wrote:
On Tue, Aug 5, 2014 at 11:26 PM, Rob Crittenden rcrit...@redhat.com wrote:
Curtis L. Knight wrote:
On Tue, Aug 5, 2014 at 7:21 AM, Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com wrote:
On 08/05/2014 12:32 PM, Martin Kosek wrote:
On (20/08/14 20:27), Chris Whittle wrote:
Is there instructions anywhere? My FreeIPA 3 on CentOS died so I'm
starting over
You can try FreeIPA 3.3. on CentOS 7
bash-4.2# yum info ipa-server
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.raystedman.net
*
On (22/08/14 23:13), Chris Whittle wrote:
I'm trying to install the repo from
https://copr.fedoraproject.org/coprs/pviktori/freeipa/ and when I go to
install I get
yum install freeipa-server
You will not be able to install freeipa-server on CentOS from this repo,
because freeipa-4.0 is not
On (23/08/14 22:48), Dmitri Pal wrote:
On 08/23/2014 10:32 PM, Kat wrote:
I am working on the same thing - specifically I have found the libnl
dependencies to be the biggest headache. If I get anywhere over the
weekend, I will let you all know.
do not forget about sssd, samba, certmonger,
On (25/08/14 14:31), alireza baghery wrote:
hi
i integrated AD windows 208 R2 with IPA server (centos 6.5)
i write a sudo policy and access for specified user and host with allow any
command.
user can execute sudo in centos 7 but when user loggin on centos 6.5 can
not execute sudo and get error
On (25/08/14 08:33), Megan . wrote:
ok. Changed debug_level to 7. I already it in the domain section (first
line).
Not sure if this makes a difference
[root@map1 pam.d]# cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is
On (25/08/14 14:54), William Graboyes wrote:
Hi Megan,
I had the same problem with CENTOS 6.5 and free-ipa. I did a ton of
searching, and IIRC the conclusion was a bug in that version of sssd, I
don't remember all of the details, however I do remember the work
around.
Create a system account
On (26/08/14 16:50), alireza baghery wrote:
sorry for delay
file sssd.conf:
==
domain/example.com]
debug_level = 6
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = l.example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname =
On (28/08/14 14:15), Tevfik Ceydeliler wrote:
Hi,
I try to apply sudo policies on ubuntu client.
Is there any examples how to apply it?
Regards...
You may be interested in this presentation.
http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
LS
--
Manage your subscription
On (29/08/14 17:37), Tevfik Ceydeliler wrote:
Thnx for document. I know this.
I think there is no problem abot configuration generally. Maybe some nish
details.
Problem is why dont work in my test env.
Could you write more details about version of sssd, sudo?
Which ubuntu release do you use?
On (01/09/14 09:59), Tevfik Ceydeliler wrote:
Client side:
sssd -- 1.11.5
sudo -- 1.8.9p5-1ubuntu1 (sudo-ldap package conflicts)
Thats good. The package sudo-ldap is not compiled with sssd support.
OS -- Ubuntu 14.04.1 LTS
Do you have installed package libsss-sudo.
Could you show us your
On (01/09/14 12:20), Alexander Bokovoy wrote:
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.grp
id_provider = ipa
On (01/09/14 15:38), Tevfik Ceydeliler wrote:
I correct that line.
But still same:
tevfik@Darktower ~ $ ssh user1@10.1.1.174
user1@10.1.1.174's password:
Permission denied, please try again.
user1@10.1.1.174's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-24-generic x86_64)
*
On (01/09/14 15:48), Tevfik Ceydeliler wrote:
Actually All I wanna do is , give permission to user to use some commanf. for
example apt-get or something else.
I Think I can do it with IPA
right?
Yes, but you need to use sudo.
Step 1: configure sudo rules for ordinary user
Please follow the
On (01/09/14 17:52), Tevfik Ceydeliler wrote:
1. I think I configure instead of this document
Sorry you didn't.
2. I can login with ordinary user
login and sudo are not the same think.
My FreeIPA server is alredy properly configured with sudo rules.
I tried to install freipa-client on ubuntu
On (02/09/14 11:02), Tevfik Ceydeliler wrote:
Step 0
root@clnt:/home/awtadm# grep sudoers /etc/nsswitch.conf
sudoers_debug:1
sudoers: files sss
root@clnt:/home/awtadm# ipa-client-install --no-ntp
IPA client is already configured on this system.
root@clnt:/home/awtadm# grep services
On (08/09/14 11:24), Tevfik Ceydeliler wrote:
Is there any article to describe how to configure ubuntu client for ipa and
sudo policy?
I have already described steps in this thread.
It works for me. You did the same steps. It means there is problem on server
side.
LS
--
Manage your
On (13/10/14 20:33), Jakub Hrozek wrote:
On Mon, Oct 13, 2014 at 10:10:12PM +0400, Орхан Касумов wrote:
Good day to everybody.
There`s a post on how to make a FreeBSD client work with a FreeIPA server:
https://forums.freebsd.org/viewtopic.php?f=39t=46526p=260146#p260146
For some reason
On (14/10/14 10:23), Orkhan Gasimov wrote:
Thanks to both of you for the interest.
Here`s the info you asked:
1. Putting debug_level = 7 either in [domain] or/and [nss] section of the
/usr/local/etc/sssd/sssd.conf file gives nothing in the log. The log file
located at /var/log/sssd/sssd.log is
On (14/10/14 16:03), Fraser Tweedale wrote:
On Mon, Oct 13, 2014 at 10:08:55PM -0700, Janelle wrote:
Actually, I did find a fix and forgot to post.
I was able to mirror the COPR repo, and after reviewing it, found that
simply removing the pki-base...fc21 directory, and regenning the repo data
On (16/10/14 13:04), Orkhan Gasimov wrote:
OK, back to FreeIPA - FreeBSD setup.
I changed my setup: instead of 2 VMs now I have 4 VMs:
1: DNS server - set up as shown by Rajnesh Kumar Siwal in
http://www.youtube.com/watch?v=0SmiwFoHVeIindex=4list=PLdKXnZQzEG-KmtKq-LelPn5RTKfJig0Wc
2 and 3: IPA
On (17/10/14 12:01), Alexander Bokovoy wrote:
Didn`t find a solution yet. But I think this is caused by lack of proper
configuration of Kerberos on my FreeBSD client. On my Linux client I found
such a configuration in /etc/krb5.conf file. However, there's no such file
on my FreeBSD client, as the
On (17/10/14 15:44), Orkhan Gasimov wrote:
Unfortunately, putting that line in /etc/pam.d/system prevents me from being
able to locally login to the BSD client.
At the same time, the same line in /etc/pam.d/sshd or /etc/pam.d/login
doesn't give unexpected behaviours.
Bug, bug, bug...
It works for
On (17/10/14 16:28), Orkhan Gasimov wrote:
Of course! But for now I'm in process of checking my integration and there
are some things I don't like.
First and foremost, any change on the IPA server is not automatically
reflected on the BSD client.
sssd uses few levels of caches. If you want to have
On (19/10/14 08:45), Orkhan Gasimov wrote:
2. About my pam.d files - please read carefully my previous posts.
I commented out the line in pam.d - system and added it explicitly to
You didn't have account required /usr/local/lib/pam_sss.so ignore_unknown_user
in pam.d/system. The line is
On (17/10/14 16:46), Orkhan Gasimov wrote:
1. I use FreeBSD 10.0 64-bit.
(For some files bits are also important - for example, on a 32-bit machine
the same configuration of
/usr/local/etc/sssd/sssd.conf file introduces problems because of the line
enumerate = True in the [domain] section; only
On (20/10/14 15:06), Orkhan Gasimov wrote:
OK, Lukas, I did as you say:
1) reset my pam.d - login to its defaul state
2) added to my pam.d - system: account required /usr/local/lib/pam_sss.so
ignore_unknown_user ignore_authinfo_unavail;
3) commented out enumerate = True in my
On (21/10/14 23:20), Орхан Касумов wrote:
1. Yes, being able to find simple typos is what distinguishes a good
troubleshooter from a bad one. The problem really was between the chair and
the keyboard.
2. Not only you were right in this aspect, but also regarding the idea that
comments in
On (22/10/14 17:10), Fraser Tweedale wrote:
Further to my earlier email, I have written a blog post about all
these matters, with a particular focus on the custom package repo.
I will update it tomorrow with a bit more about the package
flavours topic. For now, all the details for enabling and
On (23/10/14 11:27), Outback Dingo wrote:
On Thu, Oct 23, 2014 at 11:20 AM, Fraser Tweedale ftwee...@redhat.com
wrote:
On Wed, Oct 22, 2014 at 03:23:56PM +0200, Lukas Slebodnik wrote:
On (22/10/14 17:10), Fraser Tweedale wrote:
Further to my earlier email, I have written a blog post about
On (23/10/14 12:23), crony wrote:
Hi,
I have a FreeIPA 3.3.3 in transitive trust with AD2008.
Today I saw a lot of sssd segfaults on the server side:
[ 420.412011] sssd_be[734]: segfault at 8 ip 7fa54fa73334 sp
7fff62b2ec40 error 4 in libldb.so.1.1.16[7fa54fa66000+2c000]
Could you
On (23/10/14 14:44), crony wrote:
Already sent directly to your email.
Thank you for coredump.
It is a known bug (https://fedorahosted.org/sssd/ticket/2391)
Bug is fixed in sssd upstream
sh$ git tag --contains 895f045dd4aad7f5857826cc1496cfa048a790dd
sssd-1_11_7
sh$ git tag --contains
On (23/10/14 16:31), crony wrote:
yes, sure, it would be great to see if it works in upstream version.
thank you
Here you are
https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-11/
LS
--
Manage your subscription for the Freeipa-users mailing list:
On (23/10/14 18:12), crony wrote:
Thank you!
I prepared repo for epel6, epel7 and fedora 19
Error: Package: sssd-client-1.11.7-2.el7.centos.x86_64 (lslebodn-sssd-1-11)
Requires: libc.so.6(GLIBC_2.14)(64bit)
Error: Package: python-sssdconfig-1.11.7-2.el7.centos.noarch
On (06/11/14 15:42), Craig White wrote:
As Bob pointed out in a direct e-mail to me, there was the detail of adding
sudo and sss to /etc/nsswitch.conf but – once I did so, it pointed out that
the Rackspace RHEL packaging that doesn’t provide what I need – possibly need
from epel.
# yum search
On (06/11/14 21:00), Michael Lasevich wrote:
I am seeing somewhat similar behavior once upgrading from sssd 1.9 to 1.11
(centos 6.5 to 6.6)
I seem to be able to log in via ssh, but when I use http pam service, I get
inconsistent behavior - seems like sometimes it works and others it errors
out
On (08/11/14 12:24), Diaulas Castro wrote:
We have similar issue but on RHEL 6.6 (sssd 1.11), the problem is about
enumerating groups.
Diaulas,
Have you reported your problem?
I know just about one problem with IPA and sssd-1.11 (on RHEL 6.6)
The upstream bug is
On (14/11/14 16:30), Darren Poulson wrote:
Ok,
I've shoved them on pastebin. They were a bit big to put in a mailing list
really.
ldap_child.log: http://pastebin.com/qGCZF4vK
sssd_nss.log: http://pastebin.com/gTBA8NEj
sssd_bur.us.genops.log: http://pastebin.com/ithUqb1z
On (15/11/14 15:01), Darren Poulson wrote:
Sorry, it seems I failed at cutting and pasting.
sssd_bur.us.genops.log http://pastebin.com/7c5bH1Wq
Thank you very much for log file.
It is know bug:
https://fedorahosted.org/sssd/ticket/2471
https://bugzilla.redhat.com/show_bug.cgi?id=1154042
On Mon, Nov 24, 2014 at 8:38 PM, William Muriithi
william.murii...@gmail.com wrote:
Evening,
After looking at almost all the SUDO documentation I could find, it looks
one has to hardcode FreeIPA hostname on sssd.conf file. Below is what red
hat advice to add in sssd config file.
services
On (03/12/14 06:05), sipazzo wrote:
Good morning, I have a fairly new ipa domain (server version 3.0.0-42 and
clients mixed 3.0.0-37 and 3.0.0-42) set up with a mix of rhel6, rhel5 and
solaris. It seemed like my sudo config using sssd in rhel6.5 was working and
then we patched to 6.6 and it is
On (08/12/14 14:26), Dmitri Pal wrote:
On 12/08/2014 02:10 PM, Matthew Herzog wrote:
Here are some errors I'm seeing on the client.
tail -f sssd_lnx.e-bozo.com.log
(Mon Dec 8 14:03:20 2014) [sssd[be[lnx.e-bozo.com
http://lnx.e-bozo.com]]] [sbus_dispatch] (0x4000): dbus conn: 0x1e72ad0
(Mon Dec
On (17/01/15 10:51), Sina Owolabi wrote:
I think I've made a go of it!
I was able to uninstall freeipa-client, and it complained about some
leftover files, like so
Removing freeipa-client ...
dpkg: warning: while removing freeipa-client, directory
'/var/lib/ipa-client/sysrestore' not empty so not
On (15/01/15 09:17), Petr Spacek wrote:
On 15.1.2015 03:34, Sina Owolabi wrote:
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed
On (15/01/15 09:01), Jan Pazdziora wrote:
On Wed, Jan 14, 2015 at 08:18:02PM -0800, Nathan Kinder wrote:
Hi,
I'm running into a strange problem related to ntpd when trying to use
IPA in a container. I'm using the adelton/freeipa-server:fedora-21 and
adelton/freeipa-client:fedora-21 docker
On (15/01/15 10:54), Petr Spacek wrote:
On 15.1.2015 09:36, Lukas Slebodnik wrote:
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA
clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway
On (06/01/15 10:21), Pavel Březina wrote:
On 01/05/2015 07:32 PM, Craig White wrote:
Hi - reply at bottom
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Monday, January 05, 2015 4:33 AM
To: Craig White; freeipa-users@redhat.com; Pavel Brezina
Subject: Re:
On (12/01/15 14:12), Rakesh Rajasekharan wrote:
The sssd version is 1.11.6
The password does not get changed, whatever password gets generated by ipa
user-mod --random stays valid even after attempting the change.
krb5_child.log does not have any contents.
The logging in sssd is dibsabled by
On (13/01/15 12:48), Rakesh Rajasekharan wrote:
This is how I get the logs in krb5_child.
when a user tries to authenticate with the random password that I generated,
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user hq-testuser.
On (30/03/15 05:36), g.fer.or...@unicyber.co.uk wrote:
Hey Guys
Not sure if I am missing any bit but this was the thing in the end:
http://generations.menteyarte.org/archives/195-freeipa-server-and-SSSD-on-Ubuntu.html
I managed to have it working and I have documented all those nasty bits
ehlo,
CentOS 7.1 was finally released[1]. Yupi.
Fedora 21 was rewleased[2] few months ago.
People can use FreeIPA 4.1 without any problem.
So there's no more reason to maintain COPR repositories for older
distributions. It will significantly reduce extra dependencies in repositories.
It would
On (27/03/15 14:56), Benoit Rousselle wrote:
hi,
I setup a sudo config in client ipa and set rule in ipa server.
sudo rules from ipa are not found : it return 0 rules for the user
This config is ambiguous. Is there a method to check if everything is OK ?
The best way for this moment is to set
On (03/04/15 17:13), Guertin, David S. wrote:
I don't see any request going to sssd.
Can you try with ju...@middlebury.edu? Old SSSD is incapable to see
MIDD\juser being the same as ju...@middlebury.edu.
When I try:
ssh -l 'ju...@middlebury.edu' yakko.ipa.middlebury.edu
There is no response
On (20/04/15 17:54), Andrew Sacamano wrote:
Thanks again, Lukas!
I was wondering if the overlaps of names was a problem, so I redid parts of
my IPA setup to rename them - thanks for pointing out the ticket!
Also, your suggestion to use ldap_group_object_class = ipaUserGroup worked
- which saves
On (19/04/15 12:51), Andrew Sacamano wrote:
Thanks again Lukas,
These turned out to be very helpful debugging suggestions, and were the
critical part of getting the problem solved - the pointer to ldb-tools was
extremely helpful in identifying where the issue was happening!
With them, I was able
On (30/04/15 15:34), Jakub Hrozek wrote:
On Thu, Apr 30, 2015 at 03:13:44PM +0200, Martin Kosek wrote:
On 04/30/2015 02:56 PM, Aric Wilisch wrote:
Is there a trick to getting a users SSH key that’s attached to their
FreeIPA account to work on RHEL 5 servers? users can ssh into the RHEL 6
On (11/05/15 14:57), Vangass wrote:
Hi,
I try to access Cisco switch via ssh. Cisco has tacacs login configured.
# tail /var/log/secure
May 11 14:18:46 freeipa tac_plus[29096]: pam_sss(tac_plus:auth):
authentication success; logname=bartosz uid=0 euid=0 tty= ruser= rhost=
user=bartosz
May 11
On (15/05/15 17:27), Andy Thompson wrote:
Is there a way to enforce case sensitivity for trusted AD users? I am trying
to use username for ssh chroots and I can authenticated with any case
combination of UsERname but if ssh is set to match on username then the
chroot is not enforced and the
On (18/05/15 13:55), Andy Thompson wrote:
-Original Message-
From: Lukas Slebodnik [mailto:lsleb...@redhat.com]
Sent: Thursday, May 14, 2015 4:41 PM
To: Andy Thompson
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] trusted user groups
On (14/05/15 15:53), Andy Thompson
On (15/04/15 08:53), Jakub Hrozek wrote:
On Tue, Apr 14, 2015 at 05:36:16PM +0200, Mateusz Malek wrote:
On Fri, Apr 10, 2015 at 08:48 PM, Jakub Hrozek wrote:
On Fri, Apr 10, 2015 at 12:39:20PM -0400, Dmitri Pal wrote:
On 04/10/2015 08:13 AM, Mateusz Malek wrote:
I'm about to migrate my
On (15/04/15 13:43), Aric Wilisch wrote:
Today I managed to finally get a trust established between my AD Domain and my
FreeIPA 4 environment.
However I’m noticing a couple issues and hope someone might be able to give me
some help.
First when the user logs in it creates their home directory
On (17/04/15 11:32), Andrew Sacamano wrote:
Hi everyone,
I've spent a couple of days digging around the web, watching logs, and
poking things, and I'm stuck getting sudo working with IPA on a new box
I've just set up. I have had it working in the past on a test box, but
something about this box
On (08/04/15 09:25), Chamambo Martin wrote:
Good day
I am running FreeIPA, version: 4.1.0 and everything is working well except
SUDO configuration.
ipa-client-install on CentOS 7.1 should configure sudo by default.
I have 3 questions
1: I have configured the bare minimum sudo
On (09/04/15 01:04), Martin Chamambo wrote:
I managed to install my ipa client on centos 5 using this command below
ipa-client-install --server cyclops.ai.co.zw --domain ai.co.zw
Pease follow instruction for rhel 5
On (05/06/15 07:35), Rich Megginson wrote:
On 06/05/2015 03:40 AM, Dawid Rabiega wrote:
Hi,
One of my ipa server on fedora 19 since yesterday started to crash, with
following message to dmesg:
$ dmesg | tail -n 20
[6706148.291648] ns-slapd[3212]: segfault at 0 ip 7f6fc9a84421 sp
On (02/06/15 15:25), nat...@nathanpeters.com wrote:
I am running FreeIPA 4.1.3 on CentOS 7 for the server and on the client is
CentOS 6.5 with client 3.0.0-42 (sssd 1.11.6-30).
I have created a user in FreeIPA and he has access to a server through
HBAC rules. This user has created a public /
On (02/06/15 17:07), swartz wrote:
I have a environment that spans across multiple physical locations where
there is a mix of Linux and Solaris workstations/servers. So far we've been
managing accounts (/etc/password) via Puppet.
Problem: FreeIPA allows to store only one homedir path.
Q: Is there
On (03/06/15 12:54), Coy Hile wrote:
For solaris, just use the standard automounter config in auto_home:
* /export/home/
I thought that automount and getent passwd user
are two different thigs on Solaris (the same as on Linux)
LS
--
Manage your subscription for the Freeipa-users mailing
On (10/06/15 11:33), Bob Hinton wrote:
Hello,
If I uninstall the ipa client with ipa-client-install --uninstall then
reinstall it to the same ipa master then most functions work fine.
However, if I attempt to ssh from the client to the master then I get.
On (26/06/15 12:48), Petr Spacek wrote:
On 26.6.2015 12:18, Lukas Slebodnik wrote:
On (26/06/15 01:29), Prasun Gera wrote:
I've found that if you are setting up a new environment from scratch which
is mostly going to involve RHEL/Fedora systems, and that you have full
control over your network
On (11/06/15 18:21), Janelle wrote:
Has anyone built a newer version of sssd for RHEL/centos 5.x?? Currently only
1.5.x
There is also 1.9 in COPR repo[1]
Just wondering if maybe it is limited due to some library or compatibility
issues?
It's possible to build sssd-1.11 on el5 as well but without
On (13/06/15 16:04), Janelle wrote:
Hi everyone,
Does anyone know if it is possible to install the 4.1 ipa-CLIENT (not the
server - just the client) on a CentOS 6.6 system? My guess is this is really
just based on sssd, or am I missing something?
If you want newer version of sssd you can test
On (25/05/15 10:00), Bob Hinton wrote:
Hi Martin,
Yes. This fixes the problem on a newly recreated ipamaster - it didn't
work on the one I'd been playing around with.
So the complete rebuild sequence was...
1) On old ipamaster VM ipa004 (did this on 22/05/2015)
login as an admin user with
On (29/05/15 18:56), bahan w wrote:
Hm.
@Jakub :
I cannot upgrade, because I am not the hosting provider managing this VM
unfortunately.
I need to make it work with RHEL 6.4.
@Sam :
Selinux is deactivated :
cat /etc/selinux/config
# This file controls the state of SELinux on the system.
#
On (01/06/15 15:42), Ivars Strazdiņš wrote:
Hi,
how could I possibly trace why there is a noticeable delay when logging into
sssd enabled server?
With ssh there is a 2-3 second delay before users logs in. But most users
notice this with webmail, which uses dovecot-pam-sssd as authentication
On (21/05/15 18:56), Dmitri Pal wrote:
On 05/21/2015 05:54 PM, John Williams wrote:
I've got a freeIPA client where a user account cannot authenticate.
The log entry for IPA looks like:
audit/audit.log.4:type=USER_AUTH msg=audit(1425316592.375:38090): user
pid=16485 uid=0 auid=4294967295
On (26/05/15 06:44), Vaclav Adamec wrote:
With higher debug level I see that sssd sudo trying to resolve local
account (for nagios monitoring)
There was/is a bug which does not respect filter_user in sudo provider
https://fedorahosted.org/sssd/ticket/2625. (It's already fixed in fedora = 22)
It
On (22/05/15 09:37), Nikola Kržalić wrote:
I have a ubuntu system running IPA client. I am able to log in via ssh
using IPA users, but I do not get any group memberships or sudo rules.
Same configuration works on a different system (running CentOS).
sssd domain log output shows that the groups
On (22/05/15 18:28), Christoph Kaminski wrote:
freeipa-users-boun...@redhat.com schrieb am 22.05.2015 09:37:04:
Von: Nikola Kržalić nik...@krzalic.com
An: freeipa-users@redhat.com
Datum: 22.05.2015 15:05
Betreff: [Freeipa-users] FreeIPA groups not shown on client
Gesendet von:
1 - 100 of 260 matches
Mail list logo