Re: [Freeipa-users] Cockpit with (Free)IPA admin users

On St, 2015-10-21 at 09:32 +0200, Jakub Hrozek wrote: > On Tue, Oct 20, 2015 at 11:25:56PM +0200, Martin Štefany wrote: > > Hello, > > > > did anybody manage to get FreeIPA admin user (member of admins > > group, > > full sudo access, etc.) to be also

Re: [Freeipa-users] Cockpit with (Free)IPA admin users

On Ut, 2015-10-27 at 15:48 +0100, Petr Spacek wrote: > On 20.10.2015 23:25, Martin Štefany wrote: > > Hello, > > > > did anybody manage to get FreeIPA admin user (member of admins > > group, > > full sudo access, etc.) to be also Cockpit user with administra

[Freeipa-users] Cockpit with (Free)IPA admin users

AUTHENTICATING FOR org.freedesktop.policykit.exec === Authentication is needed to run `/usr/bin/cockpit-bridge' as the super user Multiple identities can be used for authentication: 1. Martin Štefany (martin) 2. ... 3. ... Choose identity to authenticate as (1-3): 1 Password: AUTHENTICATION COMPLETE === cockp

[Freeipa-users] CentOS7: certmonger not enabled by default?

Hello all, I'd to verify with you if certmonger.service should be enabled by default after IPA client installation or not. If I remember correctly, it used to start by on CentOS6, IPA client ~3.0.0, after ipa-client installation and reboots. The thing is, for first time usage and subsequent

Re: [Freeipa-users] Mixing client and server versions

Hi Daryl, IPA client <-> IPA server are both backward and forward compatible, see: http://www.freeipa.org/page/Client#Compatibility Note: except ipa-admintools, that one is a (thick) client and is compatible only forward, see the page for better explanation. Martin On Pi, 2015-12-04 at 13:42

Re: [Freeipa-users] Any recent guides for Postfix and IPA integration?

Hello Ranbir, I'm working on this, even today I was putting more things together. (That DRAFT is really uncommented version of what I currently have). And I've opened also https://fedorahosted.org/freeipa/ticket/5521 to get a bit more out of it. To sum it up what I've put together: - Postfix for

Re: [Freeipa-users] Add "mkhomedir" after install

regards, / S pozdravom, Martin Štefany On Dec 9, 2015 7:34 PM, Ranbir <m3fr...@thesandhufamily.ca> wrote: > > Hello Everyone, > > I installed a replica without passing the "mkhomedir" option to the > install command. Sure enough, when I login to the replica, my home

Re: [Freeipa-users] (no subject)

Hello, I remember experiencing this, but I'm not sure of solution. I think it's related to apache (httpd) and his group. My notes for IPA installation on CentOS 7.x say: # groupadd -g 48 apache # yum -y install ipa-server bind bind-dyndb-ldap # usermod -g apache apache # ipa-server-install...

Re: [Freeipa-users] Dynamic DNS Questions

Hello Detlev, FreeIPA/SSSD client use IP address of interface/vlan/subnet which is use to communicate (LDAP) with FreeIPA server. However, if you have dyndns_update set to True in sssd.conf, you can also set dyndns_iface to point to correct interface which IP addresses will be dynamically

Re: [Freeipa-users] Ghost ipaSshPubKey in sss_ssh_authorizedkeys or 'Error looking up public keys'

=1348447 Thank you! Martin On 6/21/2016 9:43 AM, Sumit Bose wrote: On Mon, Jun 20, 2016 at 10:46:13PM +0200, Martin Štefany wrote: Hello all, I've ran into strange issue with IPA/SSSD/SSH/SELinux which started when I figured out that I cannot ssh with pubkey auth to Fedora 23 (ipa-client) systems

Re: [Freeipa-users] Ghost ipaSshPubKey in sss_ssh_authorizedkeys or 'Error looking up public keys'

On 6/21/2016 1:16 PM, Sumit Bose wrote: On Tue, Jun 21, 2016 at 12:43:23PM +0200, Martin Štefany wrote: Hello Sumit, putting SELinux to permissive mode and/or enabling nis_enabled seboolean seemed not help at all. And you are right, my user has userCertificate (needed for secure libvirtd

[Freeipa-users] Ghost ipaSshPubKey in sss_ssh_authorizedkeys or 'Error looking up public keys'

Hello all, I've ran into strange issue with IPA/SSSD/SSH/SELinux which started when I figured out that I cannot ssh with pubkey auth to Fedora 23 (ipa-client) systems while I can to CentOS 7.2 (ipa-client and ipa-server) systems within same IPA domain. I will appreciate any help whatsoever. IPA

[Freeipa-users] DNS SubjectAltName missing in provisioned certificates

Hello, I seem to be having some issues with IPA CA feature not generating certificates with DNS SubjectAltNames. I'm sure this worked very well under CentOS 7.1 / IPA 4.0, but now under CentOS 7.2 / IPA 4.2 something's different. Here are the original steps which worked fine for my first use

Re: [Freeipa-users] Ghost ipaSshPubKey in sss_ssh_authorizedkeys or 'Error looking up public keys'

On So, 2016-07-16 at 15:37 +0200, Lukas Slebodnik wrote: > On (16/07/16 10:19), Martin Štefany wrote: > > > > Hello Sumit, > > > > seems that upgrade to F24 broke things again. This time no AVCs, empty SSSD > > logs, but same problem: 'Error looking up publ

Re: [Freeipa-users] Ghost ipaSshPubKey in sss_ssh_authorizedkeys or 'Error looking up public keys'

ose wrote: On Tue, Jun 21, 2016 at 01:23:11PM +0200, Martin Štefany wrote: On 6/21/2016 1:16 PM, Sumit Bose wrote: On Tue, Jun 21, 2016 at 12:43:23PM +0200, Martin Štefany wrote: Hello Sumit, putting SELinux to permissive mode and/or enabling nis_enabled seboolean seemed not help at all. And you

Re: [Freeipa-users] Ghost ipaSshPubKey in sss_ssh_authorizedkeys or 'Error looking up public keys'

On 7/18/2016 9:50 AM, Sumit Bose wrote: On Sun, Jul 17, 2016 at 11:21:34PM +0200, Martin Štefany wrote: On So, 2016-07-16 at 15:37 +0200, Lukas Slebodnik wrote: On (16/07/16 10:19), Martin Štefany wrote: Hello Sumit, seems that upgrade to F24 broke things again. This time no AVCs, empty