Will there be builds in a COPR for rhel/cents 7?
Sent via the Samsung GALAXY S® 5, an AT 4G LTE smartphone
Original message
From: Martin Kosek
Date: 10/14/16 3:58 AM (GMT-05:00)
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Announcing
ERYONE* in some_ldap_group en masse
ldap_group_2:::newGid::/somepath/home/%s:/usr/bin/restricted_shell
<—— Override members of ldap_group_2 overriding each individual user’s home
directory as well from, e.g. , /home/jdoe -> /somepath/home/jdoe
--
Coy Hile
coy.h...@coyhile.com
--
Right, you have some process that creates the shadow accounts with a random,
unknown, unused pass. This assumes you have some workflow for provisioning
rather than doing ad hoc ipa user add as a human.
Sent from my iPad
> On May 18, 2016, at 23:20, John Meyers
When I've done this in the past, I used mit directly, not IPA. I set up a one
way trust, then used "shadow objects" for users mapped using
alternateSecurityID. I've setup the same one way trust testing with freeipa,
but unfortunately I had to use kadmin.local to do it. I don't know that that's
eate a
one-way trust so that the AD domain trusts the IPA realm? Then use
AltSecurityID in Windows land to map a “shadow” user to each real principal?
In that way AD gets relegated to a second-class citizen used only for the
subset of (likely comparatively unimportant) tasks where one is forced to use
Is there documentation thst states explicitly which permissions are
granted to the Various built in roles?
Sent via the Samsung GALAXY S® 5, an AT 4G LTE smartphone
Original message
From: Rob Crittenden
Date: 11/05/2015 10:18 (GMT-05:00)
To:
For solaris, just use the standard automounter config in auto_home:
* /export/home/
Sent via the Samsung GALAXY S® 5, an ATT 4G LTE smartphone
Original message
From: Lukas Slebodnik lsleb...@redhat.com
Date: 06/03/2015 02:29 (GMT-05:00)
To: netv...@gmail.com
Cc:
)
To: coy.h...@coyhile.com
Cc: freeipa-users@redhat.com, netv...@gmail.com
Subject: Re: [Freeipa-users] How to handle users with multiple
homedirs on different machines?
On (03/06/15 12:54), Coy Hile wrote:
For solaris, just use the standard automounter config in auto_home:
* /export/home
' users vs role accounts like jdoe vs
appteambuildbot)?
Thanks,
-c
--
Coy Hile
coy.h...@coyhile.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Quoting Simo Sorce s...@redhat.com
On Mon, 2015-04-06 at 21:16 -0400, Coy Hile wrote:
In MIT land, one can potentially have multiple instances tied (by
convention) to a given user (that is, that administratively one knows
are the same set of eyeballs). For example, I might have my normal
user
, so I'm trying to
draw comparisons between what I had been used to in previous vanilla krb/ldap
shops.
Thanks,
-c
--
Coy Hile
coy.h...@coyhile.com
--
Coy Hile
coy.h...@coyhile.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
On Apr 7, 2015, at 2:58 PM, Simo Sorce s...@redhat.com wrote:
On Tue, 2015-04-07 at 18:54 +, Coy Hile wrote:
Quoting Simo Sorce s...@redhat.com:
I guess that makes sense. Is it possible to add a user that simply
doesn't have the posix attributes defined? In the particular case
using that principal.
--
Coy Hile
coy.h...@coyhile.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
@MIT.REALM
in the MIT Realm.
Is there a ‘supported’ way to do something similar with FreeIPA? Time to break
out kadmin.local -x ipa-setup-override-restrictions? Or would that not drop the
principal in the right place in the LDAP tree?
--
Coy Hile
coy.h...@coyhile.com
--
Manage your
the requirements is quite helpful, so
thanks to all
who provided that. I'll work with Joyent to add systemd support to
the lx brand,
and in the meantime, I'll just deploy on KVM infrastructure and take
the hit. I
assume there's no good reason to deploy a net new setup using the 3.x release?
-c
--
Coy
completely of the server components.
thanks,
-c
--
Coy Hile
coy.h...@coyhile.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
,
--
Coy Hile
coy.h...@coyhile.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
17 matches
Mail list logo