I've done it before, you can use LDAP auth, vs kerberos. It works just fine :)
Matthew Barr
Technical Architect
E: mb...@snap-interactive.com
AIM: matthewbarr1
c: (646) 727-0535
On Jun 24, 2013, at 3:35 PM, William Muriithi
wrote:
> Hello all,
>
> I have been struggling
plus the file in /var/lib/sss.
It still checks for both $HOME/.ssh/known_hosts & $HOME/.ssh/known_hosts,
either way. (that's controlled by a different option.)
Should IPA / SSSD be adding back in the default value, until such time as it's
fixed in the upstream?
Matthew Barr
Te
ive certain classes of users
SSH, and potentially only on certain servers.
That, plus the ability to change and set your password without ever logging
into a system will allow us to really use IPA effectively.(We have users
that don't use linux, and are in IPA only for LDAP & Kerb
How about fixing up all the replication relationships, if you're looking at
this from a (old) master w/ multiple replica's?
Matthew
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
I need to add a few users that can authenticate with IPA (LDAP, in some
cases, kerberos in others), but can't SSH into hosts.
I'm guessing the best option is to use some sort of group restriction on
the SSH /host side, vs anything else in IPA?
Thanks!
_
On Jan 24, 2013, at 6:53 PM, Dmitri Pal wrote:
>
> Yes you can set it again. This is how we envisioned the feature to be used.
> If it does not work it is a bug.
ipa-server-2.2.0-16.el6.x86_64, Centos 6.3
[mbarr@ipa ~]$ ipa host-mod wiki01.ayisnap.com --password=foo
ipa: ERROR: invalid 'passw
purge the IPA host record & the puppet SSL
keys, in order to regenerate them both. Satellite/Spacewalk allows for a
rebuild command, but I'm not sure what Katello & foreman will do in the future.
Matthew Barr
Technical Architect
E: mb...@snap-interactive.com
AIM: matt
On Jan 22, 2013, at 5:15 PM, Dmitri Pal wrote:
>
> Which exactly LDAP method?
> ldif dump and load? This would not work well unless you also manage to move
> certs and kerberos master key over which is really hard.
I was assuming the ipa migrate-ds.
>
>>
>> Thoughts? I don't anticipate
to start from
scratch, yet still import the users & their passwords.I suspect we can just
do a clean build in the new site, and just do a migrate of the users via the
ldap method.
Thoughts? I don't anticipate moving any hardware that's enrolled from site to
site, so certs &
>> * We're using IPA for DNS as well as the kerberos & LDAP services.
>
> Is it installed with forwarders to some other DNS server? Is that server
> alive and running? It is reachable?
> If not you might want to add host name and IP of the IPA server into the
> /etc/hosts
Yep, that was the ti
We're getting:
Failed to init credentials (Cannot resolve network address for KDC in realm
".COM")
As an aside, we're not having issues starting dirsrv, KDC, or the other IPA
services, just named.Named's failure then causes everything else to shut
down, thoug
On Oct 11, 2012, at 3:50 PM, Steven Jones wrote:
> HI,
>
> Looks like I have this at present as well.
>
> The advice off RH support is to run an ldapdelete but Im waiting on the
> complete syntax off them and why its happened.
>
> Meantime I have 2 machines in this state, no one can login.
>
>> I suspect it's only exiting in some of the LDAP tables, but I can't tell
>> enough about the structure to delete it from IPA, and then we can just
>> re-add it.
>>
>>
>> Anyone have any suggestions on what to do to clean this up?
> rpm -q 389-ds-base
>
> ldapsearch -xLLL -D "cn=directory ma
x27;s only exiting in some of the LDAP tables, but I can't tell enough
about the structure to delete it from IPA, and then we can just re-add it.
Anyone have any suggestions on what to do to clean this up?
Matthew Barr
Technical Architect
E: mb...@snap-interactive.co
14 matches
Mail list logo