Will there be builds in a COPR for rhel/cents 7?
Sent via the Samsung GALAXY S® 5, an AT&T 4G LTE smartphone
Original message
From: Martin Kosek
Date: 10/14/16 3:58 AM (GMT-05:00)
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Announcing FreeIPA 4.4.2
On 10/1
NE* in some_ldap_group en masse
ldap_group_2:::newGid::/somepath/home/%s:/usr/bin/restricted_shell
<—— Override members of ldap_group_2 overriding each individual user’s home
directory as well from, e.g. , /home/jdoe -> /somepath/home/jdoe
--
Coy Hile
coy.h...@coyhile.com
--
Right, you have some process that creates the shadow accounts with a random,
unknown, unused pass. This assumes you have some workflow for provisioning
rather than doing ad hoc ipa user add as a human.
Sent from my iPad
> On May 18, 2016, at 23:20, John Meyers wrote:
>
> Even if you get that
When I've done this in the past, I used mit directly, not IPA. I set up a one
way trust, then used "shadow objects" for users mapped using
alternateSecurityID. I've setup the same one way trust testing with freeipa,
but unfortunately I had to use kadmin.local to do it. I don't know that that's
he AD domain trusts the IPA realm? Then use
AltSecurityID in Windows land to map a “shadow” user to each real principal?
In that way AD gets relegated to a second-class citizen used only for the
subset of (likely comparatively unimportant) tasks where one is forced to use
Windows?
--
Coy Hile
co
Is there documentation thst states explicitly which permissions are
granted to the Various built in roles?
Sent via the Samsung GALAXY S® 5, an AT&T 4G LTE smartphone
Original message
From: Rob Crittenden
Date: 11/05/2015 10:18 (GMT-05:00)
To: Freeipa-users@redhat.com,
oy.h...@coyhile.com
Cc: freeipa-users@redhat.com, netv...@gmail.com
Subject: Re: [Freeipa-users] How to handle users with multiple
homedirs on different machines?
On (03/06/15 12:54), Coy Hile wrote:
For solaris, just use the standard automounter config in auto_home:
* /export/home/&
I thou
For solaris, just use the standard automounter config in auto_home:
* /export/home/&
Sent via the Samsung GALAXY S® 5, an AT&T 4G LTE smartphone
Original message
From: Lukas Slebodnik
Date: 06/03/2015 02:29 (GMT-05:00)
To: netv...@gmail.com
Cc: freeipa-users@redhat.com
S
27;eyeball' users vs role accounts like jdoe vs
appteambuildbot)?
Thanks,
-c
--
Coy Hile
coy.h...@coyhile.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
> On Apr 7, 2015, at 2:58 PM, Simo Sorce wrote:
>
> On Tue, 2015-04-07 at 18:54 +0000, Coy Hile wrote:
>> Quoting Simo Sorce :
>>
>>>>>
>>>>>
>>>> I guess that makes sense. Is it possible to add a user that simply
>>>
easier to manage, so I'm trying to
draw comparisons between what I had been used to in previous vanilla krb/ldap
shops.
Thanks,
-c
--
Coy Hile
coy.h...@coyhile.com
--
Coy Hile
coy.h...@coyhile.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailm
Quoting Simo Sorce
On Mon, 2015-04-06 at 21:16 -0400, Coy Hile wrote:
In MIT land, one can potentially have multiple instances tied (by
convention) to a given user (that is, that administratively one knows
are the same set of eyeballs). For example, I might have my normal
user (hile), and I
using that principal.
--
Coy Hile
coy.h...@coyhile.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
@MIT.REALM
in the MIT Realm.
Is there a ‘supported’ way to do something similar with FreeIPA? Time to break
out kadmin.local -x ipa-setup-override-restrictions? Or would that not drop the
principal in the right place in the LDAP tree?
--
Coy Hile
coy.h...@coyhile.com
--
Manage your
ag!)
sufficiently recent Windows, I’d like to restrict everything to AES only and
get rid of des3 and arcfour-hmac.
--
Coy Hile
coy.h...@coyhile.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
he requirements is quite helpful, so
thanks to all
who provided that. I'll work with Joyent to add systemd support to
the lx brand,
and in the meantime, I'll just deploy on KVM infrastructure and take
the hit. I
assume there's no good reason to deploy a net new setup using the
m speaking completely of the server components.
thanks,
-c
--
Coy Hile
coy.h...@coyhile.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
,
--
Coy Hile
coy.h...@coyhile.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
18 matches
Mail list logo