On Tue, Sep 5, 2017 at 2:57 PM, Jakub Hrozek via FreeIPA-users
wrote:
> OK, so it's SSSD telling libkrb5 to talk to auth.astro. Since in your
> sssd.conf, auth.astro is listed in addition to the 'local' IPA server, I
> would check the sssd logs if sssd can
On Tue, Sep 05, 2017 at 11:16:03AM -0500, Kat via FreeIPA-users wrote:
> Hi all,
>
> Looking to proxy some applications with a reverse proxy. Want to ingrate
> with IPA to do auth on the front end of the proxy so it passes kerberos
> tickets to the back-end applications. Any suggestions on which
Running a clone of RHEL (Springdale Linux), and recently upgraded to
7.4 and all its ensuing surprises. Todays is strange because it
affects one of three servers.
If a user tries to login to the web UI on 2/3 of the servers, they get
the same error listed in this ticket:
On Fri, Sep 01, 2017 at 03:02:34PM -0600, Scott Lucas via FreeIPA-users wrote:
> Hi,
>
> I have a global password policy set for unlimited on expiration date,
> however a user who has no issues logging in as himself, got a password
> expiration notice when he recently used sudo. I can't seem to
Steve,
What version of IPA are you running? Is SELinux in permissive mode?
What are the permissions on: /var/lib/ipa-client/pki/kdc-ca-bundle.pem and
/var/kerberos/krb5kdc/kdc.crt ?
could you share your /etc/sssd/sssd.conf ?
On Tue, Sep 5, 2017 at 2:42 PM, Steve Huston via FreeIPA-users <
On Tue, Sep 5, 2017 at 1:57 PM, Felipe Barreto Volpone
wrote:
> What version of IPA are you running?
ipa-server-4.5.0-21.el7.x86_64
> Is SELinux in permissive mode?
Not normally, but I set it to permissive and ran 'ipactl restart' with
no change.
> What are the
- is there a filed called kdcinfo.YOURDOMAIN in /var/lib/sss/pubconf/ ?
What does it contain?
- can you show your krb5.conf?
- can you strace the kinit?
On Tue, Sep 05, 2017 at 02:32:28PM -0400, Steve Huston via FreeIPA-users wrote:
> I ran it on the machine 'ipa.astro.princeton.edu'. I would
On Tue, Sep 5, 2017 at 2:43 PM, Jakub Hrozek via FreeIPA-users
wrote:
> - is there a filed called kdcinfo.YOURDOMAIN in /var/lib/sss/pubconf/ ?
> What does it contain?
There is, and it contains '128.112.24.29' with no EOL (the IP address
for
On Tue, Sep 05, 2017 at 02:48:59PM -0400, Steve Huston via FreeIPA-users wrote:
> On Tue, Sep 5, 2017 at 2:43 PM, Jakub Hrozek via FreeIPA-users
> wrote:
> > - is there a filed called kdcinfo.YOURDOMAIN in /var/lib/sss/pubconf/ ?
> > What does it contain?
>
Hi Pavel,
Thank you very much for the pointer. I'm able to achieve what I was looking
for. Below is the JS I ended up using.
Thanks again.
--Prashant
define([
'freeipa/phases',
'freeipa/user'],
function(phases, user_mod) {
// helper function
function get_item(array,
Is it possible to find an IPA user or computer account from a windows
(AD) machine [trust between ipa and ad domain is set up]? If I try that,
all i get is a message that no object can be found.
Regards,
Ronald
___
FreeIPA-users mailing list --
I've checked on the windows part. And nothing is mentioned overthere. Even with
adsiedit I can't find any trace of it.
Regards,
Daniel
-Original Message-
From: Alexander Bokovoy [mailto:aboko...@redhat.com]
Sent: Thursday 31 August 2017 16:44
To: FreeIPA users list
Hi,
I have a global password policy set for unlimited on expiration date,
however a user who has no issues logging in as himself, got a password
expiration notice when he recently used sudo. I can't seem to find anything
pertaining to sudo rights expiring in the freeipa gui, is there somewhere
13 matches
Mail list logo