[Freeipa-users] Re: Duplicate Certificate on master.

2017-09-29 Thread Florence Blanc-Renaud via FreeIPA-users
On 09/29/2017 02:39 AM, Bhavin Vaidya via FreeIPA-users wrote: Hello, On our master FreeIPA I see multiple (which are duplicate) entries for certificates with different NSS Database. Some are from /var/lib/pji/pki-tomcat/alias instead of /etc/pki/pki-tomcat/alias. As I inherited the setup and

[Freeipa-users] dirsrv locks up when importing zone files with ldapadd

2017-09-29 Thread Andy Stubbs via FreeIPA-users
Hi We'd like to test FreeIPA in our environment, but I'm having a little bit of trouble importing DNS zone files. Running on fresh install of CentOS 7.4.1708 with FreeIPA 4.5.0-21.el7.centos.1.2 I install a vanilla IPA server from scratch with (something along these lines): ipa-server-install

[Freeipa-users] Re: Smartcard not working on Ubuntu 16.04

2017-09-29 Thread Sumit Bose via FreeIPA-users
On Thu, Sep 28, 2017 at 02:35:55PM -0400, Steve Weeks wrote: > Progress, but still not using the smartcard and falling back to the > password. > > I changed to change the pam_sss line in common-auth too: > > auth[default=1 success=ok] pam_localuser.so > auth [success=2

[Freeipa-users] Re: dirsrv locks up when importing zone files with ldapadd

2017-09-29 Thread Andy Stubbs via FreeIPA-users
On 29 September 2017 at 10:21, Alexander Bokovoy wrote: > On pe, 29 syys 2017, Andy Stubbs via FreeIPA-users wrote: > >> Hi >> >> We'd like to test FreeIPA in our environment, but I'm having a little bit >> of trouble importing DNS zone files. >> >> Running on fresh install

[Freeipa-users] Re: sudo not working with hostgroups

2017-09-29 Thread Michael Gusek via FreeIPA-users
Anybody have an idea for me? Michael Am 22.09.2017 um 10:50 schrieb Michael Gusek via FreeIPA-users: > > Hello, > > we are using FreeIPA in the current version 4.5 under current CentOS > 7. In order to grant access we are using sudo rules in conjunction > with host groups. We have found that

[Freeipa-users] Re: Smartcard not working on Ubuntu 16.04

2017-09-29 Thread Steve Weeks via FreeIPA-users
That works, but it is only pre-auth mode. In --auth mode it fails, but I don't think that relevant since fails the same way on Fedora too. The problems seems to be that on Ubuntu, --auth mode is never called. On Fedora p11_child is called twice. Once with --pre and then a second time with