[Freeipa-users] Re: FreeIPA Sudo Issue

2017-10-10 Thread Lukas Slebodnik via FreeIPA-users
On (10/10/17 12:47), Alka Murali via FreeIPA-users wrote: >Hello Team, > >I have integrated my Ubuntu/Debian and CentOS Servers as IPA Clients to my >FreeIPA Server. The custom sudo rule added by me also works for the users >assigned to the rule. > >The first login attempt as well as sudo access

[Freeipa-users] Re: VPN access with FreeRADIUS enforcing OTP backed by FreeIPA

2017-10-10 Thread Callum Guy via FreeIPA-users
On the off chance that anyone was following my issue I wanted to post the resolution. Quite simply the interim bind connection required a narrower Base DN, previously set to the dc= components only (i.e. dc=examples,dc=com). We revised this to cn=users,cn=accounts,dc=examples,dc=com in order to

[Freeipa-users] Re: FreeIPA Sudo Issue

2017-10-10 Thread Mark Haney via FreeIPA-users
On 10/10/2017 12:47 AM, Alka Murali via FreeIPA-users wrote: Hello Team, I have integrated my Ubuntu/Debian and CentOS Servers as IPA Clients to my FreeIPA Server. The custom sudo rule added by me also works for the users assigned to the rule. The first login attempt as well as sudo access

[Freeipa-users] IPA policy creation

2017-10-10 Thread Mark Haney via FreeIPA-users
Due to people not documenting squat here over years, one of our servers configurations got jacked up when I migrated it from OpenLDAP to IPA.  This is a CentOS 6 server that runs RANCID to pull customer edge router configs.  The old OpenLDAP setup had a policy in Kerberos that would create a

[Freeipa-users] Re: updating certificates

2017-10-10 Thread Rob Crittenden via FreeIPA-users
Josh wrote: Greetings to all, A follow up on https://www.redhat.com/archives/freeipa-users/2017-January/msg00051.html I missed expiration date and now ipa-certupdate command fails with SSL: CERTIFICATE_VERIFY_FAILED. Should I update httpd certificate manually or there is a workaround to allow

[Freeipa-users] Re: IPA policy creation

2017-10-10 Thread Simo Sorce via FreeIPA-users
On Tue, 2017-10-10 at 17:36 -0400, Robbie Harwood via FreeIPA-users wrote: > Rob Crittenden writes: > > > Mark Haney via FreeIPA-users wrote: > > > > > Due to people not documenting squat here over years, one of our > > > servers configurations got jacked up when I migrated it from > > >

[Freeipa-users] Re: Samba utilizing FreeIPA as Auth

2017-10-10 Thread Gordon Messmer via FreeIPA-users
On 10/04/2017 05:43 AM, Patrick No via FreeIPA-users wrote: ~~/etc/samba/smb.conf~~ security = ads I'm working on Samba integration, as well.  I think you might need to use "security = USER". ___

[Freeipa-users] Re: updating certificates

2017-10-10 Thread Josh via FreeIPA-users
On 10/10/2017 04:31 PM, Rob Crittenden wrote: Josh wrote: Greetings to all, A follow up on https://www.redhat.com/archives/freeipa-users/2017-January/msg00051.html I missed expiration date and now ipa-certupdate command fails with SSL: CERTIFICATE_VERIFY_FAILED. Should I update httpd