On Thu, Oct 19, 2017 at 05:34:41PM -0700, Steve Dainard wrote:
> Thanks Jakub and Justin,
>
> It definitely is related to the wheel group. For a quick explanation, the
> wheel group exists in AD with a gid of 10 so users who belong to that group
> automatically have wheel/sudo perms on EL systems
Hi folks,
trying to solve some NIS problems I noticed that the archive
of this mailing list on https://www.redhat.com/archives/freeipa-users/
seems to be out of date.
Is this expected?
Regards
Harri
___
FreeIPA-users mailing list -- freeipa-users@lists
Fraser Tweedale via FreeIPA-users wrote:
On Thu, Oct 19, 2017 at 10:40:12AM +, Joel Kåberg via FreeIPA-users wrote:
Hello
I'm trying to sign an CSR which has multiple CN in the certificate
subject. When the certificate is signed it only contains one CN in
the subject (should be 2, site1.dom
Harald Dunkel via FreeIPA-users wrote:
Hi folks,
trying to solve some NIS problems I noticed that the archive
of this mailing list on https://www.redhat.com/archives/freeipa-users/
seems to be out of date.
Is this expected?
the list moved earlier this year to
https://lists.fedorahosted.org/a
I'm trying to sign a CSR from an Cisco AnyConnect (server) instance to be used
for site to site connections (client's are enrolled with the FreeIPA instance)
- as far as I figured, validation only happens with the subject when using
AnyConnect.
What I was hoping would happen is for the signing
SSSD 1.16.0
===
The SSSD team is proud to announce the release of version 1.16.0 of the
System Security Services Daemon.
The tarball can be downloaded from https://releases.pagure.org/SSSD/sssd/
RPM packages will be made available for Fedora shortly.
Feedback
Please provide com
On Fri, 20 Oct 2017 12:30:50 +0200
Rob Crittenden via FreeIPA-users wrote:
>
> the list moved earlier this year to
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/
>
Thanx very much for your pointer. Apparently the old mailing
list archive is still much mo
Hi folks,
I had to replace the CA chain about 3 months ago, using
ipa-cacert-manage. Question:
Does this affect freeipa's NIS support? Is there a hidden
certificate somewhere I missed to renew?
The freeipa servers are running Centos 7.3 and 7.4.
Every helpful comment is highly appreciated
Har
On 10/18/2017 03:58 AM, Rob Crittenden wrote:
This looks like some problem with sssd. Do you see your user with "id
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
Yes, I'd start there as well. The keytab/kvno things I had you do was
to confirm that the keytab was ok. sssd won't
I checked the /etc/krb5.conf on both a working and non-working machine, no
differences at all. Also checked the files in
/var/lib/sss/pubconf/krb5-include.d that are included by krb5.conf, and no
differences there. All Kerberos packages on both machines are same
versions.
klist -e Output on Jump
On pe, 20 loka 2017, Harald Dunkel via FreeIPA-users wrote:
Hi folks,
I had to replace the CA chain about 3 months ago, using
ipa-cacert-manage. Question:
Does this affect freeipa's NIS support? Is there a hidden
certificate somewhere I missed to renew?
NIS does not utilize SSL as far as I kno
Hello
I have a RHEL7 IPA server installed as a subordinate CA. I'd like to be
able to add SAN's for a different dns domain than exists in the IPA realm.
The dns for 'otherdomain.com' is handled by active directory which my IPA
server has a cross-forest trust with.
ie:
host: client1.ipadomain.com
On Fri, Oct 20, 2017 at 10:59:36AM -0700, Steve Dainard via FreeIPA-users wrote:
> Hello
>
> I have a RHEL7 IPA server installed as a subordinate CA. I'd like to be
> able to add SAN's for a different dns domain than exists in the IPA realm.
> The dns for 'otherdomain.com' is handled by active dir
13 matches
Mail list logo