Hi,
in IPA I defined a user called isomeuser. This username does definitely
not exist on the AD side.
When I log in as root to an IPA client and issue the su command, I am
isomeuser@ad.domain. If I do "su isomeuser@ipa.domain" I am
isomeuser@ad.domain. The uid and gid are exactly the same.
On Tue, Nov 21, 2017 at 08:36:16AM +0100, Ray via FreeIPA-users wrote:
> Hi,
>
> yesterday I noticed a strange issue on a Centos 7 client running
> ipa-client-4.5.0-21.el7.centos.2.2.x86_64:
>
> My daughter tried to log in to the machine and was kicked out again after
> GNOME failed to load (/hom
On Tue, Nov 21, 2017 at 09:05:29AM +0100, Ronald Wimmer via FreeIPA-users wrote:
> Hi,
>
> in IPA I defined a user called isomeuser. This username does definitely not
> exist on the AD side.
>
> When I log in as root to an IPA client and issue the su command, I am
> isomeuser@ad.domain. If I do "
Am 2017-11-21 11:26, schrieb Jakub Hrozek via FreeIPA-users:
On Tue, Nov 21, 2017 at 08:36:16AM +0100, Ray via FreeIPA-users wrote:
Hi,
yesterday I noticed a strange issue on a Centos 7 client running
ipa-client-4.5.0-21.el7.centos.2.2.x86_64:
My daughter tried to log in to the machine and w
On Tue, Nov 21, 2017 at 11:45:36AM +0100, Ray via FreeIPA-users wrote:
>
>
> Am 2017-11-21 11:26, schrieb Jakub Hrozek via FreeIPA-users:
> > On Tue, Nov 21, 2017 at 08:36:16AM +0100, Ray via FreeIPA-users wrote:
> > > Hi,
> > >
> > > yesterday I noticed a strange issue on a Centos 7 client runn
On Tue, Nov 21, 2017 at 01:47:04PM +1300, Aaron Hicks via FreeIPA-users wrote:
> I found it, it was in /etc/ssh/sshd_config
>
> This requires in the sshd config:
>
> ChallengeResponseAuthentication yes
> AuthenticationMethods keyboard-interactive
>
> We now can enable 2FA on a per-host basis.
g
Hoi,
Anyone out there with experience of whether or not adding a replica of more
recent version (4.4.4 and 389 dir 1.3.7.5-1 up from 4.4.3 with 389
dir 1.3.5.15-2) would impact the existing servers in terms of schema or
similar?
I'm still trying to find a safe way to upgrade safely without going
Am 2017-11-21 11:51, schrieb Jakub Hrozek via FreeIPA-users:
On Tue, Nov 21, 2017 at 11:45:36AM +0100, Ray via FreeIPA-users wrote:
Am 2017-11-21 11:26, schrieb Jakub Hrozek via FreeIPA-users:
> On Tue, Nov 21, 2017 at 08:36:16AM +0100, Ray via FreeIPA-users wrote:
> > Hi,
> >
> > yesterday
Hi,
yesterday I noticed a strange issue on a Centos 7 client running
ipa-client-4.5.0-21.el7.centos.2.2.x86_64:
My daughter tried to log in to the machine and was kicked out again
after GNOME failed to load (/home on kerberized NFS4). Closer inspection
showed that she had no permission to ac
Hello everyone,
I’m new to this and are trying to setup a working trust against an AD forrest,
I seem to have a working trust but when I try to reference external groups (or
users) I get:
# ipa group-add-member ad_users_external --external "AD2\Domain Users"
[member user]:
[member group]:
Gro
David Harvey wrote:
> Hoi,
>
> Anyone out there with experience of whether or not adding a replica of
> more recent version (4.4.4 and 389 dir 1.3.7.5-1 up from 4.4.3 with 389
> dir 1.3.5.15-2) would impact the existing servers in terms of schema or
> similar?
> I'm still trying to find a safe wa
Николай Савельев via FreeIPA-users wrote:
> Hi.
> I asked about Owncloud, Zimbra, etc autentification in freeipa with AD trust.
> I was offered to use SAML.
> But I dont undestand SAML. It very dificult for me.
> I only want use LDAP for autentification as in this artikle
> https://www.freeipa.org
On Tue, Nov 21, 2017 at 08:14:49AM -0500, Rob Crittenden via FreeIPA-users
wrote:
> Николай Савельев via FreeIPA-users wrote:
> > Hi.
> > I asked about Owncloud, Zimbra, etc autentification in freeipa with AD
> > trust.
> > I was offered to use SAML.
> > But I dont undestand SAML. It very dificul
On Tue, Nov 21, 2017 at 12:39:00PM +0100, Ray via FreeIPA-users wrote:
>
>
> Am 2017-11-21 11:51, schrieb Jakub Hrozek via FreeIPA-users:
> > On Tue, Nov 21, 2017 at 11:45:36AM +0100, Ray via FreeIPA-users wrote:
> > >
> > >
> > > Am 2017-11-21 11:26, schrieb Jakub Hrozek via FreeIPA-users:
> >
Bind seems to work fine.
When queried about a record it logs the answer fine (even for external domains).
However it fails to answer any ipa local zone request.
e.g. resolve it own host query:
-- 8< --
21-Nov-2017 13:52:06.419 client: debug 3: cl
Andrew Meyer via FreeIPA-users wrote:
> Ok now I am trying to add puppet to my FreeIPA environment. Following
> the instructions
> from: https://www.freeipa.org/page/Howto/Using_FreeIPA_CA_for_Puppet
Sadly most instructions don't include the versions(s) they were intended
for but Fedora 19 had IP
Excellent, Thank you for the help.
On Tuesday, November 21, 2017 3:01 PM, Rob Crittenden via FreeIPA-users
wrote:
Andrew Meyer via FreeIPA-users wrote:
> Ok now I am trying to add puppet to my FreeIPA environment. Following
> the instructions
> from: https://www.freeipa.org/page/Howto/
Hello the List,
This turned out to be a workflow issue, we still have a problem but this
first use case works.
In the case of a user with an invalid password (none or expired) with no OTP
token they can reset their password and ask IPA to create an OTP token for
them.
1. Helpdesk a
Hi the list.
.I'd consider createing a permission with permission-add, but there is no
token object type.
[hicksaw@hpch2fa02 ~]$ ipa permission-add mangage-otptoken --right=all
--bindtype=permission --type=token
ipa: ERROR: invalid 'type': "token" is not an object type
Even though ipat
On Wed, Nov 22, 2017 at 05:16:05PM +1300, Aaron Hicks via FreeIPA-users wrote:
> Hello the List,
>
>
>
> This turned out to be a workflow issue, we still have a problem but this
> first use case works.
>
>
>
> In the case of a user with an invalid password (none or expired) with no OTP
> to
>
> I think the better reference in the documentation is
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-legacy
>
> If there is a trust to an AD forest and 'ipa-adtrust-install
> --enable-compat' was called. there will be a special sub
21 matches
Mail list logo