Hi,
we are running FreeIPA 4.5.4 on Centos 7 with a one way trust to an
Active Directory. We want to allow AD users to retrieve service keytab
on FreeIPA managed hosts. AD users are linked to a external group, and
these group to a FreeIPA group. We've created a service and allowed
FreeIPA group (
Thx a lot. So we will export keytabs for our AD users.
Micha
Am 23.11.18 um 16:25 schrieb Alexander Bokovoy via FreeIPA-users:
> Not possible in centos 7.
>
> Possible in RHEL8 beta.
>
> (Sorry for being short, I'm on the phone)
>
> - Michael Gusek via Free
Am 26.11.18 um 09:58 schrieb Alexander Bokovoy:
> On ma, 26 marras 2018, Michael Gusek via FreeIPA-users wrote:
>> Thx a lot. So we will export keytabs for our AD users.
> Sorry, how this would help? Your real issue is that you cannot assign
> group membership in LDAP to AD users, this is
Hello,
we are using FreeIPA in the current version 4.5 under current CentOS 7.
In order to grant access we are using sudo rules in conjunction with
host groups. We have found that these rules do not work under Debian 8/9
and Ubuntu 16.04, but with Centos 6/7. Suggestions from the web require
a set
Hey,
you can try something like this:
ipa user-find --sizelimit=0 | grep "Anmeldename:" | awk '{ print $2 }' |
xargs -i 'bash -c "echo password | ipa user-mod {} --passwd"'
This will reset all passwords to password 'password'. Each user have to
login with new password and have to change that imm
Anybody have an idea for me?
Michael
Am 22.09.2017 um 10:50 schrieb Michael Gusek via FreeIPA-users:
>
> Hello,
>
> we are using FreeIPA in the current version 4.5 under current CentOS
> 7. In order to grant access we are using sudo rules in conjunction
> with host groups.
Hi,
we use an Active Directory (Server 2012) and a FreeIPA 4.5.4
installation. FreeIPA runs under Centos 7, sssd version is
sssd-1.16.0-19.el7.x86_64. Between AD and FreeIPA we have set up a
one-way trust. For some AD users, we have set up a uid override under
"Default Trust View" in FreeIPA. This
Hi Alexander,
its SSSD, we check it with id -u u...@example.com.
Michael
Am 03.07.2018 um 14:57 schrieb Alexander Bokovoy via FreeIPA-users:
> On ti, 03 heinä 2018, Michael Gusek via FreeIPA-users wrote:
>> Hi,
>>
>> we use an Active Directory (Server 2012) and a FreeIPA
Ok, i've activated logging for all sections, i'm missed section nss. I
will upload log files next time if i run in trouble.
Michael
Am 03.07.2018 um 15:49 schrieb Alexander Bokovoy:
> On ti, 03 heinä 2018, Michael Gusek via FreeIPA-users wrote:
>> Hi Alexander,
>>
>
Hello,
we run in a problem with expired certificates:
> getcert list (sample show only one expired certificate)
...
Request ID '20170202144747':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
Certificate DB',pinfile='/etc/
ot starting up so no
debug file.
Michael
Am 08.08.2017 um 14:15 schrieb Fraser Tweedale:
> On Tue, Aug 08, 2017 at 01:52:40PM +0200, Michael Gusek via FreeIPA-users
> wrote:
>> Hello,
>>
>> we run in a problem with expired certificates:
>>
>>> getcert list (sample s
hrieb Rob Crittenden:
> Michael Gusek via FreeIPA-users wrote:
>> Hi Fraser,
>>
>> at the moment, i can't provide this logfile, i've moved that back to
>> have only new log lines. But a new new logfile is not created ??? In my
>> old logfile i have some lines
info whats
the underlying problem is.
Michael
Am 09.08.2017 um 13:32 schrieb Michael Gusek via FreeIPA-users:
>
> Hello Rob,
>
> i can understand why CA won't start with expired certs. Actually my
> system date is a day before expiring (expiring date is 30 Jul 2017,
> syst
gt; On Wed, Aug 09, 2017 at 01:32:43PM +0200, Michael Gusek via FreeIPA-users
> wrote:
>> Hello Rob,
>>
>> i can understand why CA won't start with expired certs. Actually my
>> system date is a day before expiring (expiring date is 30 Jul 2017,
>> system date n
see if the CA came up:
>
> curl http://`hostname`:8080/ca/ee/ca/getCertChain
>
> If so then service certmonger restart
>
> rob
>
>> Michael
>>
>>
>> Am 08.08.2017 um 17:40 schrieb Rob Crittenden:
>>> Michael Gusek via FreeIPA-users wrote:
>>
Hi,
for testing i've installed an FreeIPA-Server with a trust to an
AD-Server. On IdM i can resolve AD-users with 'id usern...@example.com',
on IdM member client not.
AD-Domain is Server 2012R2 as 'example.com'
IdM is latest CentOS 7 with ipa-server-4.4.0-14.el7.centos.7.x86_64 as
'ipa.example.co
x27; and
'full_name_format' on server's sssd.conf, restart sssd and run
sss_cache. It's still working. I'm not sure, if 'sss_cache' does some
magical things. I will setup an other ipa client and test behavior on it.
Thanks,
Michael
Am 18.08.2017 um 12:07 schrieb
known. From my point of view it's not important to
have these options on server side, so i will will still left them.
Thanks for help !
Michael
Am 18.08.2017 um 14:00 schrieb Michael Gusek via FreeIPA-users:
>
> Hello Jakub,
>
> with my first tries i'v had following entries i
Am 23.08.2017 um 22:20 schrieb Jakub Hrozek via FreeIPA-users:
> On Wed, Aug 23, 2017 at 05:13:13PM +0200, Michael Gusek via FreeIPA-users
> wrote:
>> Hi,
>>
>> we are testing a FreeIPA trust to an Active Directory. Trust itself
>> works, we are happy. Now we tested
ave a deeper look on our environment.
Thanks,
Michael
Am 24.08.2017 um 21:12 schrieb Jakub Hrozek via FreeIPA-users:
> On Thu, Aug 24, 2017 at 10:12:55AM +0200, Michael Gusek via FreeIPA-users
> wrote:
>> Hello Jakub,
>>
>> here the first lines of ldap_child.log
>>
&g
b_ccache_y1364Hz for
krbtgt/nbg.webtrekk@nbg.webtrekk.com: pa_type: 2 [377]
1504265007.413918: Storing
host/ipa-lx-test-debian9.nbg.webtrekk@nbg.webtrekk.com ->
krb5_ccache_conf_data/pa_type/krbtgt\/NBG.WEBTREKK.COM\@NBG.WEBTREKK.COM@X-CACHECONF:
in KEYRING:persistent:0:krb_ccache_y1364Hz Fr 1. Sep 13:
21 matches
Mail list logo
