Morning,
We've had this issue and we found out that it is caused by the fact
that sshd when using key-based auth bypasses PAM authentication which
means that the kerberos server is never contacted.
So, don't use passwordless ssh.
Others might have more info on this, but the above solution(!) is
Wow!
I haven't had the time yet to get on with it, but you sure saved me a
lot of time fiddling with this.
Thanks Geert.
/tony
On Fri, 2019-05-24 at 08:38 +, Geert Geurts via FreeIPA-users
wrote:
> Hi Tony,
> The solution of Neal Harrington works perfectly!
> Here the full steps to implemen
On 12/07/2017 10:55 PM, Miguel Angel Coa M. via FreeIPA-users wrote:
> Hello,
> I'm configure automount/nfs in my IPA server but a have a question for
> change the remote mount point. For example, now the when user login
> automount "mount" the home under /home/ , but i need change this
> di
omountlocation-tofiles userhome
>
> But connect to remote machine, reconfigure service, login with user but
> nothing (no automap mount)
>
>
>
> Thanks
>
>
>
>
> Saludos.
> ---
> Miguel Coa M.
>
> 2017-12-08 5:36 GMT-03:00 Tony Brian Albers
On 01/11/2018 10:46 PM, Robbie Harwood via FreeIPA-users wrote:
> jcccb via FreeIPA-users writes:
>
>> I got an FreeIPA Server (F27) up and running on a proxmox host in a vm
>> fine so far with an Centos client as an NFS-Server. I setup a second
>> ubuntu client (17.10) with indirect mounts for
On 01/18/2018 02:24 AM, Alexandre Pitre via FreeIPA-users wrote:
> Hi,
>
> I recently deployed a new FreeIPA domain running on CentOS 7.4 and
> FreeIPA 4.5
>
> The installation went without hiccups but the WebUI isn't working as
> expected. Logging in with admin failed with this error:
>
> Log
On 01/23/2018 03:49 AM, Grace Thompson via FreeIPA-users wrote:
> Anybody running their freeipa / IDM cluster on a 100% virtualized
> environment? We are running the full stack - DNS, ldap, Certs etc and I’m
> wondering if we can run it all on a VM environment. My concern is the
> chicken/egg s
On 2018-02-27 04:33, Ben Archuleta via FreeIPA-users wrote:
> Hello,
>
> I have a network with a file server that houses the home directories. The
> server has 6 NFS export that contain the home directories.
> Home0,home1,home2,home3,home4,home5 these exports have about 289 home
> directories b
On 2018-04-04 22:45, Kristian Petersen via FreeIPA-users wrote:
> I am in the process of switching a small network over from a DNS hosted
> on a pfSense firewall appliance to one handled by FreeIPA. I haven't
> got a lot of expereience with DNS in this regard. When I made the cut
> over, everyt
the decimal key on the number pad. Ha ha.
>
> On Thu, Apr 5, 2018 at 12:04 AM, Tony Brian Albers via FreeIPA-users
> <mailto:freeipa-users@lists.fedorahosted.org>> wrote:
>
> On 2018-04-04 22:45, Kristian Petersen via FreeIPA-users wrote:
> > I am in the pro
X2go is also pretty nice, but demands its own client. It's a lot better
than rdp or vnc though.
/tony
On 09/04/18 09:53, Arsène Gschwind via FreeIPA-users wrote:
> Hi,
>
> You may have a try with xrdp, should be available on Fedora and
> RHEL/CentOS 7
>
> Rds,
> Arsène
>
>
> On 04/08/2018 1
On 2018-04-25 14:03, Elham Sadat Azarian via FreeIPA-users wrote:
> Hi
> I set a rule in iptables(firewall-cmd) and try to clone a template from my
> server with vsphere. but my template didnt inherit this rules!
> whats the problem?
> thanks
> ___
> Fre
Hi Alfredo,
As Peter says, use ipa-backup. I suggest running it twice a day, but
that depends on how many changes you make in FreeIPA.
Then, get your backup software to backup /var/lib/ipa/backup some time
after you've run ipa-backup. Or, get your backup software to run
ipa-backup for you and
In case you haven't found out yet, only the nfs servers need service
principals.
/tony
On 09/06/18 01:29, Zane Zak via FreeIPA-users wrote:
> I know that this is not the ideal list for NFS questions, but I'm not
> sure of a better one.
>
> I'm exploring NFSv4 with kerberos security, all tied i
We sometimes use this:
kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs
If we want to do stuff as the hdfs user.
HTH
/tony
On 2018-06-26 12:33, Bret Wortman via FreeIPA-users wrote:
> What's the correct way to create a user keytab? I had done this once
> about 3 years ago and got it
Hi guys,
Anyone got this working?
And if so, how did you do it?
I know I can monitor the components separately, but if you know of
anything that can do it easier I'd be happy to know about it.
/tony
--
--
Tony Albers
Systems administrator, IT-development
Royal Danish Library, Victor Albecks
>
> {Custom Template IPA Server:ipa.status.regexp([^\s],1200)}=1
>
>
> If anyone else has a better way to do this I'd be interested to hear
> it.
>
>
> Regards,
>
> Neal.
>
>
>
>
>
> From: Ton
Ok guys,
I have a FreeIPA server with 2 interfaces. The primary is for normal
usage and is the one that FreeIPA is set up with with regards to
hostname and services. The other one is on an administrative network.
The Web UI works fine on the primary interface, but I can't really
access it on the o
On Mon, 2020-01-20 at 13:55 +0200, Alexander Bokovoy wrote:
> On ma, 20 tammi 2020, Tony Brian Albers via FreeIPA-users wrote:
> > Ok guys,
> >
> > I have a FreeIPA server with 2 interfaces. The primary is for
> > normal
> > usage and is the one that FreeI
Hi guys,
So, I'm trying to make this work:
FreeIPA server has hostname: ipa001.pri.some.network
FreeIPA client has hostname: cli001.pri.some.network
The KRB Realm entered during the FreeIPA server setup is: SOME.NETWORK
Now, when I try to add the client, it looks happy and is able to look
up th
> You have realm SOME.NETWORK and primary IPA domain pri.some.network.
> IPA
> actually expects that primary domain and realm are the same (naming
> context above has to be the same as the primary domain).
>
> If you want to use SOME.NETWORK as your realm, you have to own DNS
> domain some.networ
Hi guys,
This is a new install, software used is:
ipa-server.x86_644.8.4-7.module+el8.2.0+6046+aaa49f96
389-ds-base.x86_64 1.4.2.4-8.module+el8.2.0+5959+cfcaedbd
I followed the install instructions in the documentation, and
everything went fine. I haven't added any users or groups yet.
I h
On Thu, 2020-07-09 at 06:13 +, Tony Brian Albers via FreeIPA-users
wrote:
> Hi guys,
>
> This is a new install, software used is:
> ipa-server.x86_644.8.4-7.module+el8.2.0+6046+aaa49f96
> 389-ds-base.x86_64 1.4.2.4-8.module+el8.2.0+5959+cfcaedbd
>
> I followed the
On Thu, 2020-07-09 at 10:45 -0400, Rob Crittenden wrote:
>
>
> How much memory does this system have?
>
> rob
>
8G
/tony
--
Tony Albers - Systems Architect - IT Development
Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark
Tel: +45 2566 2383 - CVR/SE: 2898 8842 - EAN: 579800
On Thu, 2020-07-09 at 16:14 -0400, Rob Crittenden wrote:
>
>
> I guess I'd start with looking to see if 389-ds is dropping core or
> hanging in some way, both of which would be surprising if it has
> virtually no data in it.
>
> I'd suggest doing some ldapsearch's to see if the LDAP server is up
On Fri, 2020-07-10 at 13:12 -0400, Rob Crittenden wrote:
>
>
> I don't think this is the problem. hsperfdata is the JDK performance
> counter. It won't affect operations.
>
> rob
>
I think you're right. These errors disappeared 10 minutes after the
install finished and haven't shown up since.
Hiya,
I'm trying to set up a host where users can only log on using ssh keys.
But the users must be known in FreeIPA.
So, how do I go about disabling password-based logins? I only want to
allow key-based logins.
TIA
/tony
___
FreeIPA-users mailing l
Hi guys,
We have a setup where the FreeIPA server also hosts the user's homedirs. These
are shared via NFSv4 and are automounted when a user logs in.
[root@adm-001 ~]# cat /etc/exports
/data/home
172.16.216.0/24(rw,no_root_squash,sec=sys:krb5:krb5i:krb5p,fsid=1338)
[root@adm-001 ~]# ipa a
.html#kerberos-flags-services-hosts
>
> Rob
>
> 2017-06-22 13:50 GMT+02:00 Tony Brian Albers via FreeIPA-users
> <mailto:freeipa-users@lists.fedorahosted.org>>:
>
> Hi guys,
>
> We have a setup where the FreeIPA server also hosts the user's hom
>
>
>> Am 26.06.2017 um 07:58 schrieb Tony Brian Albers via FreeIPA-users
>> > <mailto:freeipa-users@lists.fedorahosted.org>>:
>>
>> Hi Rob,
>>
>> Not sure what the redhat docs describe, we're not using AD with this
>> system.
>
If you have VM's in the mix, and use ntp, usetinker panic 0 in
their ntp.conf files.
/tony
On 09/06/2017 11:41 AM, Troels Hansen via FreeIPA-users wrote:
> Hmm..
>
> Found the error. It appear its the hardwaretime that's used for
> kerberos and as the hardware apparently is ~ 6
31 matches
Mail list logo