On 05/09/2012 03:52 AM, Stephen Ingram wrote:
Perhaps this is already corrected in 2.2.0, but I'm currently using
2.1.3 and when using a long hostname (like amazon ec2 names
ec2-50-xx-xxx-xxx.us-1-east.compute.amazonaws.com), once you click on
the hostname in the Identity/Hosts tab, you can no lo
On 05/08/2012 03:29 PM, Rob Crittenden wrote:
David Copperfield wrote:
Hi folks,
Are there any way to turn off IPA automatic creation of private user
group? We use a common user group like ‘nis-wheel’, and completely
disabled private groups in openldap before migration.
If you disable private
On 05/09/2012 03:31 AM, Dan Scott wrote:
On Tue, May 8, 2012 at 8:45 PM, wrote:
On Tue, May 08, 2012 at 09:43:13AM -0400, Rob Crittenden wrote:
Dan Scott wrote:
On Tue, May 8, 2012 at 1:55 AM,wrote:
Hi,
Spec:
Red Hat Enterprise Linux Server release 6.2 (Santiago)
ipa-admintools-2.1.3-
On 05/08/2012 03:05 PM, Simo Sorce wrote:
On Mon, 2012-05-07 at 18:01 -0700, David Copperfield wrote:
Hi,
Can I change the default user group for new users to something else?
and disable automatically creation of private groups?
Yes, and yes, although I wouldn't recommend so if you have mo
On Wed, 2012-05-09 at 13:21 +0200, Petr Spacek wrote:
> On 05/09/2012 03:31 AM, Dan Scott wrote:
> > On Tue, May 8, 2012 at 8:45 PM, wrote:
> >> On Tue, May 08, 2012 at 09:43:13AM -0400, Rob Crittenden wrote:
> >>> Dan Scott wrote:
> On Tue, May 8, 2012 at 1:55 AM,wrote:
> > Hi,
> >>>
Hi Petr and all,
Thanks for your reply.
After the automatic creation of the private user group is turned off, does the
user creation Web page still show the GID field? and pre-filled with the same
number(or the next available GID) as the UID number? or the filed is completely
disappeared? Th
David Copperfield wrote:
Hi Petr and all,
Thanks for your reply.
After the automatic creation of the private user group is turned off,
does the user creation Web page still show the GID field? and pre-filled
with the same number(or the next available GID) as the UID number? or
the filed is comp
Hi Rob and all,
The ipa-managed-entries command is not available on freeIPA 2.1.3 version
comes with Redhat 6.2. Is there any other comparable ways to disable private
user groups generation at global/system wide, instead of ''--noprivate" option
to 'ups user-add' which is user by user? Thanks
David Copperfield wrote:
Hi Rob and all,
The ipa-managed-entries command is not available on freeIPA 2.1.3
version comes with Redhat 6.2. Is there any other comparable ways to
disable private user groups generation at global/system wide, instead of
''--noprivate" option to 'ups user-add' which i
Hello
Our security group have concern with copying username/password from from
AD and might not allow this synchronisation to even happen.
Is there a way to configure ipa to go get username/password via kind of
proxy?
Thank you!
--
Sylvain Angers
___
Hello
Someone did delete the admin account by mistake, how can we recover from
this?
Thank you!
--
Sylvain Angers
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Sylvain Angers wrote:
Hello
Someone did delete the admin account by mistake, how can we recover from
this?
Fortunately there is nothing really special about the admin account
except that they are a member of the admins group, that is the important
bit.
You can use ldapmodify to add another
Hi,
My understanding is passync intercepts the password before its encrypted in AD
and written to the AD's ldap db/disk it cant be decrypted thereafter. It then
sends the plain text password via an encrypted link to IPA, so its pretty safe.
No there is no easy way I know of, though its possible
I just setup a RHEL6 server as a NFS server and I have 2 x RHEL6 workstation
clients doing NFS via automount as per section 10.3 admin guide 6.3betaall
good until I use a Ubuntu client to 'attack it" I find the non-IPA's ubuntu
client can delete, alter and edit files..kind of OopsI
Steven Jones wrote:
I just setup a RHEL6 server as a NFS server and I have 2 x RHEL6 workstation clients
doing NFS via automount as per section 10.3 admin guide 6.3betaall good until I
use a Ubuntu client to 'attack it" I find the non-IPA's ubuntu client can
delete, alter and edit files..
Sylvain Angers wrote:
Hello
Our security group have concern with copying username/password from from
AD and might not allow this synchronisation to even happen.
Is there a way to configure ipa to go get username/password via kind of
proxy?
No, the Kerberos credentials don't use the password att
On Wed, May 09, 2012 at 09:16:45PM +, Steven Jones wrote:
> I just setup a RHEL6 server as a NFS server and I have 2 x RHEL6
> workstation clients doing NFS via automount as per section 10.3 admin
> guide 6.3betaall good until I use a Ubuntu client to 'attack it"
> I find the non-IPA's ubun
On 05/09/2012 03:11 PM, Steven Jones wrote:
Hi,
My understanding is passync intercepts the password before its
encrypted in AD
Yes.
and written to the AD's ldap db/disk
PassSync writes it to a log file on the windows machine, not to the ldap db.
it cant be decrypted thereafter.
PassSy
Hi
Im mounting the mount point via an xterm su - 'd to root in the user's
gui..I then open a new xterm and cd to the mount pount /nfs1 and then cd
into the "user" and edit files as I want...
I am editing files forged user that is in IPA with its forged UID
So on the RHEL NFS server loo
Hi,
What I meant was the AD ui / system is going to write the user's AD password
into AD's db on the ad server's disknot that passync does it.sort of
man in the middle attack
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6
On Wed, 2012-05-09 at 14:19 -0400, Sylvain Angers wrote:
> Hello
>
> Our security group have concern with copying username/password from
> from AD and might not allow this synchronisation to even happen.
> Is there a way to configure ipa to go get username/password via kind
> of proxy?
Not reall
Hi,
Thanks so I will remove the sec=sys bit and re-test..and then I assume it will
be kerberos only.
However in effect what we are saying is we cant protect an IPA user's files if
we have to allow a non-IPA user to connect? its ALL kerberos or nothing? kind
of makes sense.
Also then t
That is possibly RHEl6.4? so year end?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Simo Sorce [s...@r
Hi all,
I've a IPA master/replica setup in our development environment. Unfortunately
our IPA master crashed, the replica is working fine. Now I have the IPA master
re-imaged.
What are the steps I have to follow to re-create the IPA master from running
IPA replica? Before crash the IPA maste
On Wed, May 09, 2012 at 01:21:39PM +0200, Petr Spacek wrote:
> On 05/09/2012 03:31 AM, Dan Scott wrote:
> >On Tue, May 8, 2012 at 8:45 PM, wrote:
> >>On Tue, May 08, 2012 at 09:43:13AM -0400, Rob Crittenden wrote:
> >>>Dan Scott wrote:
> On Tue, May 8, 2012 at 1:55 AM,wrote:
> >Hi,
> >
Hi,
In case everyone else is asleep now..
Do you have access to RH documentation? the 6.3beta admin guide section 18.8
talks about why and how to make a replicate a master.
eg.,
"NOTE
All servers and replicas which host a CA are peers in the topology. They can
all issue certificates
and
On Thu, 2012-05-10 at 00:24 +, Steven Jones wrote:
> Hi,
>
> In case everyone else is asleep now..
>
> Do you have access to RH documentation? the 6.3beta admin guide
> section 18.8 talks about why and how to make a replicate a master.
The problem seems to be that David had only a singl
Removed the sys: and now no IPA'd client can mount.oh joy
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
28 matches
Mail list logo