Re: [Freeipa-users] BIND named.conf

Hello, AFAIK there were some issues with IXFR till BIND 8.2.3, but BIND 9 should work with Dynamic update and IXFR well. Combination of IXFR & manual change to zone text file needs special attention (for dynamic zones): You need to run rndc freeze && "modify zone" && rndc thaw. If you have "

Re: [Freeipa-users] New HowTo Doc: YubiRadius integration with group-validated FreeIPA Users using LDAPS

On Sat, 2012-07-14 at 08:58 +0100, Dale Macartney wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Morning all > > I've just published a walk through on tapping the YubiRadius virtual > appliance into FreeIPA. > > Target audience level : Beginner > > Link to page is : > http://freei

Re: [Freeipa-users] BIND named.conf

Hello, On 2012-07-13, at 9:39 PM, Simo Sorce wrote: >> > > Unfortunately slaving is not supported at the moment, but just out of > curiosity what is the ballpark number for "many updates" ? > Doing a quick check on the system, anywhere between 600 and 1000 record updates per minute. Thanks,

Re: [Freeipa-users] 2.20 dirsrv memory usage

On Fri, Jul 13, 2012 at 6:14 AM, Rob Crittenden wrote: > Stephen Ingram wrote: >> >> On Thu, Jul 12, 2012 at 2:59 PM, Steven Jones >> wrote: >>> >>> Hi, >>> >>> I had huge memory issues pre 6.3, now its low and flatSounds like you >>> have an issue somewhere. My normal cpu use is a few hundre

Re: [Freeipa-users] 2.20 dirsrv memory usage

On 07/16/2012 10:19 AM, Stephen Ingram wrote: On Fri, Jul 13, 2012 at 6:14 AM, Rob Crittenden wrote: Stephen Ingram wrote: On Thu, Jul 12, 2012 at 2:59 PM, Steven Jones wrote: Hi, I had huge memory issues pre 6.3, now its low and flatSounds like you have an issue somewhere. My normal cpu

Re: [Freeipa-users] 2.20 dirsrv memory usage

On Mon, Jul 16, 2012 at 9:35 AM, Rich Megginson wrote: > On 07/16/2012 10:19 AM, Stephen Ingram wrote: >> >> On Fri, Jul 13, 2012 at 6:14 AM, Rob Crittenden >> wrote: >>> >>> Stephen Ingram wrote: On Thu, Jul 12, 2012 at 2:59 PM, Steven Jones wrote: > > Hi, > > I had

Re: [Freeipa-users] 2.20 dirsrv memory usage

On 07/16/2012 11:48 AM, Stephen Ingram wrote: On Mon, Jul 16, 2012 at 9:35 AM, Rich Megginson wrote: On 07/16/2012 10:19 AM, Stephen Ingram wrote: On Fri, Jul 13, 2012 at 6:14 AM, Rob Crittenden wrote: Stephen Ingram wrote: On Thu, Jul 12, 2012 at 2:59 PM, Steven Jones wrote: Hi, I had hug

Re: [Freeipa-users] 2.20 dirsrv memory usage

On Mon, Jul 16, 2012 at 11:34 AM, Rich Megginson wrote: > On 07/16/2012 11:48 AM, Stephen Ingram wrote: >> >> On Mon, Jul 16, 2012 at 9:35 AM, Rich Megginson >> wrote: >>> >>> On 07/16/2012 10:19 AM, Stephen Ingram wrote: On Fri, Jul 13, 2012 at 6:14 AM, Rob Crittenden wrote: >

Re: [Freeipa-users] 2.20 dirsrv memory usage

On Mon, 2012-07-16 at 12:11 -0700, Stephen Ingram wrote: > On Mon, Jul 16, 2012 at 11:34 AM, Rich Megginson wrote: > > On 07/16/2012 11:48 AM, Stephen Ingram wrote: > >> > >> On Mon, Jul 16, 2012 at 9:35 AM, Rich Megginson > >> wrote: > >>> > >>> On 07/16/2012 10:19 AM, Stephen Ingram wrote: > >>>

Re: [Freeipa-users] 2.20 dirsrv memory usage

Stephen Ingram wrote: On Mon, Jul 16, 2012 at 11:34 AM, Rich Megginson wrote: On 07/16/2012 11:48 AM, Stephen Ingram wrote: On Mon, Jul 16, 2012 at 9:35 AM, Rich Megginson wrote: On 07/16/2012 10:19 AM, Stephen Ingram wrote: On Fri, Jul 13, 2012 at 6:14 AM, Rob Crittenden wrote: Stephen

[Freeipa-users] How to set a user group rule to allow su - oracle only?

Is this possible? If so how is it done? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/free

[Freeipa-users] admin users for groups

Hi, I want to set a group of admin level users admin rights to select user and host groups, can this be done in IPA? How? So they need to be able to add users from the general pool to specific groups and add specific hosts to specific groups only, can these be done? regards Steven Jones Te

Re: [Freeipa-users] admin users for groups

Steven Jones wrote: Hi, I want to set a group of admin level users admin rights to select user and host groups, can this be done in IPA? How? So they need to be able to add users from the general pool to specific groups and add specific hosts to specific groups only, can these be done? It de

Re: [Freeipa-users] How to set a user group rule to allow su - oracle only?

Steven Jones wrote: Is this possible? If so how is it done? I'm not sure what you're asking. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] stopping su -

I have craeted a sshd rule only for the HBAC, but I find a std user can su - to root, is this correect behavior? How do I? or can I? stop this unless explicitly allowed? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 _

Re: [Freeipa-users] stopping su -

On 07/16/2012 01:32 PM, Steven Jones wrote: > I have craeted a sshd rule only for the HBAC, but I find a std user can > su - to root, is this correect behavior? > > How do I? or can I? stop this unless explicitly allowed? > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > >

Re: [Freeipa-users] How to set a user group rule to allow su - oracle only?

Hi, If I login as say user1, I want that user to be able to su - oracle, but not to say su - root (or to any other user). If user2 logins I want them unable to su - X at all and especially not root. If an admin logins in I want them to be able to su - anybody... In a way before I could do tha

Re: [Freeipa-users] stopping su -

Hi, OK, so to confirm this cant be done in a centralised way via IPA? In which case when setting a HBAC with sshd only why cant i su - oracle but I can su - root? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272

Re: [Freeipa-users] How to set a user group rule to allow su - oracle only?

On Mon, 2012-07-16 at 21:45 +, Steven Jones wrote: > Hi, > > If I login as say user1, I want that user to be able to su - oracle, but not > to say su - root (or to any other user). > > If user2 logins I want them unable to su - X at all and especially not root. > > If an admin logins in I

Re: [Freeipa-users] stopping su -

On 07/16/2012 01:47 PM, Steven Jones wrote: > Hi, > > OK, so to confirm this cant be done in a centralised way via IPA? > > In which case when setting a HBAC with sshd only why cant i su - oracle but I > can su - root? > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Vi

Re: [Freeipa-users] stopping su -

Hi, I could do, authrequiredpam_wheel.soroot_only use_uid But I really want to do this with IPA or I have to get on each server and add and remove admins by hand (hint 300 servers)...that is the idea of something like IPA for medo it once centrally. I assume simo's hint i

Re: [Freeipa-users] BIND named.conf

Sorry, I was unclear. The problem is not dynamic in terms of "nsupdate" versus manually editing zonefiles, but rather backed by a dynamic source, such as a database, directory, etc. For a DLZ-backed zone, there is no straightforward way for the server responding to the IXFR request to know which r

Re: [Freeipa-users] stopping su -

> authrequiredpam_wheel.soroot_only use_uid > > But I really want to do this with IPA or I have to get on each server and > add and remove admins by hand (hint 300 servers)...that is the idea of > something like IPA for medo it once centrally. > Also, you can create and m

Re: [Freeipa-users] stopping su -

I understand where you are going with this Don't think about su - oracle directly A sudo -u oracle -H isn't quite what you are looking for either because you want the environment vaiables to auto load and oracle dbas can be ( not all but many) very lazy about loading them manually. The best option