Re: [Freeipa-users] Allow IPA users to create SSH tunnel with no shell

Actually, I wanted to make something like this in SSH user impersonation, . My idea was to allow overriding of authorized_keys options in impersonation rules. In your case, you could have a special user account "tunnel" that would be used to access

Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?

On Tue, December 18, 2012 08:28, Johan Petersson wrote: > Hi, > > > We are implementing IPA Server and are gong to need to be able to > authenticate properly with a > number of Solaris 11 servers. I have browsed the archives and found a few > threads mentioning some > problems with Solaris 11 an

Re: [Freeipa-users] anyone know how to do sssd filters?

On Mon, Dec 17, 2012 at 04:03:03PM -0500, Dmitri Pal wrote: > On 12/17/2012 03:11 PM, KodaK wrote: > > I'm attempting to install Satellite in my IPA domain. There is a > > ridiculous requirement that the group "dba" must not already exist > > prior to installing. Red Hat support wanted me to *rem

Re: [Freeipa-users] anyone know how to do sssd filters?

On Tue, Dec 18, 2012 at 10:39:56AM +0100, Jakub Hrozek wrote: > On Mon, Dec 17, 2012 at 04:03:03PM -0500, Dmitri Pal wrote: > > On 12/17/2012 03:11 PM, KodaK wrote: > > > I'm attempting to install Satellite in my IPA domain. There is a > > > ridiculous requirement that the group "dba" must not alr

Re: [Freeipa-users] FreeIPA and Samba 4

On Mon, 2012-12-17 at 22:48 -0500, William Muriithi wrote: > > > I know this may be a loaded question, but I am asking it anyways. > > > > > > > > > Can anyone tell me what the current status and future plan for > IPA / > > > Samba 4 is? > > > > We plan to support setting up trusts with Samba4 just

Re: [Freeipa-users] Problem generating Oracle ZFS Storage Appliance host and nfs principals and keys to IPA/Free IPA.

On Tue, 2012-12-18 at 05:24 +, Johan Petersson wrote: > Hi, > > Unfortunately i still get the same error from the Appliance even after having > added both host and nfs principals in the IPA web interface. > > "failed to create principal 'host/zfs1.home@HOME': libkadm5clnt error: > 43787522

Re: [Freeipa-users] anyone know how to do sssd filters?

On Tue, Dec 18, 2012 at 3:51 AM, Jakub Hrozek wrote: > On Tue, Dec 18, 2012 at 10:39:56AM +0100, Jakub Hrozek wrote: >> On Mon, Dec 17, 2012 at 04:03:03PM -0500, Dmitri Pal wrote: >> > On 12/17/2012 03:11 PM, KodaK wrote: >> > > I'm attempting to install Satellite in my IPA domain. There is a >>

Re: [Freeipa-users] anyone know how to do sssd filters?

On Mon, Dec 17, 2012 at 3:03 PM, Dmitri Pal wrote: > On 12/17/2012 03:11 PM, KodaK wrote: >> I'm attempting to install Satellite in my IPA domain. There is a >> ridiculous requirement that the group "dba" must not already exist >> prior to installing. Red Hat support wanted me to *remove* the DB

Re: [Freeipa-users] anyone know how to do sssd filters?

On Tue, Dec 18, 2012 at 09:07:25AM -0600, KodaK wrote: > On Tue, Dec 18, 2012 at 3:51 AM, Jakub Hrozek wrote: > > On Tue, Dec 18, 2012 at 10:39:56AM +0100, Jakub Hrozek wrote: > >> On Mon, Dec 17, 2012 at 04:03:03PM -0500, Dmitri Pal wrote: > >> > On 12/17/2012 03:11 PM, KodaK wrote: > >> > > I'm

Re: [Freeipa-users] anyone know how to do sssd filters?

On Tue, Dec 18, 2012 at 9:17 AM, Jakub Hrozek wrote: > On Tue, Dec 18, 2012 at 09:07:25AM -0600, KodaK wrote: >> On Tue, Dec 18, 2012 at 3:51 AM, Jakub Hrozek wrote: >> > On Tue, Dec 18, 2012 at 10:39:56AM +0100, Jakub Hrozek wrote: >> >> On Mon, Dec 17, 2012 at 04:03:03PM -0500, Dmitri Pal wrote

Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?

On 12/18/2012 04:06 AM, Sigbjorn Lie wrote: > On Tue, December 18, 2012 08:28, Johan Petersson wrote: >> Hi, >> >> >> We are implementing IPA Server and are gong to need to be able to >> authenticate properly with a >> number of Solaris 11 servers. I have browsed the archives and found a few >> t

[Freeipa-users] testing AD trust on Fedora 18

Hi all, I'm testing AD trust following this how to: http://www.freeipa.org/page/IPAv3_testing_AD_trust but when I set "ipa dnszone-add" I get this: [root@m ~] ipa dnszone-add --name-server= --admin-email= --force --forwarder= –forward-policy=only ipa: ERROR: unable to parse cookie header 'ipa_sess

[Freeipa-users] Backup and Restore procedures for IPA 2.2.0?

Hi all,   Is the backup and restore procedure for IPA available now? It's rumored months back that some one was working on it but not sure what is the progress on it. Please shed a light if you have any ideas.  I'm running the default latest 2.2.0 IPA on Redhat/Centos 6.3. Thanks. David _

Re: [Freeipa-users] Backup and Restore procedures for IPA 2.2.0?

On 12/18/2012 01:39 PM, David Copperfield wrote: > Hi all, > > Is the backup and restore procedure for IPA available now? It's > rumored months back that some one was working on it but not sure what > is the progress on it. Please shed a light if you have any ideas. > > I'm running the default l

Re: [Freeipa-users] Backup and Restore procedures for IPA 2.2.0?

Got it.  Is there any IPA resources on market we can hire for a backup/restoration solution? Our company is at Bay Area. Thanks. --David From: Dmitri Pal To: freeipa-users@redhat.com Sent: Tuesday, December 18, 2012 10:42 AM Subject: Re: [Freeipa-users] Ba

Re: [Freeipa-users] Backup and Restore procedures for IPA 2.2.0?

Hi, As in a backup software client that can talk to the IPA instance? Im not aware of one. What I do is dump a userroot to ldif every so oftenbefore and after I do patching or any significant changeI do so on at least 2 of the 3 IPA masters with, /var/lib/dirsrv/scripts-ODS-VUW-AC-NZ

Re: [Freeipa-users] testing AD trust on Fedora 18

On 12/18/2012 01:26 PM, Andre Rodrigues wrote: Hi all, I'm testing AD trust following this how to: http://www.freeipa.org/page/IPAv3_testing_AD_trust but when I set "ipa dnszone-add" I get this: [root@m ~] ipa dnszone-add --name-server=http://AD.NAME>> --admin-email= --force --forwarder= –forwar

Re: [Freeipa-users] testing AD trust on Fedora 18

On Tue, Dec 18, 2012 at 03:16:47PM -0500, John Dennis wrote: > On 12/18/2012 01:26 PM, Andre Rodrigues wrote: > >Hi all, > >I'm testing AD trust following this how to: > >http://www.freeipa.org/page/IPAv3_testing_AD_trust > >but when I set "ipa dnszone-add" I get this: > >[root@m ~] ipa dnszone-add

Re: [Freeipa-users] Problem generating Oracle ZFS Storage Appliance host and nfs principals and keys to IPA/Free IPA.

On 12/18/2012 06:24 AM, Johan Petersson wrote: Hi, Unfortunately i still get the same error from the Appliance even after having added both host and nfs principals in the IPA web interface. "failed to create principal 'host/zfs1.home@HOME': libkadm5clnt error: 43787522 (Operation requires ``

Re: [Freeipa-users] testing AD trust on Fedora 18

On 12/18/2012 03:30 PM, Sumit Bose wrote: On Tue, Dec 18, 2012 at 03:16:47PM -0500, John Dennis wrote: On 12/18/2012 01:26 PM, Andre Rodrigues wrote: Hi all, I'm testing AD trust following this how to: http://www.freeipa.org/page/IPAv3_testing_AD_trust but when I set "ipa dnszone-add" I get thi

Re: [Freeipa-users] anyone know how to do sssd filters?

On Tue, Dec 18, 2012 at 10:38 AM, KodaK wrote: > On Tue, Dec 18, 2012 at 9:17 AM, Jakub Hrozek wrote: >> On Tue, Dec 18, 2012 at 09:07:25AM -0600, KodaK wrote: >>> On Tue, Dec 18, 2012 at 3:51 AM, Jakub Hrozek wrote: >>> > On Tue, Dec 18, 2012 at 10:39:56AM +0100, Jakub Hrozek wrote: >>> >> On M

Re: [Freeipa-users] Problem generating Oracle ZFS Storage Appliance host and nfs principals and keys to IPA/Free IPA.

I pursued that idea myself earlier but when getting the huge warranty void message when accessing a shell + that the file system was read-only i gave up. I will definitely look at it again and read the information you provided, thank you for your help. From: freei