Hi,
Recently installed freeipa on two servers in multi-master mode. We want to have
a central authentication system for many hosts. Environment is RHEL 6.4 for
servers, RHEL 6.1 for the first client host, standard rpm packages used -
ipa-server-3.0.0-26.el6_4.4.x86_64 and ipa-client-3.0.0-37.e
On 11/29/2013 09:16 AM, Les Stott wrote:
> Hi,
>
> Recently installed freeipa on two servers in multi-master mode. We want to
> have a central authentication system for many hosts. Environment is RHEL 6.4
> for servers, RHEL 6.1 for the first client host, standard rpm packages used -
> ipa-serv
hi,
just came accross Erinn Looney-Triggs's excellent writeup on using
kerberos voor relaying e-mail
(https://stomp.colorado.edu/blog/blog/2013/07/09/on-freeipa-postfix-and-a-relaying-smtp-client/)
and have a question.
Would it not be possibly easier to just use the host's keytab
(/etc/krb5.keyta
On 11/29/2013 11:27 AM, Natxo Asenjo wrote:
> hi,
>
> just came accross Erinn Looney-Triggs's excellent writeup on using
> kerberos voor relaying e-mail
> (https://stomp.colorado.edu/blog/blog/2013/07/09/on-freeipa-postfix-and-a-relaying-smtp-client/)
> and have a question.
>
> Would it not be po
On Fri, Nov 29, 2013 at 12:03:58PM +0100, Martin Kosek wrote:
> On 11/29/2013 11:27 AM, Natxo Asenjo wrote:
> > hi,
> >
> > just came accross Erinn Looney-Triggs's excellent writeup on using
> > kerberos voor relaying e-mail
> > (https://stomp.colorado.edu/blog/blog/2013/07/09/on-freeipa-postfix-a
Hi,
When being root on an ipa-client, I can su to any IPA user. This is
somewhat unexptected behaviour in comparison to Windows. If I am local
administrator in a windows AD member server, I cannot become a domain user.
I need to be domain administrator for that.
Is it possible to have this "featu
On Fri, 29 Nov 2013, Fred van Zwieten wrote:
Hi,
When being root on an ipa-client, I can su to any IPA user. This is
somewhat unexptected behaviour in comparison to Windows. If I am local
administrator in a windows AD member server, I cannot become a domain user.
I need to be domain administrato
Martin,
there is no entries in /etc/hosts for the freeipa servers on the client.
the clients hosts own entry is there with fqdn first.
Because you mentioned it, i added the hostname of both freeipa server to the
hosts file on the client. It actually ran and setup the client. However it did
get
On 29.11.2013 14:20, Les Stott wrote:
Martin,
there is no entries in /etc/hosts for the freeipa servers on the client.
the clients hosts own entry is there with fqdn first.
Because you mentioned it, i added the hostname of both freeipa server to the
hosts file on the client. It actually ran an
On 11/29/2013 02:20 PM, Les Stott wrote:
> Martin,
>
> there is no entries in /etc/hosts for the freeipa servers on the client.
> the clients hosts own entry is there with fqdn first.
>
> Because you mentioned it, i added the hostname of both freeipa server to the
> hosts file on the client. It
On Fri, 29 Nov 2013, Les Stott wrote:
Hi,
Recently installed freeipa on two servers in multi-master mode. We want to have
a central authentication system for many hosts. Environment is RHEL 6.4 for
servers, RHEL 6.1 for the first client host, standard rpm packages used -
ipa-server-3.0.0-26.e
On Fri, Nov 29, 2013 at 03:11:01PM +0200, Alexander Bokovoy wrote:
> On Fri, 29 Nov 2013, Fred van Zwieten wrote:
> >Hi,
> >
> >When being root on an ipa-client, I can su to any IPA user. This is
> >somewhat unexptected behaviour in comparison to Windows. If I am local
> >administrator in a windows
Jakub,
Yes, I could do this. But then the local root account cannot su to local
users (without password). But that is actually a normal use-case. I just
think local root should not be allowed to transition to a domain user, by
default.
Fred
On Fri, Nov 29, 2013 at 2:48 PM, Jakub Hrozek wrote:
On Fri, Nov 29, 2013 at 03:08:44PM +0100, Fred van Zwieten wrote:
> Jakub,
>
> Yes, I could do this. But then the local root account cannot su to local
> users (without password). But that is actually a normal use-case. I just
> think local root should not be allowed to transition to a domain user
On 11/29/2013 03:17 PM, Jakub Hrozek wrote:
> On Fri, Nov 29, 2013 at 03:08:44PM +0100, Fred van Zwieten wrote:
>> Jakub,
>>
>> Yes, I could do this. But then the local root account cannot su to local
>> users (without password). But that is actually a normal use-case. I just
>> think local root sh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/28/2013 03:50 PM, Erinn Looney-Triggs wrote:
> In the process of prepping a replication host for changing over the
> CA I had to use certmonger to generate another certificate on my
> secondary IPA server. Unfortunately it seems to fail every si
16 matches
Mail list logo
