On 13.1.2014 22:18, Jakub Hrozek wrote:
On Mon, Jan 13, 2014 at 02:44:29PM -0500, Bret Wortman wrote:
They're definitely different. I deleted the one in the file, then
tried again. It put the bad key back in the file. I blew the whole
file away and the same thing happened. Where is this key
hi,
after using sudo from ipa extensively I needed to configure a local
user to also use sudo.
This is for monitoring, we use nagios.
It works but now I have lots of error messages in /var/log/messages
like this one:
sudo: GSSAPI Error: Unspecified GSS failure. Minor code may provide
more
The key in /etc/ssh/ssh_host_rsa_key.pub matches what's in IPA for the
host in question. It should not have had any connectivity issues; it's
co-located with several of our IPA masters.
I'd be happy to run sss_ssh_knownhostsproxy manually but haven't been
able to locate the proxy command to
I was assuming that the key was being re-inserted by the ssh
authentication request, but to eliminate puppet, I just tried this sequence:
# puppet agent --disable
# rm -f /var/lib/sss/pubconf/known_hosts
# ls -l /var/lib/sss/pubconf/known_hosts
# ssh zw131
:
: (errors about the key being
Hi,
I've been trying to create a simple sudo policy, that would grant certain
privileges to a group of users on a group of hosts. The policy would not
work unless I specify the hosts individually in the *Sudo Rule* definition
page under *Access this hos*t section.
I am using FreeIPA v3.0 and
On 01/14/2014 04:27 PM, Dimitar Georgievski wrote:
Hi,
I've been trying to create a simple sudo policy, that would grant certain
privileges to a group of users on a group of hosts. The policy would not
work unless I specify the hosts individually in the *Sudo Rule* definition
page under
Dimitar Georgievski wrote:
Hi,
I've been trying to create a simple sudo policy, that would grant
certain privileges to a group of users on a group of hosts. The policy
would not work unless I specify the hosts individually in the *Sudo
Rule* definition page under *Access this hos*t section.
I
On 01/13/2014 11:50 PM, Alexander Bokovoy wrote:
Hi,
On Tue, 14 Jan 2014, Nordgren, Bryce L -FS wrote:
Hi Dimitri,
Just to be sure I understand. You have internal users - they are in
AD. You have external users - they are in LDAP. You merge two
directories and you want to replace this
On 01/14/2014 06:17 AM, Natxo Asenjo wrote:
hi,
after using sudo from ipa extensively I needed to configure a local
user to also use sudo.
This is for monitoring, we use nagios.
It works but now I have lots of error messages in /var/log/messages
like this one:
sudo: GSSAPI Error:
I had seen that thread...
https://www.redhat.com/archives/freeipa-users/2013-November/msg00019.html
all it says is...
On 11/05/2013 02:51 PM, KodaK wrote:
If I use the whole connection string:
uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com
I can authenticate.
Which i can
On 01/14/2014 04:01 PM, Les Stott wrote:
I had seen that thread...
https://www.redhat.com/archives/freeipa-users/2013-November/msg00019.html
all it says is...
On 11/05/2013 02:51 PM, KodaK wrote:
If I use the whole connection string:
Both AD integration solutions we have (synchronization and
cross-forest domain trusts) assume having higher level access
privileges at the time integration is set up.
My problem here is that I'm too ignorable. :) There's over 15000 users in our
AD; I'm in Montana, the admins are in DC.
On 01/14/2014 05:23 PM, Nordgren, Bryce L -FS wrote:
Both AD integration solutions we have (synchronization and
cross-forest domain trusts) assume having higher level access
privileges at the time integration is set up.
My problem here is that I'm too ignorable. :) There's over 15000 users in
Still no joy. Although I don't profess to be a schema changing expert.
Compat plugin was already enabled. Ipa version is 3.0.0-37.el6
So I modified /etc/dirsrv/slapd-MYDOMAIN-COM/dse.ldif...
Under
dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
I set the following...
On 01/14/2014 07:57 PM, Les Stott wrote:
Still no joy. Although I don't profess to be a schema changing expert.
Compat plugin was already enabled. Ipa version is 3.0.0-37.el6
So I modified /etc/dirsrv/slapd-MYDOMAIN-COM/dse.ldif...
Under
dn: cn=users,cn=Schema
I can confirm that the password was typed in correctly. Maybe its not matching
the account because it's the compat tree?
Also, each authentication tries multiple bind combinations, 3 or 4 different
combinations show up in the logs for 1 authentication attempt.
From the ILO help..iLO attempts
On Tue, 2014-01-14 at 11:34 -0500, Dmitri Pal wrote:
On 01/14/2014 06:17 AM, Natxo Asenjo wrote:
hi,
after using sudo from ipa extensively I needed to configure a local
user to also use sudo.
This is for monitoring, we use nagios.
It works but now I have lots of error messages in
On Tue, 14 Jan 2014, Nordgren, Bryce L -FS wrote:
Both AD integration solutions we have (synchronization and
cross-forest domain trusts) assume having higher level access
privileges at the time integration is set up.
My problem here is that I'm too ignorable. :) There's over 15000 users
in
On Wed, 15 Jan 2014, Les Stott wrote:
I can confirm that the password was typed in correctly. Maybe its not
matching the account because it's the compat tree?
No, it is not matching because BIND over compat tree is only supported
with slapi-nis 0.48+ which is not RHEL 6.x feature. As Dmitri
On Tue, 2014-01-14 at 06:46 -0500, Bret Wortman wrote:
I was assuming that the key was being re-inserted by the ssh
authentication request, but to eliminate puppet, I just tried this sequence:
# puppet agent --disable
# rm -f /var/lib/sss/pubconf/known_hosts
# ls -l
On 15.1.2014 06:49, Alexander Bokovoy wrote:
On Tue, 14 Jan 2014, Nordgren, Bryce L -FS wrote:
Both AD integration solutions we have (synchronization and
cross-forest domain trusts) assume having higher level access
privileges at the time integration is set up.
My problem here is that I'm
On Wed, 15 Jan 2014, Petr Spacek wrote:
On 15.1.2014 06:49, Alexander Bokovoy wrote:
On Tue, 14 Jan 2014, Nordgren, Bryce L -FS wrote:
Both AD integration solutions we have (synchronization and
cross-forest domain trusts) assume having higher level access
privileges at the time integration
22 matches
Mail list logo