Hi,
Installed the ‘standard’ RHEL6 ipa-server-3.0 packages, tried to set up winsync
replication from an Active Directory server which resides in the same network
segment as the IPA server.
The IPA server is running in a VM, configured with a single processor, 2G
memory.
We’re trying to do a o
hi,
since days im trying to install the freeipa-client in ubuntu 12.04. I
followed the following mail too:
http://www.redhat.com/archives/freeipa-users/2013-June/msg00091.html
but it didnt work. i followed the following steps:
apt-get build-dep python-lxml
apt-get install python-software-prop
OK! everything work right!
29.12.2013 13:13, Arthur пишет:
> Ok. I'll try to check that. I am away right now.
> 26.12.2013 10:19, Christian Horn пишет:
>> Hi,
>>
>> On Thu, Dec 26, 2013 at 11:59:28AM +0600, Arthur Faizullin wrote:
>>> As I mentioned earlier in my previous topic, when I do:
>>> # au
On 03/24/2014 03:27 AM, Dave Jones wrote:
Hi,
Installed the 'standard' RHEL6 ipa-server-3.0 packages, tried to set
up winsync replication from an Active Directory server which resides
in the same network segment as the IPA server.
The IPA server is running in a VM, configured with a single p
hi all,
i'm trying to limit the minimum and maximum lifetime of passwords (in
particular the random password when a host is added; but i guess this
more general).
(i'm using ipa 3.0 from el6 and also looking at 3.3 from rhel7 beta, but
the relevant code seems the same or at least very simila
On 03/24/2014 01:15 PM, Stijn De Weirdt wrote:
hi all,
i'm trying to limit the minimum and maximum lifetime of passwords (in
particular the random password when a host is added; but i guess this
more general).
(i'm using ipa 3.0 from el6 and also looking at 3.3 from rhel7 beta,
but the rele
If you look at the attached logs, you can see it is going to the correct dns
server. dig information is also correct. There is something else going on I can
figure out what?
Shreeraj
Change is the onl
Stijn De Weirdt wrote:
hi all,
i'm trying to limit the minimum and maximum lifetime of passwords (in
particular the random password when a host is added; but i guess this
more general).
(i'm using ipa 3.0 from el6 and also looking at 3.3 from rhel7 beta, but
the relevant code seems the same or
hi dmitri,
The whole idea of the host passwords is to be added as a part of the
provisioning workflow so it should be seconds anyways.
We created a "smart proxy" for Foreman (provisioning system) to drive
host creation. It just landed upstream (first version) last week.
Any chance you can use or
hi rob,
You can only specify password policy for User Groups, not host groups,
so there is no way to do this currently. It also isn't that
fine-grained. The minimum lifetime is 1 hour, the minimum of the maximum
lifetime is 1 day.
I don't see why support for Host Groups (and therefore Hosts) ca
On Mon, 24 Mar 2014, Stijn De Weirdt wrote:
hi dmitri,
The whole idea of the host passwords is to be added as a part of the
provisioning workflow so it should be seconds anyways.
We created a "smart proxy" for Foreman (provisioning system) to drive
host creation. It just landed upstream (first
https://fedorahosted.org/freeipa/ticket/4272
On 03/24/2014 08:44 PM, Stijn De Weirdt wrote:
hi dmitri,
The whole idea of the host passwords is to be added as a part of the
provisioning workflow so it should be seconds anyways.
We created a "smart proxy" for Foreman (provisioning system) to dri
hmmm, seems like overkill to me.
this should ideally be a user per host, and the user should be disabled
as soon as the host is installed/has the host keytab.
i can continue testing with the 1 day maximum for now. i'll track
progress/discuusion via the ticket.
stijn
On 03/24/2014 08:53 PM,
Alexander Bokovoy wrote:
On Mon, 24 Mar 2014, Stijn De Weirdt wrote:
hi dmitri,
The whole idea of the host passwords is to be added as a part of the
provisioning workflow so it should be seconds anyways.
We created a "smart proxy" for Foreman (provisioning system) to drive
host creation. It ju
On Mon, 24 Mar 2014, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Mon, 24 Mar 2014, Stijn De Weirdt wrote:
hi dmitri,
The whole idea of the host passwords is to be added as a part of the
provisioning workflow so it should be seconds anyways.
We created a "smart proxy" for Foreman (provis
On 24.03.2014 13:17, Sabin Ranjit wrote:
> hi,
> since days im trying to install the freeipa-client in ubuntu 12.04. I
> followed the following mail too:
> http://www.redhat.com/archives/freeipa-users/2013-June/msg00091.html
>
> but it didnt work. i followed the following steps:
>
> apt-get build
hi alexander,
No, because then you have to either ship keytabs around during
provisioning or hardcode that user's password in the kickstart and
they are already nervous about doing that for the OTP.
This topic raises regularly on IRC. My suggestion was to create these
one time passwords based o
On 03/24/2014 05:53 PM, Stijn De Weirdt wrote:
hi alexander,
No, because then you have to either ship keytabs around during
provisioning or hardcode that user's password in the kickstart and
they are already nervous about doing that for the OTP.
This topic raises regularly on IRC. My suggestio
>On 11/27/2013 12:51 AM, Dmitri Pal wrote:
>> On 11/26/2013 05:15 PM, siology.io wrote:>>> for what it's worth, kinit on
>> the command line of the ipa server works>>> just fine, and detects the realm
>> ok.>> >> OK then let us rule out DNS for a moment.>> >> Have you checked the
>> KDC log to s
>Collaboration can be in different ways. It all depends on the use case. It can
>be OpenID, SAML, Kerberos, etc. There are different technologies and they suit
>better different use cases.
>Can you please share under what circumstances such "inversion" would actually
>be needed?
Console login
FIX! Sssd keeps running after I've done this command, but anyway I have
to do:
# chkconfig sssd on
or it will not start at next boot.
24.03.2014 19:11, Arthur Faizullin пишет:
> OK! everything work right!
> 29.12.2013 13:13, Arthur пишет:
>> Ok. I'll try to check that. I am away right now.
>> 26.1
On Mon, 24 Mar 2014, Stijn De Weirdt wrote:
hi alexander,
No, because then you have to either ship keytabs around during
provisioning or hardcode that user's password in the kickstart and
they are already nervous about doing that for the OTP.
This topic raises regularly on IRC. My suggestion w
22 matches
Mail list logo