On 08/29/2014 09:32 PM, Matthew Sellers wrote:
Hi Everyone!
I am using FreeIPA 3.3.5 on Fedora 20 and attempting to configure
FreeIPA to send notifies to non-IPA slaves, but it seems broken on IPA
( notify packets are never sent to to slaves ).
I have configured also-notify { nameserverip;
On Fri, Aug 29, 2014 at 08:05:16PM +0200, Dmitri Pal wrote:
On 08/29/2014 06:06 PM, mohammad sereshki wrote:
Hi
I have configured IPA(ipa-client-2.1.3-7.el5) but the problem is that Ican
connect with kerberos from another client but I can't login to client
directly and I chet below error
hi
i have configured ipa (ipa on centos 6.5) but the problesm is i dont know
where the logs activity users stored?
i meens logs activity users must stored in ipa server, but where?
thanks every body
--
Manage your subscription for the Freeipa-users mailing list:
On 09/01/2014 08:29 AM, alireza baghery wrote:
hi
i have configured ipa (ipa on centos 6.5) but the problesm is i dont
know where the logs activity users stored?
i meens logs activity users must stored in ipa server, but where?
thanks every body
Which activity you are looking for?
The
Hi
sssd_sudo.log is attached
But there is no log about sssd_domain_name.log (In my case sssd_ipa.grp.log)
On 29-08-2014 16:14, Jakub Hrozek wrote:
On Fri, Aug 29, 2014 at 03:07:08PM +0200, Jakub Hrozek wrote:
On Fri, Aug 29, 2014 at 03:45:38PM +0300, Tevfik Ceydeliler wrote:
this package is
Client side:
sssd -- 1.11.5
sudo -- 1.8.9p5-1ubuntu1 (sudo-ldap package conflicts)
OS -- Ubuntu 14.04.1 LTS
On 29-08-2014 17:53, Lukas Slebodnik wrote:
On (29/08/14 17:37), Tevfik Ceydeliler wrote:
Thnx for document. I know this.
I think there is no problem abot configuration generally.
activity that users perform on client (ipa client)
On Mon, Sep 1, 2014 at 11:12 AM, Dmitri Pal d...@redhat.com wrote:
On 09/01/2014 08:29 AM, alireza baghery wrote:
hi
i have configured ipa (ipa on centos 6.5) but the problesm is i dont know
where the logs activity users stored?
i
On (01/09/14 09:59), Tevfik Ceydeliler wrote:
Client side:
sssd -- 1.11.5
sudo -- 1.8.9p5-1ubuntu1 (sudo-ldap package conflicts)
Thats good. The package sudo-ldap is not compiled with sssd support.
OS -- Ubuntu 14.04.1 LTS
Do you have installed package libsss-sudo.
Could you show us your
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.grp
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = clnt.ipa.grp
chpass_provider = ipa
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.grp
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname =
On 09/01/2014 07:50 AM, Dmitri Pal wrote:
On 08/29/2014 09:32 PM, Matthew Sellers wrote:
Hi Everyone!
I am using FreeIPA 3.3.5 on Fedora 20 and attempting to configure FreeIPA to
send notifies to non-IPA slaves, but it seems broken on IPA ( notify packets
are never sent to to slaves ).
I
On 09/01/2014 12:05 PM, Martin Kosek wrote:
On 09/01/2014 07:50 AM, Dmitri Pal wrote:
On 08/29/2014 09:32 PM, Matthew Sellers wrote:
Hi Everyone!
I am using FreeIPA 3.3.5 on Fedora 20 and attempting to configure FreeIPA to
send notifies to non-IPA slaves, but it seems broken on IPA ( notify
On Mon, Sep 01, 2014 at 12:20:21PM +0300, Alexander Bokovoy wrote:
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.grp
I moved those lines. But still same.
On 01-09-2014 12:20, Alexander Bokovoy wrote:
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain
On 08/29/2014 10:21 AM, Zip Ly wrote:
@Martin
1) Yes, I did executed 8.5.3 from the wiki. Is this is reason for the
systems behaviour?
Yes.
if so why doesnt't it applies for both admins?
Because only a DN of the first admin was added. It applies only to objects
bound with this DN then.
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
I moved those lines. But still same.
As Jakub pointed out, following option also is wrong:
ldap=sasl_authid = host/cnlt2.ipa.grp
it should be
ldap_sasl_authid = host/cnlt2.ipa.grp
note _ instead of = between ldap and sasl.
On 01-09-2014
On (01/09/14 12:20), Alexander Bokovoy wrote:
On Mon, 01 Sep 2014, Tevfik Ceydeliler wrote:
libsss-sudo already installed.
Here is my sssd.conf:
[domain/ipa.grp]
krb5_realm = IPA.GRP
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.grp
id_provider = ipa
I correct that line.
But still same:
tevfik@Darktower ~ $ ssh user1@10.1.1.174
user1@10.1.1.174's password:
Permission denied, please try again.
user1@10.1.1.174's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-24-generic x86_64)
* Documentation: https://help.ubuntu.com/
Last
On (01/09/14 15:38), Tevfik Ceydeliler wrote:
I correct that line.
But still same:
tevfik@Darktower ~ $ ssh user1@10.1.1.174
user1@10.1.1.174's password:
Permission denied, please try again.
user1@10.1.1.174's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-24-generic x86_64)
*
Actually All I wanna do is , give permission to user to use some
commanf. for example apt-get or something else.
I Think I can do it with IPA
right?
On 01-09-2014 15:42, Lukas Slebodnik wrote:
ogin: Mon Sep 1 13:47:08 2014 from 10.65.8.100
user1@clnt:~$ su - user1 apt-get install
Password:
On (01/09/14 15:48), Tevfik Ceydeliler wrote:
Actually All I wanna do is , give permission to user to use some commanf. for
example apt-get or something else.
I Think I can do it with IPA
right?
Yes, but you need to use sudo.
Step 1: configure sudo rules for ordinary user
Please follow the
On Mon, Sep 1, 2014 at 2:48 PM, Tevfik Ceydeliler
tevfik.ceydeli...@astron.yasar.com.tr wrote:
Actually All I wanna do is , give permission to user to use some commanf.
for example apt-get or something else.
I Think I can do it with IPA
right?
sure, I do it all the time. But Lukas was
I think something wrong or miss in ym configuration:
user1@clnt:~$ sudo /usr/bin/apt-get install
[sudo] password for user1:
user1 is not allowed to run sudo on clnt. This incident will be reported.
On 01-09-2014 16:05, Natxo Asenjo wrote:
On Mon, Sep 1, 2014 at 2:48 PM, Tevfik Ceydeliler
1. I think I configure instead of this document
2. I can login with ordinary user
3.
Irun the command:
ssh user1@10.1.1.174
user1@10.1.1.174's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-24-generic x86_64)
* Documentation: https://help.ubuntu.com/
Last login: Mon Sep 1
On (01/09/14 17:52), Tevfik Ceydeliler wrote:
1. I think I configure instead of this document
Sorry you didn't.
2. I can login with ordinary user
login and sudo are not the same think.
My FreeIPA server is alredy properly configured with sudo rules.
I tried to install freipa-client on ubuntu
Hello,
I've a freeipa running on fedora 20 with fedora 20 clients.
When I configure sudo with the !authenticate option, everything works fine.
ie 'sudo journalctl' works fine, you get to see the logs
However when I remove the !authenticate option the sudo command asks for a
password but it
On 09/01/2014 06:17 PM, Rob Verduijn wrote:
Hello,
I've a freeipa running on fedora 20 with fedora 20 clients.
When I configure sudo with the !authenticate option, everything works
fine.
ie 'sudo journalctl' works fine, you get to see the logs
However when I remove the !authenticate option
2014-09-01 18:47 GMT+02:00 Dmitri Pal d...@redhat.com:
On 09/01/2014 06:17 PM, Rob Verduijn wrote:
Hello,
I've a freeipa running on fedora 20 with fedora 20 clients.
When I configure sudo with the !authenticate option, everything works
fine.
ie 'sudo journalctl' works fine, you get to
I am trying to limit who can login to my macs and I'm having to stick to
what OSX will let me do.
Currently I can only limit users using the searchbase and right now it's
cn=users,cn=accounts,dc=DOMAIN,dc=com
This works fine unless I wanted to create a user that I wanted in LDAP for
other
29 matches
Mail list logo