I added the correct logfiles now - sorry!
On linux1.linux.intern
1.) service sssd stop; rm -f /var/lib/sss/db/* ; service sssd start
2.) getent passwd user1@aaa
Logfile sssd_linux.intern.log
(Wed Sep 10 17:04:24 2014) [sssd[be[linux.intern]]] [sbus_dispatch]
(0x4000): dbus conn: 235
Trying to do some testing with 4.0.2-1 on FC22/rawhide -- the install
blows up:
Configuring directory server (dirsrv): Estimated time 10 seconds
[1/3]: configuring ssl for ds instance
[2/3]: restarting directory server
ipa : CRITICAL Failed to restart the directory server. See the
i
On 09/10/2014 10:02 AM, Kat wrote:
Trying to do some testing with 4.0.2-1 on FC22/rawhide -- the install
blows up:
Configuring directory server (dirsrv): Estimated time 10 seconds
[1/3]: configuring ssl for ds instance
[2/3]: restarting directory server
ipa : CRITICAL Failed to rest
Hi there,
Hi there any quick way to force the ticket type obtained by kinit to
des3-cbc-sha1?
Regards,
Darran Lofthouse.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Darran Lofthouse wrote:
> Hi there,
>
> Hi there any quick way to force the ticket type obtained by kinit to
> des3-cbc-sha1?
For all users everywhere, on a particular host, or for a particular
application?
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.
This is just for testing, ideally for one user but will take anything ;-)
On 10/09/14 18:16, Rob Crittenden wrote:
Darran Lofthouse wrote:
Hi there,
Hi there any quick way to force the ticket type obtained by kinit to
des3-cbc-sha1?
For all users everywhere, on a particular host, or for a pa
Actually ignore me for a minute, I may be looking at this from the wrong
side !!
On 10/09/14 18:24, Darran Lofthouse wrote:
This is just for testing, ideally for one user but will take anything ;-)
On 10/09/14 18:16, Rob Crittenden wrote:
Darran Lofthouse wrote:
Hi there,
Hi there any quick
Thanks, was looking at the wrong side - just needed to re-export the
keytab for my service using des3-cbc-sha1 instead.
On 10/09/14 18:31, Darran Lofthouse wrote:
Actually ignore me for a minute, I may be looking at this from the wrong
side !!
On 10/09/14 18:24, Darran Lofthouse wrote:
This
Hi List
I've been following the AD integration guide for IPAv3 here:
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup
However, when I reach the "Add trust with AD domain" step I get the
following error:
---
[root@ipa ~]# ipa trust-add --type=ad mhatest.local --admin Administrator
--password
On Thu, 11 Sep 2014, Traiano Welcome wrote:
Hi List
I've been following the AD integration guide for IPAv3 here:
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup
However, when I reach the "Add trust with AD domain" step I get the
following error:
---
[root@ipa ~]# ipa trust-add --type=ad
Hi all:
I'm using FreeIPA 3.0 under CentOS 6.5 and I'm trying to solve a bit of a quirky
problem. From what I've read thus far, sudo under SSSD can't provide sudo rules
for local users that are not part of the directory. To get around this, I've
been
using the sudo-ldap.conf file to provide sudo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello list,
I have been fruitlessly searching for some information, especially
related to Certs, namely how to replace the self signed certs with
certs from a trusted CA? As we are moving forward into
productionizing of our free-ipa install, I am f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi List,
I am looking into changing the branding on the free-ipa GUI interface.
This is something that is being requested by my management,
considering that we are asking users to trust an e-mail prodding them
to change their password. I don't see
Search the list for a post by me and certs... Basically there is a install
flag that will do all the work for you once you have it the cert in the
right format.
On Sep 10, 2014 5:53 PM, "William Graboyes" wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hello list,
>
> I have been
hi All,
Is there an offficial API documentation available?
Also is there a simple way to logon and run commands through API without
a kerberos ticket?
Thanks,
tamas
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To ht
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Chris,
Thank you for the suggestion. Looking at
http://www.redhat.com/archives/freeipa-users/2014-August/msg00334.html
Installing a new, third party cert requires a reinstall of IPA? IPA
Devs, that is a bit silly don't you think? A year or two
There is other instructions but I could never get a fully successful setup
until the that one.
On Sep 10, 2014 6:26 PM, "William Graboyes" wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi Chris,
>
> Thank you for the suggestion. Looking at
> http://www.redhat.com/archives/freeipa
On 09/10/2014 05:31 PM, Alexander Bokovoy wrote:
On Thu, 11 Sep 2014, Traiano Welcome wrote:
Hi List
I've been following the AD integration guide for IPAv3 here:
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup
However, when I reach the "Add trust with AD domain" step I get the
following
On 09/10/2014 06:52 PM, William Graboyes wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi List,
I am looking into changing the branding on the free-ipa GUI interface.
This is something that is being requested by my management,
considering that we are asking users to trust an e-mail p
On 09/10/2014 06:50 PM, William Graboyes wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello list,
I have been fruitlessly searching for some information, especially
related to Certs, namely how to replace the self signed certs with
certs from a trusted CA?
This is an install time deci
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Dmitri,
Production Environment is going to be RH 6.5, We are still evaluating
the usage of systemd. More like we are taking a wait and see approach
to to systemd, while actively testing it.
Thanks,
Bill
On Wed Sep 10 16:49:24 2014, Dmitri Pal
On 09/10/2014 07:49 PM, William Graboyes wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Dimitri,
Yeah just the logo should do, I believe I found it at
`/usr/share/ipa/ui/images/ipa-logo.png`. I am more just making sure it
is allowed.
I do not know what you mean.
Yes it is allowed.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Dimitri,
Yeah just the logo should do, I believe I found it at
`/usr/share/ipa/ui/images/ipa-logo.png`. I am more just making sure it
is allowed.
Thanks,
Bill
On Wed Sep 10 16:42:29 2014, Dmitri Pal wrote:
> On 09/10/2014 06:52 PM, William Gra
On 09/10/2014 07:57 PM, William Graboyes wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Dmitri,
Production Environment is going to be RH 6.5, We are still evaluating
the usage of systemd. More like we are taking a wait and see approach
to to systemd, while actively testing it.
The
On 09/10/2014 07:26 PM, William Graboyes wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Chris,
Thank you for the suggestion. Looking at
http://www.redhat.com/archives/freeipa-users/2014-August/msg00334.html
Installing a new, third party cert requires a reinstall of IPA? IPA
Devs, t
On 09/10/2014 07:10 PM, Tamas Papp wrote:
hi All,
Is there an offficial API documentation available?
Unfortunately not much. You can search archives and find some
recommendations that helped people in the past.
https://www.redhat.com/archives/freeipa-users/2013-January/msg00109.html
We also
Dmitri Pal wrote:
> On 09/10/2014 07:57 PM, William Graboyes wrote:
> Hi Dmitri,
>
> Production Environment is going to be RH 6.5, We are still evaluating
> the usage of systemd. More like we are taking a wait and see approach
> to to systemd, while actively testing it.
>> The command line option
Kat wrote:
> Trying to do some testing with 4.0.2-1 on FC22/rawhide -- the install
> blows up:
>
> Configuring directory server (dirsrv): Estimated time 10 seconds
> [1/3]: configuring ssl for ds instance
> [2/3]: restarting directory server
> ipa : CRITICAL Failed to restart the direc
28 matches
Mail list logo
