Hello.
We cannot login to our IPA enrolled RHEL 5.11 host using any IPA (4.1) native
or AD trusted users.
Seems like it fails on connection to server. SSSD logs attached.
Additionally, is it ever possible now to use AD trusted users to ssh RHEL 5
servers?
Logs and sssd config attached.
WBR,
On Wed, 10 Jun 2015, Alexander Frolushkin wrote:
Hello.
We cannot login to our IPA enrolled RHEL 5.11 host using any IPA (4.1) native
or AD trusted users.
Seems like it fails on connection to server. SSSD logs attached.
Additionally, is it ever possible now to use AD trusted users to ssh RHEL 5
Okay, the situation now become completely cleared, thank you!
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
-Original Message-
From: Alexander Bokovoy [mailto:aboko...@redhat.com]
Sent: Wednesday, June 10, 2015 4:46 PM
To: Alexander Frolushkin (SIB)
Cc:
Cool, I am glad you made this working. BTW, would any of you mind volunteering
and helping the FreeIPA community with contributing a HOWTO article on how to
configure FreeIPA and Jira? It is still missing in FreeIPA.org wiki.
All we have right now is the link to this discussion, that Petr Spacek
Hello,
If I uninstall the ipa client with ipa-client-install --uninstall then
reinstall it to the same ipa master then most functions work fine.
However, if I attempt to ssh from the client to the master then I get.
@@@
@WARNING: REMOTE
This is not good at all... Firstly old sssd, now crypto issues...
Can you also say, will HBAC and SUDO in IPA work for trusted AD users on RHEL 5
servers if we will enable vulnerable tls?
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
-Original Message-
From: Alexander
On Wed, 10 Jun 2015, Alexander Frolushkin wrote:
This is not good at all... Firstly old sssd, now crypto issues...
Can you also say, will HBAC and SUDO in IPA work for trusted AD users
on RHEL 5 servers if we will enable vulnerable tls?
SSSD on RHEL 5 does not support SUDO natively, look at
Hi All
Thanks to Brian and Sandor for their input so far - this gives me another
approach to try.
From my side this is a work-in-progress report: we have got something
working, but are not quite happy with it.
Stepping back a bit: I suspect there are a number of integration approaches
that may
The /home/USER/.ssh/known_hosts file doesn't exist. It's
/var/lib/sss/pubconf/known_hosts that's the problem.
If the offending line is deleted from this file or this file is deleted
completely then it's automatically replaced and the same error occurs.
On 10/06/2015 13:55, Cory Carlton wrote:
I
I feel this is a User ssh file issue not a sssd when sshing.
the client is seeing its a different key exchange with the same IP it once
knew about, the known_hosts file on the client machine (and user) in the
.ssh folder need to be updated or wiped clean.
If you edit on the client machine
Hi,
i tried many linear combinations of setup options when i tied our JIRA to ldap.
First it was tied to openldap with user auth only.
Once we started to use IPA, i changed. Using the base config of FedoraDS
was chosen becuase IPA is based on it as well. We don't want any of our
service
hi,
Currently there are CentOS 6.5 servers and IPA 3.0.
The goal is migrating users to CentOS 7.1 and IPA 4.1.
This is the command I use:
$ ipa migrate-ds ldap://ipa11
--user-container=cn=users,cn=accounts,dc=foo
--group-container=cn=groups,cn=accounts,dc=foo --base-dn=dc=foo
Hi,
here are our working configurations. Might be useful.
We use compat tree for auth.
We use user in group matching.
We use group filter for login authorization.
We use FedoraDS as ldap connector on JIRA's side.
We don't use pw change or user create in IPA from JIRA side.
Watch out not to
FYI, that mirrors my configuration. Not sure if this was covered previously,
but for my setup, only JIRA connects to IPA. All the other atleasian products
contact JIRA for their information.
Cheers, Brian
On Jun 10, 2015, at 12:47 AM, Sandor Juhasz sjuh...@chemaxon.com wrote:
Hi,
here
On 06/10/2015 03:18 PM, Tamas Papp wrote:
hi,
Currently there are CentOS 6.5 servers and IPA 3.0.
The goal is migrating users to CentOS 7.1 and IPA 4.1.
This is the command I use:
$ ipa migrate-ds ldap://ipa11 --user-container=cn=users,cn=accounts,dc=foo
Hi Tamas
I think the general advice is to replicate rather than to migrate. I am
sure Martin K will jump in on this.
However some weeks ago, when doing a very similar move to yours, we chose
to migrate (we were misled by some very old FreeIPA docus that have since
been archived).
In our case
On (10/06/15 11:33), Bob Hinton wrote:
Hello,
If I uninstall the ipa client with ipa-client-install --uninstall then
reinstall it to the same ipa master then most functions work fine.
However, if I attempt to ssh from the client to the master then I get.
On 06/10/2015 03:32 PM, Christopher Lamb wrote:
Hi Tamas
I think the general advice is to replicate rather than to migrate. I am
sure Martin K will jump in on this.
Yes :-)
However some weeks ago, when doing a very similar move to yours, we chose
to migrate (we were misled by some very
Hi Martin and Tamas
My source was a different one, i found a hint in a ipa python file!
Luckily I documented what we did in our internal wiki. I have found the
following section:
Migration from FreeIPA 3.0.0 to FreeIPA 4.1.0
kinit admin
ipa config-mod --enable-migration=TRUE
On Wed, 10 Jun 2015, Christopher Lamb wrote:
Hi Martin and Tamas
My source was a different one, i found a hint in a ipa python file!
Luckily I documented what we did in our internal wiki. I have found the
following section:
Migration from FreeIPA 3.0.0 to FreeIPA 4.1.0
kinit admin
ipa
On 10/06/2015 14:37, Lukas Slebodnik wrote:
On (10/06/15 11:33), Bob Hinton wrote:
Hello,
If I uninstall the ipa client with ipa-client-install --uninstall then
reinstall it to the same ipa master then most functions work fine.
However, if I attempt to ssh from the client to the master then
Brian Mathis wrote:
I have renamed the default 'admin' account to something else to avoid
possible conflicts with other application accounts. However, when I try
to install a replica with ipa-replica-install, it uses 'admin' as the
username and I don't see a way to supply an alternate account
hido you know where is the path of certification file and certification key
file for clients?
From: Rob Crittenden rcrit...@redhat.com
To: mohammad sereshki mohammadseres...@yahoo.com; Freeipa-users
freeipa-users@redhat.com
Sent: Tuesday, June 9, 2015 10:29 PM
Subject: Re:
I have renamed the default 'admin' account to something else to avoid
possible conflicts with other application accounts. However, when I try to
install a replica with ipa-replica-install, it uses 'admin' as the username
and I don't see a way to supply an alternate account name to use.
I have
OK. I think the original problem wasn't what I thought it was.
The keys in /etc/ssh/*.pub on the ipamaster didn't match the ones stored
in IPA. I'm not sure how this happened, however the master is a test VM
that's been used to test ipa-backup and ipa-restore (it's a V4.1.0
master even though the
Hi,
On Tue, 9 Jun 2015, Rob Crittenden wrote:
mohammad sereshki wrote:
Would you please let me know is it possible to add suse 11 sp3 to IPA?
and how it is possible?
I'm not sure if any version of SUSE has ipa-client or freeipa-client,
but I know that 12+ has sssd. If 11 also has sssd
26 matches
Mail list logo
