Re: [Freeipa-users] hesitate to deploy freeipa

2015-06-26 Thread Christopher Lamb
Hi Harold Perhaps you should not think of FreeIPA as a product. Perhaps a better analogy is a Product Stack. Another example would be LAMP. And as far as I can make out, the point of the FreeIPA project is to better integrate the various products that build the stack. A very important factor -

Re: [Freeipa-users] hesitate to deploy freeipa

2015-06-26 Thread Petr Spacek
On 26.6.2015 09:21, Christopher Lamb wrote: A very important factor - at least to me is this community: It is vibrant and active, you get advice, they listen and change things. For example I can think of at least 3 changes made to the documentation in the last few months due to mistakes I had

Re: [Freeipa-users] hesitate to deploy freeipa

2015-06-26 Thread Prasun Gera
I've found that if you are setting up a new environment from scratch which is mostly going to involve RHEL/Fedora systems, and that you have full control over your network including DNS, DHCP etc., it should mostly be smooth sailing. However, if you already have a network of old and new machines

Re: [Freeipa-users] UPN suffixes in AD trust

2015-06-26 Thread Giorgio Biacchi
On 06/26/2015 02:38 PM, Sumit Bose wrote: On Thu, Jun 25, 2015 at 07:00:34PM +0200, Giorgio Biacchi wrote: On 06/25/2015 05:44 PM, Sumit Bose wrote: On Thu, Jun 25, 2015 at 04:29:37PM +0200, Giorgio Biacchi wrote: On 06/25/2015 02:10 PM, Sumit Bose wrote: On Thu, Jun 25, 2015 at 01:06:22PM

Re: [Freeipa-users] hesitate to deploy freeipa

2015-06-26 Thread Lukas Slebodnik
On (26/06/15 12:48), Petr Spacek wrote: On 26.6.2015 12:18, Lukas Slebodnik wrote: On (26/06/15 01:29), Prasun Gera wrote: I've found that if you are setting up a new environment from scratch which is mostly going to involve RHEL/Fedora systems, and that you have full control over your network

Re: [Freeipa-users] hesitate to deploy freeipa

2015-06-26 Thread Prasun Gera
More importantly, ipa-client-install is just a thin configuration tool. If ipa-client-install is not available on your platform you can configure everything manually and it will work (as long as the client is standard-compliant). I.e. the client side is *in the worst case* (without

Re: [Freeipa-users] UPN suffixes in AD trust

2015-06-26 Thread Sumit Bose
On Fri, Jun 26, 2015 at 04:34:05PM +0200, Giorgio Biacchi wrote: On 06/26/2015 02:38 PM, Sumit Bose wrote: On Thu, Jun 25, 2015 at 07:00:34PM +0200, Giorgio Biacchi wrote: On 06/25/2015 05:44 PM, Sumit Bose wrote: On Thu, Jun 25, 2015 at 04:29:37PM +0200, Giorgio Biacchi wrote: On

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

2015-06-26 Thread Martin Chamambo
[root@nimbus sssd]# ls -l sssd.conf -rw--- 1 root root 809 Jun 26 11:20 sssd.conf [root@nimbus sssd]# And the permissions are 0600 and SELINUX IS DISABLED -Original Message- From: Jakub Hrozek [mailto:jhro...@redhat.com] Sent: Friday, June 26, 2015 11:42 AM To: Martin Chamambo Cc:

Re: [Freeipa-users] hesitate to deploy freeipa

2015-06-26 Thread Natxo Asenjo
hi, On Wed, Jun 24, 2015 at 9:06 AM, Harald Dunkel harald.dun...@aixigo.de wrote: Hi folks, I have a general problem with freeipa: It is *highly* complex and depends upon too many systems working together correctly (IMHO). My concern is, if there is a problem, then the usual tools

Re: [Freeipa-users] Question for AD trust and Webservices

2015-06-26 Thread Dmitri Pal
On 06/23/2015 03:02 PM, Alexander Bokovoy wrote: On Tue, 23 Jun 2015, Dmitri Pal wrote: On 06/17/2015 09:56 AM, Alexander Bokovoy wrote: On Wed, 17 Jun 2015, Henry Hofmann wrote: Ok, how can I configure the map of source attributes (mail or any other) to compat tree? Go back in archives in

Re: [Freeipa-users] username case sensitivity

2015-06-26 Thread Dmitri Pal
On 05/18/2015 06:16 AM, Andy Thompson wrote: -Original Message- From: Jakub Hrozek [mailto:jhro...@redhat.com] Sent: Monday, May 18, 2015 4:07 AM To: Andy Thompson Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] username case sensitivity On Sun, May 17, 2015 at 10:26:45PM

Re: [Freeipa-users] Apache htaccess replacement

2015-06-26 Thread Dmitri Pal
On 05/19/2015 05:29 AM, thewebbie wrote: My requirements is to replace dozens of htaccess folders on one server. Each folder requiring a user group. So Host based will not work in this case Matthew Feinberg On May 19, 2015 4:03 AM, Jan Pazdziora jpazdzi...@redhat.com

Re: [Freeipa-users] compat settings

2015-06-26 Thread Dmitri Pal
On 05/21/2015 02:59 AM, Rudolf Gabler wrote: Hi to whom it may concern, we used for many years a 2 location policy to separate email users from unix users in order to not using the same passwords. So we had 2 trees in our LDAP with the same user but different passwords. Sorry for reviving

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

2015-06-26 Thread Martin Chamambo
This is my sssd.conf file and I have that config_file_version = 2 [root@server sssd]# vim sssd.conf [domain/ai.co.zw] debug_level = 10 cache_credentials = True krb5_store_password_if_offline = True ipa_domain = ai.co.zw id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

2015-06-26 Thread Jakub Hrozek
On Fri, Jun 26, 2015 at 09:18:17AM +, Martin Chamambo wrote: I installed ipa-client on centos 6.6 32 bit and it installed correctly but there was no /etc/sssd/sssd.conf file ..I read through forums that you can copy another sssd.conf file from another machine but this is what im

Re: [Freeipa-users] Question for AD trust and Webservices

2015-06-26 Thread Alexander Bokovoy
- Original Message - On 06/23/2015 03:02 PM, Alexander Bokovoy wrote: On Tue, 23 Jun 2015, Dmitri Pal wrote: On 06/17/2015 09:56 AM, Alexander Bokovoy wrote: On Wed, 17 Jun 2015, Henry Hofmann wrote: Ok, how can I configure the map of source attributes (mail or any other) to

[Freeipa-users] Using FreeIPA OTP in a PAM module

2015-06-26 Thread Prashant Bapat
Hi , I'm exploring implementing a 2FA solution to my servers exposed to public. Mainly to secure SSH with 2FA. The SSH keys and users are already in FreeIPA. Is there a way to utilize the OTP inside FreeIPA during a user login to these servers ? A user will have to enter the TOTP code bases on

Re: [Freeipa-users] Using FreeIPA OTP in a PAM module

2015-06-26 Thread Alexander Bokovoy
- Original Message - Hi , I'm exploring implementing a 2FA solution to my servers exposed to public. Mainly to secure SSH with 2FA. The SSH keys and users are already in FreeIPA. Is there a way to utilize the OTP inside FreeIPA during a user login to these servers ? A user will

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

2015-06-26 Thread Jakub Hrozek
On Fri, Jun 26, 2015 at 10:00:38AM +, Martin Chamambo wrote: [root@nimbus sssd]# ls -l sssd.conf -rw--- 1 root root 809 Jun 26 11:20 sssd.conf [root@nimbus sssd]# And the permissions are 0600 and SELINUX IS DISABLED Can you send me the file in attachment, ideally in a tarball so we

Re: [Freeipa-users] UPN suffixes in AD trust

2015-06-26 Thread Sumit Bose
On Thu, Jun 25, 2015 at 07:00:34PM +0200, Giorgio Biacchi wrote: On 06/25/2015 05:44 PM, Sumit Bose wrote: On Thu, Jun 25, 2015 at 04:29:37PM +0200, Giorgio Biacchi wrote: On 06/25/2015 02:10 PM, Sumit Bose wrote: On Thu, Jun 25, 2015 at 01:06:22PM +0200, Giorgio Biacchi wrote: On

Re: [Freeipa-users] hesitate to deploy freeipa

2015-06-26 Thread Lukas Slebodnik
On (26/06/15 01:29), Prasun Gera wrote: I've found that if you are setting up a new environment from scratch which is mostly going to involve RHEL/Fedora systems, and that you have full control over your network including DNS, DHCP etc., it should mostly be smooth sailing. However, if you already

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

2015-06-26 Thread Jakub Hrozek
On Fri, Jun 26, 2015 at 10:20:19AM +, Martin Chamambo wrote: Find file attached Also please try to remove the databases to make sure no old db is around: rm -f /var/lib/sss/db/* -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

2015-06-26 Thread Lukas Slebodnik
On (26/06/15 09:32), Martin Chamambo wrote: This is my sssd.conf file and I have that config_file_version = 2 [root@server sssd]# vim sssd.conf [domain/ai.co.zw] debug_level = 10 cache_credentials = True krb5_store_password_if_offline = True ipa_domain = ai.co.zw id_provider = ipa

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

2015-06-26 Thread Jakub Hrozek
On Fri, Jun 26, 2015 at 10:20:19AM +, Martin Chamambo wrote: Find file attached OK, this looks good. Are you sure the file is at the correct location? (/etc/sssd/sssd.conf) Can you run strace sssd -i to see which file is sssd opening? -- Manage your subscription for the Freeipa-users

Re: [Freeipa-users] hesitate to deploy freeipa

2015-06-26 Thread Petr Spacek
On 26.6.2015 12:18, Lukas Slebodnik wrote: On (26/06/15 01:29), Prasun Gera wrote: I've found that if you are setting up a new environment from scratch which is mostly going to involve RHEL/Fedora systems, and that you have full control over your network including DNS, DHCP etc., it should