Re: [Freeipa-users] hesitate to deploy freeipa

Hi Harold Perhaps you should not think of FreeIPA as a product. Perhaps a better analogy is a Product Stack. Another example would be LAMP. And as far as I can make out, the point of the FreeIPA project is to better integrate the various products that build the stack. A very important factor - at

Re: [Freeipa-users] hesitate to deploy freeipa

On 26.6.2015 09:21, Christopher Lamb wrote: > A very important factor - at least to me is this community: It is vibrant > and active, you get advice, "they" listen and change things. For example I > can think of at least 3 changes made to the documentation in the last few > months due to mistakes I

Re: [Freeipa-users] hesitate to deploy freeipa

I've found that if you are setting up a new environment from scratch which is mostly going to involve RHEL/Fedora systems, and that you have full control over your network including DNS, DHCP etc., it should mostly be smooth sailing. However, if you already have a network of old and new machines ru

[Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

I installed ipa-client on centos 6.6 32 bit and it installed correctly but there was no /etc/sssd/sssd.conf file ..I read through forums that you can copy another sssd.conf file from another machine but this is what im getting when I try to start sssd (Fri Jun 26 10:55:12:934690 2015) [sssd

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

On Fri, Jun 26, 2015 at 09:18:17AM +, Martin Chamambo wrote: > I installed ipa-client on centos 6.6 32 bit and it installed correctly but > there was no /etc/sssd/sssd.conf file ..I read through forums that you > can copy another sssd.conf file from another machine but this is what im >

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

This is my sssd.conf file and I have that config_file_version = 2 [root@server sssd]# vim sssd.conf [domain/ai.co.zw] debug_level = 10 cache_credentials = True krb5_store_password_if_offline = True ipa_domain = ai.co.zw id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname =

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

On Fri, Jun 26, 2015 at 09:32:43AM +, Martin Chamambo wrote: > This is my sssd.conf file and I have that config_file_version = 2 Is the config file owned by root.root and does it have 0600 permissions? Are there any AVC denials? > > [root@server sssd]# vim sssd.conf > > [domain/ai.co.zw]

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

[root@nimbus sssd]# ls -l sssd.conf -rw--- 1 root root 809 Jun 26 11:20 sssd.conf [root@nimbus sssd]# And the permissions are 0600 and SELINUX IS DISABLED -Original Message- From: Jakub Hrozek [mailto:jhro...@redhat.com] Sent: Friday, June 26, 2015 11:42 AM To: Martin Chamambo Cc: f

Re: [Freeipa-users] hesitate to deploy freeipa

hi, On Wed, Jun 24, 2015 at 9:06 AM, Harald Dunkel wrote: > Hi folks, > > I have a general problem with freeipa: It is *highly* complex > and depends upon too many systems working together correctly > (IMHO). > > My concern is, if there is a problem, then the usual tools > following the Unix par

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

On Fri, Jun 26, 2015 at 10:00:38AM +, Martin Chamambo wrote: > [root@nimbus sssd]# ls -l sssd.conf > -rw--- 1 root root 809 Jun 26 11:20 sssd.conf > [root@nimbus sssd]# > > And the permissions are 0600 and SELINUX IS DISABLED Can you send me the file in attachment, ideally in a tarball s

Re: [Freeipa-users] hesitate to deploy freeipa

On (26/06/15 01:29), Prasun Gera wrote: >I've found that if you are setting up a new environment from scratch which >is mostly going to involve RHEL/Fedora systems, and that you have full >control over your network including DNS, DHCP etc., it should mostly be >smooth sailing. However, if you alrea

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

On Fri, Jun 26, 2015 at 10:20:19AM +, Martin Chamambo wrote: > Find file attached OK, this looks good. Are you sure the file is at the correct location? (/etc/sssd/sssd.conf) Can you run "strace sssd -i" to see which file is sssd opening? -- Manage your subscription for the Freeipa-users

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

On (26/06/15 09:32), Martin Chamambo wrote: >This is my sssd.conf file and I have that config_file_version = 2 > >[root@server sssd]# vim sssd.conf > > [domain/ai.co.zw] > >debug_level = 10 >cache_credentials = True >krb5_store_password_if_offline = True >ipa_domain = ai.co.zw >id_provider = ipa >

Re: [Freeipa-users] SSSD FAILING TO START ON CENTOS 6.6 32BIT

On Fri, Jun 26, 2015 at 10:20:19AM +, Martin Chamambo wrote: > Find file attached Also please try to remove the databases to make sure no old db is around: rm -f /var/lib/sss/db/* -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-users] hesitate to deploy freeipa

On 26.6.2015 12:18, Lukas Slebodnik wrote: > On (26/06/15 01:29), Prasun Gera wrote: >> I've found that if you are setting up a new environment from scratch which >> is mostly going to involve RHEL/Fedora systems, and that you have full >> control over your network including DNS, DHCP etc., it shou

Re: [Freeipa-users] hesitate to deploy freeipa

On (26/06/15 12:48), Petr Spacek wrote: >On 26.6.2015 12:18, Lukas Slebodnik wrote: >> On (26/06/15 01:29), Prasun Gera wrote: >>> I've found that if you are setting up a new environment from scratch which >>> is mostly going to involve RHEL/Fedora systems, and that you have full >>> control over y

Re: [Freeipa-users] UPN suffixes in AD trust

On Thu, Jun 25, 2015 at 07:00:34PM +0200, Giorgio Biacchi wrote: > On 06/25/2015 05:44 PM, Sumit Bose wrote: > > On Thu, Jun 25, 2015 at 04:29:37PM +0200, Giorgio Biacchi wrote: > >> On 06/25/2015 02:10 PM, Sumit Bose wrote: > >>> On Thu, Jun 25, 2015 at 01:06:22PM +0200, Giorgio Biacchi wrote: > >

Re: [Freeipa-users] UPN suffixes in AD trust

On 06/26/2015 02:38 PM, Sumit Bose wrote: > On Thu, Jun 25, 2015 at 07:00:34PM +0200, Giorgio Biacchi wrote: >> On 06/25/2015 05:44 PM, Sumit Bose wrote: >>> On Thu, Jun 25, 2015 at 04:29:37PM +0200, Giorgio Biacchi wrote: On 06/25/2015 02:10 PM, Sumit Bose wrote: > On Thu, Jun 25, 2015

Re: [Freeipa-users] hesitate to deploy freeipa

> > More importantly, ipa-client-install is just a thin configuration tool. If > ipa-client-install is not available on your platform you can configure > everything manually and it will work (as long as the client is > standard-compliant). > > I.e. the client side is *in the worst case* (without ip

Re: [Freeipa-users] UPN suffixes in AD trust

On Fri, Jun 26, 2015 at 04:34:05PM +0200, Giorgio Biacchi wrote: > > > On 06/26/2015 02:38 PM, Sumit Bose wrote: > > On Thu, Jun 25, 2015 at 07:00:34PM +0200, Giorgio Biacchi wrote: > >> On 06/25/2015 05:44 PM, Sumit Bose wrote: > >>> On Thu, Jun 25, 2015 at 04:29:37PM +0200, Giorgio Biacchi wrot

Re: [Freeipa-users] Question for AD trust and Webservices

On 06/23/2015 03:02 PM, Alexander Bokovoy wrote: On Tue, 23 Jun 2015, Dmitri Pal wrote: On 06/17/2015 09:56 AM, Alexander Bokovoy wrote: On Wed, 17 Jun 2015, Henry Hofmann wrote: Ok, how can I configure the map of source attributes (mail or any other) to compat tree? Go back in archives in thi

Re: [Freeipa-users] username case sensitivity

On 05/18/2015 06:16 AM, Andy Thompson wrote: -Original Message- From: Jakub Hrozek [mailto:jhro...@redhat.com] Sent: Monday, May 18, 2015 4:07 AM To: Andy Thompson Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] username case sensitivity On Sun, May 17, 2015 at 10:26:45PM +

Re: [Freeipa-users] Apache htaccess replacement

On 05/19/2015 05:29 AM, thewebbie wrote: My requirements is to replace dozens of htaccess folders on one server. Each folder requiring a user group. So Host based will not work in this case Matthew Feinberg On May 19, 2015 4:03 AM, "Jan Pazdziora" > wrote:

Re: [Freeipa-users] compat settings

On 05/21/2015 02:59 AM, Rudolf Gabler wrote: Hi to whom it may concern, we used for many years a 2 location policy to separate email users from unix users in order to not using the same passwords. So we had 2 trees in our LDAP with the same user but different passwords. Sorry for reviving

Re: [Freeipa-users] Question for AD trust and Webservices

- Original Message - > On 06/23/2015 03:02 PM, Alexander Bokovoy wrote: > > On Tue, 23 Jun 2015, Dmitri Pal wrote: > >> On 06/17/2015 09:56 AM, Alexander Bokovoy wrote: > >>> On Wed, 17 Jun 2015, Henry Hofmann wrote: > Ok, how can I configure the map of source attributes (mail or any

[Freeipa-users] Using FreeIPA OTP in a PAM module

Hi , I'm exploring implementing a 2FA solution to my servers exposed to public. Mainly to secure SSH with 2FA. The SSH keys and users are already in FreeIPA. Is there a way to utilize the OTP inside FreeIPA during a user login to these servers ? A user will have to enter the TOTP code bases on wh

Re: [Freeipa-users] Using FreeIPA OTP in a PAM module

- Original Message - > Hi , > > I'm exploring implementing a 2FA solution to my servers exposed to public. > Mainly to secure SSH with 2FA. The SSH keys and users are already in > FreeIPA. > > Is there a way to utilize the OTP inside FreeIPA during a user login to these > servers ? A us