Re: [Freeipa-users] Help understanding issue with CentOS freeipa sudo host groups

2015-11-18 Thread Sparks, Alan
>> [root@als-centos0002 sys-ops]# nisdomainname >> dakar.useast.hpcloud.net >> >> [root@als-centos0002 sys-ops]# getent netgroup opsauto >> opsauto >> (als-ubuntu0001.oa.ftc.hpelabs.net,-,eucalyptus.internal) >> (als-centos0002.dakar.useast.hpcloud.net,-,eucalyptus.internal) >

[Freeipa-users] Help understanding issue with CentOS freeipa sudo host groups

2015-11-18 Thread Sparks, Alan
I still can't find the problem after a lot of searching, can someone give me a little advice? Assembling a POC of FreeIPA 4.1.0 server (stock CentOS-7 packages) and a CentOS 6.7 server with their stock 3.0.0 packages. Sudo version on the client is sudo-1.8.6p3. Have created a general sudo

Re: [Freeipa-users] Help understanding issue with CentOS freeipa sudo host groups

2015-11-18 Thread Rob Crittenden
Sparks, Alan wrote: > I still can’t find the problem after a lot of searching, can someone > give me a little advice? Assembling a POC of FreeIPA 4.1.0 server > (stock CentOS-7 packages) and a CentOS 6.7 server with their stock 3.0.0 > packages. Sudo version on the client is sudo-1.8.6p3. >

Re: [Freeipa-users] service account for ovirt

2015-11-18 Thread Rob Verduijn
2015-11-18 15:51 GMT+01:00 Martin Kosek : > On 11/18/2015 08:23 AM, Rob Verduijn wrote: >> Hello all, >> >> I've read a lot regarding service accounts on this mailinglist in the past. >> But it's rather unclear to me what is the current preffered method to >> create a service

Re: [Freeipa-users] Sudo Rules Help (SOLVED)

2015-11-18 Thread Branden Coates
I was able to track down the issues with Cent 5 and the sudo rules. I do not fully understand why, but I assume it has to do with being able to determine the hostname from the fqdn. I ended up having to add the following line to the /etc/sysctl.conf file: nkernel.domainname = Our domain for

[Freeipa-users] Invalid UID in persistent keyring name while getting default cache. on OEL 7.1

2015-11-18 Thread Christopher Lamb
I have a newly installed OEL 7.1 server (7.0 DVD, then yum updated to 7.1) The ipa-client is installed, making this server an ipa host. > getent passwd is successful for ipa users. -->OK However I cannot log on to the host with ipa users (direct or ssh). -->NOT OK When logged on as

Re: [Freeipa-users] FreeIPA Internal Server Error

2015-11-18 Thread Rob Crittenden
Unknown wrote: > I'm new here so first of all want to say hello to everyone. > > I'm implementing FreeIPA in our environment. Everything was fine till i > figure out listing of one domain stops working. When im trying to list > zone via web panel i'm getting "Internal Server Error". It is

Re: [Freeipa-users] Invalid UID in persistent keyring name while getting default cache. on OEL 7.1

2015-11-18 Thread Jakub Hrozek
On Wed, Nov 18, 2015 at 04:34:39PM +0100, Christopher Lamb wrote: > > I have a newly installed OEL 7.1 server (7.0 DVD, then yum updated to 7.1) > The ipa-client is installed, making this server an ipa host. > > > > > getent passwd > > is successful for ipa users. -->OK > > However I

Re: [Freeipa-users] Help understanding issue with CentOS freeipa sudo host groups

2015-11-18 Thread Rob Crittenden
Sparks, Alan wrote: > >>> [root@als-centos0002 sys-ops]# nisdomainname >>> dakar.useast.hpcloud.net >>> >>> [root@als-centos0002 sys-ops]# getent netgroup opsauto >>> opsauto >>> (als-ubuntu0001.oa.ftc.hpelabs.net,-,eucalyptus.internal) >>>

Re: [Freeipa-users] service account for ovirt

2015-11-18 Thread Martin Kosek
On 11/18/2015 04:27 PM, Rob Verduijn wrote: 2015-11-18 15:51 GMT+01:00 Martin Kosek : On 11/18/2015 08:23 AM, Rob Verduijn wrote: Hello all, I've read a lot regarding service accounts on this mailinglist in the past. But it's rather unclear to me what is the current

[Freeipa-users] Active Directory Integration and limitations

2015-11-18 Thread Domineaux Philippe
Here is my environment : 1 Windows Domain Windows workstations Windows servers Multiple linux domains Linux workstations Linux servers Here is my goal : All users are centralized in the Active Directory. Users will authenticate on linux workstations with their AD accounts ( using POSIX

Re: [Freeipa-users] Restricting access to unencrypted LDAP connections

2015-11-18 Thread Prashant Bapat
Exactly what I was looking for! Thank you!! On 18 November 2015 at 13:26, Ludwig Krispenz wrote: > you could set minssf: > >

Re: [Freeipa-users] service account for ovirt

2015-11-18 Thread Martin Kosek
On 11/18/2015 08:23 AM, Rob Verduijn wrote: > Hello all, > > I've read a lot regarding service accounts on this mailinglist in the past. > But it's rather unclear to me what is the current preffered method to > create a service account for a service running on a different machine. > > In this

[Freeipa-users] General guidance

2015-11-18 Thread Tushar Sharma
Sir/Mam Greeting for the day. I am planing to use freeipa for identity access management for our office network. Currently we are not using any identity or access management software for our users and servers. We have around 200 systems (approx. 120 linux , 70 windows and 5 mac systems.) I

[Freeipa-users] FreeIPA Internal Server Error

2015-11-18 Thread Unknown
I'm new here so first of all want to say hello to everyone. I'm implementing FreeIPA in our environment. Everything was fine till i figure out listing of one domain stops working. When im trying to list zone via web panel i'm getting "Internal Server Error". It is happening only for default one

[Freeipa-users] service account for ovirt

2015-11-18 Thread Rob Verduijn
Hello all, I've read a lot regarding service accounts on this mailinglist in the past. But it's rather unclear to me what is the current preffered method to create a service account for a service running on a different machine. In this case it would be a service account for ovirt so that