On Fri, Jun 03, 2016 at 10:42:59PM +0200, Jan Pazdziora wrote:
>
> Hope this helps. I will likely do another writeup about this setup.
https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, R
On 03/06/16 17:00, Alexander Bokovoy wrote:
On Fri, 03 Jun 2016, lejeczek wrote:
On 03/06/16 15:22, Alexander Bokovoy wrote:
On Fri, 03 Jun 2016, lejeczek wrote:
hi users,
I have a samba and sssd trying AD, it's 7.2 Linux.
That linux box is via sssd and samba talking to AD DC
and win10
Hello,
I have a problem using sudo policy in FreeIPA when target commands use
environment variables defined on a specific local user's profile.
Here is the problem:
1- There is a client machine with local user called *srvusr .*this user has
permission to run *target_cmd*.
2- *target_cmd* is depe
Thanks a lot Jan. It works perfectly, and it is crystal-clear.
Best,
Karl
On Mon, Jun 6, 2016 at 11:13 AM, Jan Pazdziora wrote:
> On Fri, Jun 03, 2016 at 10:42:59PM +0200, Jan Pazdziora wrote:
>>
>> Hope this helps. I will likely do another writeup about this setup.
>
> https://www.adelton.com/fr
On Mon, 06 Jun 2016, lejeczek wrote:
SMB services with Kerberos require use of cifs/ service
principal. Your keytab only has host/ keys, and your AD
machine account for the does not have 'cifs/' SPN
defined. The latter is what causes smbclient -k to fail -- AD DC
doesn't know about 'cifs/' and r
Hello,
is it possible with a FreeIPA Certificate make a DANE entry in IPA DNS ?
Thanks for a answer,
--
mit freundlichen Grüßen / best regards,
Günther J. Niederwimmer
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to
dan.finkelst...@high5games.com wrote:
I didn't get the chance to clean anything up because there's truly
nothing there:
root@ipa pki]# pwd
/var/lib/pki
[root@ipa pki]# ls
[root@ipa pki]#
I think I figured out what is wrong. It is trying to add a NEW CA, not
creating a replica of the CA on
On 6.6.2016 14:59, Günther J. Niederwimmer wrote:
> Hello,
>
> is it possible with a FreeIPA Certificate make a DANE entry in IPA DNS ?
Yes, in recent versions of FreeIPA you can add TLSA records.
You have to generate the TLSA records manually, e.g. using hash-slinger:
https://admin.fedoraprojec
On 06/06/16 12:42, Alexander Bokovoy wrote:
On Mon, 06 Jun 2016, lejeczek wrote:
SMB services with Kerberos require use of
cifs/ service
principal. Your keytab only has host/ keys,
and your AD
machine account for the does not have
'cifs/' SPN
defined. The latter is what causes smbclient -k
Hello,
my apologies if the question is asked too frequently
While implementing an SSO in my environment, i have a need to integrate
with existing AD Win2008R2.
The systems i need to be included into SSO can only authorize via LDAP,
many of them have been already configured and tested against Free
dan.finkelst...@high5games.com wrote:
Swing and a miss: when setting up the replicas, we always use the
setup-ca and end the command with the replica gpg file, but it's the
setup-ca that fails as per the earlier messages. If we proceed without
setup-ca, it's fine. I'll try it without skipping
On Mon, 06 Jun 2016, lejeczek wrote:
Users mapping concept (which I do not grasp completely yet) - when
an AD client (win10) now gets to samba shares okey it is done with
AD user credentials, win client sees share like: u...@my.dom which
user is not IPA's user (there are no trusts no syncing).
Swing and a miss: when setting up the replicas, we always use the —setup-ca and
end the command with the replica gpg file, but it's the —setup-ca that fails
as per the earlier messages. If we proceed without —setup-ca, it's fine. I'll
try it without skipping the connection check, but I don't th
Hi Mitra,
I'm not sure if '-H' is the best option for this. If I'm reading the
documentation correctly, it sounds like that option only sets the value of
$HOME to ~srvusr. You may want to try:
$ sudo -u srvusr -i /path/to/target_cmd
That should run the command using a login shell for srvusr,
On Mon, Jun 06, 2016 at 06:26:43PM +0300, Serge Krawczenko wrote:
> Hello,
> my apologies if the question is asked too frequently
>
> While implementing an SSO in my environment, i have a need to integrate
> with existing AD Win2008R2.
> The systems i need to be included into SSO can only authori
On Mon, 06 Jun 2016, Serge Krawczenko wrote:
Hello,
my apologies if the question is asked too frequently
While implementing an SSO in my environment, i have a need to integrate
with existing AD Win2008R2.
The systems i need to be included into SSO can only authorize via LDAP,
many of them have
Thanks for the clarification. I tried again, but no luck. The stdout/err was:
[root@ipa ~]# ipa-ca-install /var/lib/ipa/replica-info-ipa.example.com.local.gpg
Directory Manager (existing master) password:
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30
seconds
[1/21]
Greetings Community,
I have a question about restoring the DNA Ranges on my IPA servers. A
couple of weeks ago I took down one of my servers which involved a few
issues I had created for myself, but luckily I managed to recover.
Today I noticed that the DNA Ranges on the retired server was n
By the way, I want to mention the conncheck: if I don't skip it, it tries to
ssh into the master IPA instance as 'admin@', rather than the user
(root), and fails. All other parts of the connectivity check work, however. Why
does it try to access the master as a Kerberos principal instead of the
dan.finkelst...@high5games.com wrote:
By the way, I want to mention the conncheck: if I don't skip it, it
tries to ssh into the master IPA instance as 'admin@', rather
than the user (root), and fails. All other parts of the connectivity
check work, however. Why does it try to access the master as
20 matches
Mail list logo
