Re: [Freeipa-users] FreeOTP

Hi all, "So it looks a bit like a libverto 32bit issue"; any news or progress on this? Bugzilla? Winny Op 09-06-16 om 18:51 schreef Sumit Bose: On Thu, Jun 09, 2016 at 08:42:59AM -0400, Nathaniel McCallum wrote: On Thu, 2016-06-09 at 10:46 +0200, Sumit Bose wrote: On Thu, Jun 09, 2016 at

Re: [Freeipa-users] FreeOTP

On Thu, Jun 16, 2016 at 10:28:41AM +0200, Winfried de Heiden wrote: > Hi all, > > "So it looks a bit like a libverto 32bit issue"; any news or progress on > this? Bugzilla? sorry for the delay, but I'm currently busy with other items. I can come back to you on this issue early next week. Btw,

[Freeipa-users] Read-only access to enforce OTP

Hi, I'm writing a small script which will scan all the users and check if each one has setup an OTP. It will send out an email to the user if OTP is missing. I added a new entry * uid=otp-check-ro,cn=sysaccounts,cn=etc,dc=example,dc=com*. Problem is I'm able to read all the users attributes but

[Freeipa-users] IPA, Samba and how can a Windows client access it

Hi, first i thought, it is an awkward question, but my smart colleague here also cannot help me, so i try it: I read this and i have installed it: "Howto/Integrating a Samba File Server With IPA" http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA This is working as

[Freeipa-users] ipa-ods-exporter failed ?

Hello on my system the ods-exporter i mean have a problem. I have this in the logs CentOS 7.(2) ipa 4.3.1 Jun 16 11:37:25 ipa systemd: ipa-ods-exporter.service holdoff time over, scheduling restart. Jun 16 11:37:25 ipa systemd: Started IPA OpenDNSSEC Signer replacement. Jun 16 11:37:25 ipa

Re: [Freeipa-users] IPA, Samba and how can a Windows client access it

Hi Detlev If I have understood you correctly, you want to let Windows users access Samba "shares" using their IPA username/passwords? If so it is possible. We have both Windows and OSX workstations accessing unix fileshares like that. We did it more or less along the lines described here:

Re: [Freeipa-users] CentOS 7.2 Certificate Issue with chrome

On 16.06.2016 06:40, Outback Dingo wrote: Freshly installed IPA went to the web ui and got this in google chrome This site can’t provide a secure connection ipa3.optimcloud.com doesn't adhere to security standards. ERR_SSL_SERVER_CERT_BAD_FORMAT Hello, I

Re: [Freeipa-users] CA: IPA certificates not renewing

Thanks Rob, Any suggestions on how make the CA aware of the current serial number? Also started seeing the following error from two of the servers, spider01b and spider01o, but not spider01a when to navigate in the web gui. Though it doesn't appear to stop me from doing anything. IPA Error

Re: [Freeipa-users] IPA, Samba and how can a Windows client access it

Thank you, i found an old post from you with this smb.conf: security = user passdb backend = ldapsam:ldap://ldap.my.example.com ldap suffix = dc=my,dc=example,dc=com ldap admin dn = cn=Directory Manager ldap ssl = off Is this still working with Samba 4.x und IPA 4.x? I will try it soon.

Re: [Freeipa-users] IPA, Samba and how can a Windows client access it

HI Detlev Yes we have it working with Samba 4.x and IPA 4.x, pretty much as described in the techslaves article. I did intend to write a "how-to", but 1000 other things took over ... I made some notes at the time, which I will try and dig out. We did not use ipa-adtrust-install, so I can't

[Freeipa-users] LDAPS for AD trust?

Hello, Is it possible to force LDAPS instead of LDAP when connecting to the client's AD domain in a trust situation? I'm sure that the _ldaps SRV must be added to AD (AD doesn't have one by default). It's not clear, though, whether I can make SSSD request the _ldaps SRV record. I tried setting

Re: [Freeipa-users] ipa-ods-exporter failed ?

On (16/06/16 11:54), Günther J. Niederwimmer wrote: >Hello > >on my system the ods-exporter i mean have a problem. > >I have this in the logs >CentOS 7.(2) ipa 4.3.1 > >Jun 16 11:37:25 ipa systemd: ipa-ods-exporter.service holdoff time over, >scheduling restart. >Jun 16 11:37:25 ipa systemd:

Re: [Freeipa-users] CentOS 7, FreeIPA 4.2: slapd crashes soon after launch

dan.finkelst...@high5games.com wrote: Our FreeIPA master was working fine for about a day and then, apropos of nothing, the LDAP component started to crash with nary an error message. Obviously, with it down we can log into the WebUI nor can we query the status of the components or retrieve

Re: [Freeipa-users] CA: IPA certificates not renewing

Marc Wiatrowski wrote: Thanks Rob, Any suggestions on how make the CA aware of the current serial number? Serial numbers are dolled out like uid numbers, by the 389-ds DNA Plugin. So each CA that has ever issued a certificate has its own range, hence the quite different serial number

Re: [Freeipa-users] Read-only access to enforce OTP

On 06/16/2016 11:00 AM, Prashant Bapat wrote: > Hi, > > I'm writing a small script which will scan all the users and check if each > one > has setup an OTP. It will send out an email to the user if OTP is missing. > > I added a new entry / >

Re: [Freeipa-users] FreeIPA – AD Trust Integration Option

Saqib N Ali wrote: Hi Alexander, I understand that with Trust to AD, we can use AD for System of Records for the User Accounts. We do want IPA to maintain the policies, but just want to use SunLDAP instead of 389 Directory Server for storing the policies. From Enterprise Architecture point of

Re: [Freeipa-users] FreeIPA – AD Trust Integration Option

Hi Alexander, I understand that with Trust to AD, we can use AD for System of Records for the User Accounts. We do want IPA to maintain the policies, but just want to use SunLDAP instead of 389 Directory Server for storing the policies. From Enterprise Architecture point of view, 389 Directory

Re: [Freeipa-users] FreeIPA – AD Trust Integration Option

Rob, is there a architecture document/diagram that describes how 389-ds in the FreeIPA w/ AD Trust setup? On Thu, Jun 16, 2016 at 9:08 AM, Rob Crittenden wrote: > Saqib N Ali wrote: > >> Hi Alexander, >> >> I understand that with Trust to AD, we can use AD for System of

Re: [Freeipa-users] FreeIPA – AD Trust Integration Option

Saqib N Ali wrote: Rob, is there a architecture document/diagram that describes how 389-ds in the FreeIPA w/ AD Trust setup? You'll find a number of pages on freeipa.org. rob On Thu, Jun 16, 2016 at 9:08 AM, Rob Crittenden > wrote:

Re: [Freeipa-users] IPA - Password time outs / failures on trusted AD Users

Alexander, Ok I figured most of my issues were ldap search time out and also ldap_idmap_range_size was to small. So I am left with one last problem is that any new users can login via password but existing users passwords do not work but kerberos tickets do. So is there another setting I am

Re: [Freeipa-users] LDAPS for AD trust?

On Thu, Jun 16, 2016 at 04:53:22PM -0500, Erik Mackdanz wrote: > Hello, > > Is it possible to force LDAPS instead of LDAP when connecting to the > client's AD domain in a trust situation? > > I'm sure that the _ldaps SRV must be added to AD (AD doesn't have one > by default). > > It's not

Re: [Freeipa-users] ipa-ods-exporter failed ?

On 16.6.2016 21:51, Lukas Slebodnik wrote: > On (16/06/16 11:54), Günther J. Niederwimmer wrote: >> Hello >> >> on my system the ods-exporter i mean have a problem. >> >> I have this in the logs >> CentOS 7.(2) ipa 4.3.1 >> >> Jun 16 11:37:25 ipa systemd: ipa-ods-exporter.service holdoff time