Re: [Freeipa-users] multiple ds instances (maybe off-topic)

On Tue, 28 Jun 2016, Natxo Asenjo wrote: hi, according to the RHDS documentation ( https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html) one can have multiple directory server instances on the same hosts Would it be

[Freeipa-users] multiple ds instances (maybe off-topic)

hi, according to the RHDS documentation ( https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html-single/Using_the_Admin_Server/index.html) one can have multiple directory server instances on the same hosts Would it be interesting to offer this functionality in

[Freeipa-users] How to give directory permissions on a specific client to FreeIPA users.

Hello, I want to know how can I give directory permissions on a client to a domain user in FreeIPA. I'm using "runasuser" feature in sudo policy to give my domain users permission to run local services on client. Here is an example: I have a service on my client called "*abc*" located at

Re: [Freeipa-users] multiple ds instances (maybe off-topic)

On Tue, Jun 28, 2016 at 9:07 AM, Alexander Bokovoy wrote: > On Tue, 28 Jun 2016, Natxo Asenjo wrote: > >> hi, >> >> according to the RHDS documentation ( >> >>

[Freeipa-users] where is the CA cert located ?

Hi : I already follow the procedure to install new CA and add ca.crt to the library I known ...where still missed ? ABC-COM...[28/Jun/2016:15:45:53 +0800] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert *.ABC.com of family cn=RSA,cn=encryption,cn=config (Netscape

Re: [Freeipa-users] multiple ds instances (maybe off-topic)

hi Ludwig, On Tue, Jun 28, 2016 at 10:03 AM, Ludwig Krispenz wrote: > > On 06/28/2016 09:50 AM, Natxo Asenjo wrote: > > > I'd like to have internally all sort of ldap access, but externally onlly > certificate based, for example. > > If there is a way to do that know that I

Re: [Freeipa-users] multiple ds instances (maybe off-topic)

On 06/28/2016 10:33 AM, Natxo Asenjo wrote: hi Ludwig, On Tue, Jun 28, 2016 at 10:03 AM, Ludwig Krispenz > wrote: On 06/28/2016 09:50 AM, Natxo Asenjo wrote: I'd like to have internally all sort of ldap access, but externally

Re: [Freeipa-users] multiple ds instances (maybe off-topic)

On 06/28/2016 09:50 AM, Natxo Asenjo wrote: On Tue, Jun 28, 2016 at 9:07 AM, Alexander Bokovoy > wrote: On Tue, 28 Jun 2016, Natxo Asenjo wrote: hi, according to the RHDS documentation (

Re: [Freeipa-users] How to give directory permissions on a specific client to FreeIPA users.

Thank you Petr for your answer. I'm trying to do the job with least changes in client which was a operating machine now joined to Free IPA domain. I just want to make sure if using chmod, chown or setfacl are the only available solutions or not? On Jun 28, 2016 12:30 PM, "Petr Spacek"

Re: [Freeipa-users] How to give directory permissions on a specific client to FreeIPA users.

On 28.6.2016 12:32, Mitra Dehghan wrote: > Thank you Petr for your answer. I'm trying to do the job with least > changes in client which was a operating machine now joined to Free IPA > domain. I just want to make sure if using chmod, chown or setfacl are the > only available solutions or not?

Re: [Freeipa-users] How to give directory permissions on a specific client to FreeIPA users.

On 2016-06-28 09:08, Mitra Dehghan wrote: > > Hello, > > I want to know how can I give directory permissions on a client to a > domain user in FreeIPA. > > > I'm using "runasuser" feature in sudo policy to give my domain users > permission to run local services on client. > > Here is an

Re: [Freeipa-users] IPA 3.0.47 to 3.0.50 Upgrade problem

Thanks Petr, Since the last recycle of the Host hosting the First Master it has been stable for about a week now. Only thing I did was to spread out my replication agreements. I had 8 replications hitting it but now have 4 going to it and the other 4 to its backup replica with the first

Re: [Freeipa-users] IPA 3.0.47 to 3.0.50 Upgrade problem

On 22.6.2016 23:09, Sean Hogan wrote: > SLAPD showing > > 22/Jun/2016:17:01:59 -0400] slapi_ldap_bind - Error: could not perform > interactive bind for id [] mech [GSSAPI]: error 49 (Invalid credentials) > [22/Jun/2016:17:06:59 -0400] slapd_ldap_sasl_interactive_bind - Error: > could not perform

[Freeipa-users] How to change the Kerberos Master Key?

Hi, I have been trying to change the Kerberos Master Key of my FreeIPA installation, without success. On test installations, I have tried following the instructions on http://web.mit.edu/kerberos/krb5-latest/doc/admin/database.html#updating-the-master-key, but from the "kdb5_util

[Freeipa-users] Unable to add external group

Trust is successfully established ipa trust-find---1 trust matched---  Realm name:   ad_domain.local  Domain NetBIOS name: AD_DOMAIN and I can get kerberos ticket and access to servicesKRB5_TRACE=/dev/stderr kvno -S cifs ADDC.AD_DOMAIN [3552] 1467143851.633980: Received

Re: [Freeipa-users] Unable to add external group

On Tue, 28 Jun 2016, pgb205 wrote: Trust is successfully established ipa trust-find---1 trust matched---  Realm name:   ad_domain.local  Domain NetBIOS name: AD_DOMAIN and I can get kerberos ticket and access to servicesKRB5_TRACE=/dev/stderr kvno -S cifs ADDC.AD_DOMAIN

[Freeipa-users] freeIPA 4.2: Smart Card Issues

Greetings, Back in March I contacted the mailing list in regard to a problem I was having with smartcards and screen locking. At that time I was provided a patch to implement to lock the screen when the smartcard was removed and it worked well. Today it looks like the patch may have made

Re: [Freeipa-users] Unable to add external group

Alexander, forwarding sanitized files to you privately From: Alexander Bokovoy To: pgb205 Cc: "Freeipa-users@redhat.com" Sent: Tuesday, June 28, 2016 4:25 PM Subject: Re: [Freeipa-users] Unable to add external group

[Freeipa-users] How to reisnatll the ca or the dogtag system

Hi: Errors occur ...cert ni problem ..seem ca error and cannot tract cert. thx ipa-replica-prepare c03.abc.com --ip-address 192.168.1.73 Directory Manager (existing master) password: preparation of replica failed: cannot connect to u'ldapi://%2fvar%2frun%2fslapd-WISERS-COM.socket': LDAP Server

Re: [Freeipa-users] disaster recovery

On Mon, 27 Jun 2016 08:59:14 -0400 Robert wrote: RS> On Mon, 27 Jun 2016 08:09:59 +0200 Martin wrote: RS> MB> On 26.06.2016 08:17, Robert Story wrote: RS> MB> > Hello, RS> MB> > RS> MB> > I was running a single ipa instance on Centos 7 for a small lab RS> MB> >