This user was locked out due to Max Failure policy = 5
If they're supposed to be replicas, why the different status?
[root@il10 ~]# ipa user-status lramey
---
Account disabled: False
---
Server: ipa-idm-01.ipajdr.local
Failed logins: 0
Last
On 09.08.2016 23:04, Larry Rosen wrote:
This user was locked out due to Max Failure policy = 5
If they’re supposed to be replicas, why the different status?
[root@il10 ~]# ipa user-status lramey
---
Account disabled: False
---
Server:
> Date: Wed, 10 Aug 2016 09:02:29 +0200
> From: Petr Spacek
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] FreeIPA Session Management (WebUI,
> Kerberos, ...?)
> Message-ID:
> Content-Type: text/plain;
I've got a freeipa domain and many centos 7.2 clients. I also have a sudo
rule that allows member of the developer group sudo rights on virtual
servers in the "development" group. This works great on the centos servers.
However, I recently set up 3 ubuntu boxes, and added them to the IPA domain
Not sure it is the same as 14.X but I had to add the sudo in the list of
services to sssd.conf as it was not put in by default. I am by no means an
expert on it but my own personal experience with 14.x
Sean Hogan
From: Jeff Goddard
To:
Jeff Goddard wrote:
Sean,
Thanks for the reply. I don't think that's my problem but I'm posting a
redacted copy of the sssd.conf file for review below.
I'd start here: https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
rob
--
Manage your subscription for the Freeipa-users mailing
Sean,
Thanks for the reply. I don't think that's my problem but I'm posting a
redacted copy of the sssd.conf file for review below.
[domain/domain.com]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = domain.com
id_provider = ipa
auth_provider = ipa
access_provider =
On 9.8.2016 21:37, Joe Thielen wrote:
> First off, let me say THANK YOU to all of you who've helped make FreeIPA
> what it is. I think it's a fantastic project and it's amazing what it has
> achieved.
>
> Second off, I'm still quite new to FreeIPA, especially the internals. This
> includes
Ok, I increased the debug level as you recommended and it's given me a lot
of useful info. Before I go any further trying to troubleshoot that mass of
info on this mailing list though, I would like to double check something I
came across. In the debug output I noticed this line:
"No ccache file
On 08/10/2016 05:19 PM, Guy Knights wrote:
Ok, I increased the debug level as you recommended and it's given me a
lot of useful info. Before I go any further trying to troubleshoot
that mass of info on this mailing list though, I would like to double
check something I came across. In the debug
Dear all,
Seeking your kind advices.
If the requirement is for having a scalable corporate CA only, is it
possible to get this requirement fulfilled with DogTag only, or install
FreeIPA and use the CA functionality only.
What are the functional differences and support limitations?
Thanks
When attempting to run ipa-replica-install I get a python error, No
module named ssl_match_hostname
This is on a CentOS 7.2 x86_64 testing box.
All available updates including kernel installed, and system rebooted
same day. Same error before and after patching and reboot.
Let me know if you
Something declarative which can be version controlled and considered a
"source of truth" and driven from configuration management (chef,
puppet, ansible - whatever your flavor)
A scheme to reconcile account properties, group memberships,
permissions, etc... I could see how this would be a
Hmm, ok. In that case, I guess I need to rethink my setup. Thanks again for
all your help!
Kind regards,
Guy
On 10 August 2016 at 14:46, Justin Stephenson wrote:
> On 08/10/2016 05:19 PM, Guy Knights wrote:
>
> Ok, I increased the debug level as you recommended and it's
Hi Josh,
depending on your IPA version, you may consider using
ipa-server-certinstall and ipa-certupdate.
ipa-server-certinstall can be used to install a new certificate for
Apache/LDAP servers, and ipa-certupdate to update the NSS DBs with the
CA certificates found in the LDAP server.
On Tue, Aug 09, 2016 at 03:37:35PM -0400, Joe Thielen wrote:
>
> For example, let's say "joe" logs in to the WebUI (OR another web app tied
> to FreeIPA). Now, on another computer, "admin" logs into the WebUI. Can
> admin have a way to see that "joe" logged in, and, if need be, kill Joe's
>
On Wed, Aug 10, 2016 at 5:27 AM, Jan Pazdziora
wrote:
> On Tue, Aug 09, 2016 at 03:37:35PM -0400, Joe Thielen wrote:
> >
> > For example, let's say "joe" logs in to the WebUI (OR another web app
> tied
> > to FreeIPA). Now, on another computer, "admin" logs into the
17 matches
Mail list logo