Re: [Freeipa-users] Unable to sudo with just one user on only a few servers

On Sat, Dec 31, 2016 at 07:43:20AM +, pgb205 wrote: > I have followed troubleshooting procedure outlined hereTroubleshooting - > FreeIPA > > > | > | > | > | || > >| > > | > | > | | > Troubleshooting - FreeIPA >| | > > | > > | > > > Additionally I

Re: [Freeipa-users] Any good CLI methods for testing connectivity from IPA replica to remote AD servers?

On Wed, Dec 28, 2016 at 08:52:41AM -0500, Chris Dagdigian wrote: > > Hi folks, > > I may have network blocks between one of my IPA replicas and the *many* > remote AD servers that need to be queried but I can only see evidence of > this in the authentication failures and the debug level logging.

Re: [Freeipa-users] section 2.3.6. Installing Without a CA - then how to update expired certificates in LDAP?

On 12/24/2016 05:54 AM, Josh wrote: I discussed this problem once before and got partial answers but I would like to finally resolve it. Scenario: 1. Install IPA without a CA, according to section 2.3.6 as of now in latest RHEL7 Linux Domain Identity, Authentication and Policy Guide. 2.

Re: [Freeipa-users] modify schema - add group email and display attribute

I would be really happy if anybody could assign an OID for the new objectcalss i want to use to store group mail and displayname attributes. Sándor Juhász System Administrator ChemAxon Ltd . Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 Cell: +36704258964 From:

Re: [Freeipa-users] how to make email as mandatory field before user creation

Hi Prtr, Can you please suggest how to do it with plugins and which plugin I need to use and how to integrate that plugin with freeipa. Thanks Niraj -Original Message- From: Petr Vobornik [mailto:pvobo...@redhat.com] Sent: 02 January 2017 22:21 To: Singh, NirajKumar

Re: [Freeipa-users] how to make email as mandatory field before user creation

On 01/02/2017 06:21 PM, Matt . wrote: > Doesn't get the user a default mailaddress when you add him under the > REALM domain ? By default user gets an email address but there ways to skip it: ipa user-add test2 --first Test --last Test --email= ipa config-mod --emaildomain= Btw, in Web

Re: [Freeipa-users] modify schema - add group email and display attribute

On 02/01/2017 11:53, Sandor Juhasz wrote: I would be really happy if anybody could assign an OID for the new objectcalss You can get your own enterprise OID for free from here: http://pen.iana.org/pen/PenApplication.page Note that you only get one, so it's up to you to subdivide the space.

Re: [Freeipa-users] Asking for help with crashed freeIPA istance

Thanks for your reply. This was the initial error I asked for help a while ago and did not get resolved. Further digging showed the recent errors. The service was running (using ipactl start --force) and only after a restart I am getting a stack trace for two primary messages: Could not connect

[Freeipa-users] Automate PPK file generation for newly created users.

Hi Team, We have created master and client servers. We are able to create and login users with password. But our requirement is to generate ppk file for each user ,which should be used as login credentials to the users. Question : * Is there any way to automate key(.ppk) generation for

Re: [Freeipa-users] how to make email as mandatory field before user creation

On 01/02/2017 05:00 PM, nirajkumar.si...@accenture.com wrote: > Hi Team, > > Is there any way to make email as mandatory field before creating any user > from > WEBUI or Console? > > Thanks & Regards, > > Niraj Kumar Singh > Hello Niraj, FreeIPA doesn't support such configuration out of

Re: [Freeipa-users] how to make email as mandatory field before user creation

Doesn't get the user a default mailaddress when you add him under the REALM domain ? 2017-01-02 17:50 GMT+01:00 Petr Vobornik : > On 01/02/2017 05:00 PM, nirajkumar.si...@accenture.com wrote: >> Hi Team, >> >> Is there any way to make email as mandatory field before creating

[Freeipa-users] Unspecified GSS failure. Minor code may provide more information KDC has no support for encryption type

Hi Team, I am getting below error while trying to ssh my host without password. Unspecified GSS failure. Minor code may provide more information KDC has no support for encryption type Thanks in advance *Thanks,* *Tarak Nath Sinha* -- Manage your subscription for the Freeipa-users mailing

[Freeipa-users] Kerberos authentication failed: kinit: Included profile directory could not be read while initializing Kerberos 5 library

I upgraded our FreeIPA server from Cent7.2 to 7.3 which also upgraded freeipa to 4.4. On some clients they failed to re-authenticate post upgrade. I then did an ipa-client-install —uninstall , and then tried re-joining to IPA server with ipa-client-install --mkhomedir --force-ntpd

[Freeipa-users] Fwd: IPA Client not able to remove

Hi Team, Please give me some suggestion to fix the below issue.. -- Forwarded message -- From: tarak sinha Date: Mon, Jan 2, 2017 at 9:03 PM Subject: Re: [Freeipa-users] IPA Client not able to remove To: Rob Crittenden Thanks

[Freeipa-users] how to make email as mandatory field before user creation

Hi Team, Is there any way to make email as mandatory field before creating any user from WEBUI or Console? Thanks & Regards, Niraj Kumar Singh AWS & Oracle DB Team Vodafone NewCo Accenture Services Pvt. Ltd. Voice: (+91)9663212985 Email: