Re: [Freeipa-users] report abuse

On ke, 18 tammi 2017, Harald Dunkel wrote: On 01/17/17 21:59, Lukas Slebodnik wrote: On (16/01/17 07:53), Alexander Bokovoy wrote: The spam bot actually mines the mailing list archives and sends emails based on that one. I am not sure how to apply it in this case, but time is money for

Re: [Freeipa-users] documentation or example of using S42U for NFS

Instructions like that are several places. But NFS is different, and I believe the configuration would be different from other services. I’ve given up on this approach, and have written my own utilities. I’ve actually got three. The first two assume that users who want to do cron jobs on a

[Freeipa-users] RFE: Documentation for creating OpenVPN certificates.

To whom this may concern, I use FreeIPA and I would like to create certificates for peer-to-peer and remote-access VPNs. In speaking with Fraser Tweedale, we agree that the best way forward is to create a secondary CA for insulation; but we may also need to create

Re: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4, ) [Internal Error (System error)]

Hi Ludwig, On 01/17/17 17:01, Ludwig Krispenz wrote: > > On 01/17/2017 04:48 PM, Harald Dunkel wrote: >> On 01/17/17 16:12, Harald Dunkel wrote: >>> On 01/17/17 11:38, Sumit Bose wrote: On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote: > It seems something got corrupted in

Re: [Freeipa-users] report abuse

On 01/17/17 21:59, Lukas Slebodnik wrote: > On (16/01/17 07:53), Alexander Bokovoy wrote: >> >> The spam bot actually mines the mailing list archives and sends emails >> based on that one. >> I am not sure how to apply it in this case, but time is money for these spammers. Maybe it is possible to

Re: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4, ) [Internal Error (System error)]

On 01/17/17 11:38, Sumit Bose wrote: > On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote: >> It seems something got corrupted in my ipa setup. I found this in the >> sssd log file on Wheezy: >> >> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing >> source

[Freeipa-users] [solved] Re: ipa-replica-install fails: "an internal error has occurred" on Remote master - DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server was no

Hi 2017-01-17 15:53 GMT+01:00 Alexander Skwar > As you can see, the RHEL system does have a "org.freeipa.server". > The Xenial system does not. > > Any ideas, why that might be missing? Timo Aaltonen has helped me to find the issue on the launchpad bug. The oddjob service needs to be

[Freeipa-users] Limit regular user access only to self service portal

Hello everyone! Is it possible to configure Sef-service permissions in FreeIPA in a way, so that, when regular users log in, they don't have read access to other FreeIPA sections like "Policy", "Authentication", "IPA Server"...? My goal is - when user logs in Self-service portal, he sees

[Freeipa-users] (no subject)

Hello, I have been attempting to setup samba server on RHEL 7 and I haven't had luck so far. I am hoping to get some guidance on what I could be missing. I am using the link below as a guide. http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA My setup is made up of two

Re: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4, ) [Internal Error (System error)]

On 01/17/2017 04:48 PM, Harald Dunkel wrote: On 01/17/17 16:12, Harald Dunkel wrote: On 01/17/17 11:38, Sumit Bose wrote: On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote: It seems something got corrupted in my ipa setup. I found this in the sssd log file on Wheezy: (Tue Jan 17

[Freeipa-users] changelog entry cache size

Just upgraded to CentOS 7.3 (freeipa 4.3 -> 4.4). Seeing this in the error logs: [17/Jan/2017:08:41:38.057173466 -0500] WARNING: changelog: entry cache size 512000 B is less than db size 696377344 B; We recommend to increase the entry cache size nsslapd-cachememsize.

Re: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4, ) [Internal Error (System error)]

On 01/17/17 16:12, Harald Dunkel wrote: > On 01/17/17 11:38, Sumit Bose wrote: >> On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote: >>> It seems something got corrupted in my ipa setup. I found this in the >>> sssd log file on Wheezy: >>> >>> (Tue Jan 17 10:19:02 2017)

Re: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4, ) [Internal Error (System error)]

On Tue, Jan 17, 2017 at 04:12:51PM +0100, Harald Dunkel wrote: > On 01/17/17 11:38, Sumit Bose wrote: > > On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote: > >> It seems something got corrupted in my ipa setup. I found this in the > >> sssd log file on Wheezy: > >> > >> (Tue Jan 17

Re: [Freeipa-users] report abuse

On (16/01/17 07:53), Alexander Bokovoy wrote: >On su, 15 tammi 2017, Jeff Clay wrote: >> Not sure how this stuff is usually reported, but the person below needs >> removed from the group. >This is a spam bot and it is *not* on the list of subscribers. We ran >few experiments to find out that, you

Re: [Freeipa-users] ipa-replica-install fails: "an internal error has occurred" on Remote master - DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server was not provide

Hello again already… 2017-01-17 15:24 GMT+01:00 Alexander Skwar : … > [Tue Jan 17 16:06:05.825724 2017] [wsgi:error] [pid 21773:tid > 139626190206720] ipa: INFO: [jsonserver_kerb] ad...@unix.ewadmin.ch: > ping(version=u'2.164'): SUCCESS >

[Freeipa-users] security, sssd, pam and web apps

Hi, We have a new rstudio server that we'd like to have FreeIPA manage Auth on. sssd works - I can login with my appropriate credentials via cli, but the web interface doesn't accept the creds. I've read http://www.freeipa.org/page/Web_App_Authentication#PAM_service but we don't want to create

Re: [Freeipa-users] documentation or example of using S42U for NFS

On 01/09/2017 09:52 AM, Charles Hedrick wrote: > Various documentation suggests that it is possible for Gssproxy to get > tickets for users who need to use NFS. This is a possible way to handle > things like cron jobs. > > However while a gssproxy.conf example is given, there’s no sign of what

Re: [Freeipa-users] FreeIPA 4.4 plugin migration path

On ti, 17 tammi 2017, Peter Fern wrote: Hello all, It appears there have been quite a few changes to the FreeIPA plugin infrastructure in the 4.4 series. I've been trying to wade through the commits, but it's a pretty tough slog. Does anyone have details on how to migrate plugins from <=4.3

Re: [Freeipa-users] FreeIPA 4.4 plugin migration path

On 17/01/17 10:10, Peter Fern wrote: Hello all, It appears there have been quite a few changes to the FreeIPA plugin infrastructure in the 4.4 series. I've been trying to wade through the commits, but it's a pretty tough slog. Does anyone have details on how to migrate plugins from <=4.3 to

[Freeipa-users] FreeIPA 4.4 plugin migration path

Hello all, It appears there have been quite a few changes to the FreeIPA plugin infrastructure in the 4.4 series. I've been trying to wade through the commits, but it's a pretty tough slog. Does anyone have details on how to migrate plugins from <=4.3 to 4.4? Thanks, Pete -- Manage your

Re: [Freeipa-users] FreeIPA 4.4 plugin migration path

On 17/01/17 11:30, Peter Fern wrote: On 17/01/17 20:39, David Kupka wrote: in 4.4 we split the plugins to the server and client plugins. Simple plugins (like server plugin) needs to exist only on server and all what is needed is to move it from ipalib/plugins to ipaserver/plugins. But if

Re: [Freeipa-users] FreeIPA 4.4 plugin migration path

On 17/01/17 20:39, David Kupka wrote: > in 4.4 we split the plugins to the server and client plugins. Simple > plugins (like server plugin) needs to exist only on server and all > what is needed is to move it from ipalib/plugins to ipaserver/plugins. > > But if commands in your plugin define

Re: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4, ) [Internal Error (System error)]

On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote: > It seems something got corrupted in my ipa setup. I found this in the > sssd log file on Wheezy: > > (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing > source hosts for rule [allow_all] > (Tue Jan 17

Re: [Freeipa-users] FreeIPA 4.4 plugin migration path

On 17/01/17 21:48, David Kupka wrote: > Ok, your plugin is not really a plugin but that should not be a problem. > To make it work: > > 1) replace "from ipalib.plugins.user import user" with "from > ipaserver.plugins.user import user" > 2) make sure "user_mailalternateaddress.py" is also in

Re: [Freeipa-users] FreeIPA 4.4 plugin migration path

On ti, 17 tammi 2017, Peter Fern wrote: On 17/01/17 21:48, David Kupka wrote: Ok, your plugin is not really a plugin but that should not be a problem. To make it work: 1) replace "from ipalib.plugins.user import user" with "from ipaserver.plugins.user import user" 2) make sure

[Freeipa-users] be_pam_handler_callback Backend returned: (3, 4, ) [Internal Error (System error)]

It seems something got corrupted in my ipa setup. I found this in the sssd log file on Wheezy: (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all] (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System:

Re: [Freeipa-users] FreeIPA 4.4 plugin migration path

On 17/01/17 12:16, Peter Fern wrote: On 17/01/17 21:48, David Kupka wrote: Ok, your plugin is not really a plugin but that should not be a problem. To make it work: 1) replace "from ipalib.plugins.user import user" with "from ipaserver.plugins.user import user" 2) make sure

[Freeipa-users] ipa-replica-install fails: "an internal error has occurred" on Remote master - DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server was not provided by

Hello Using freeipa 4.3.1-0ubuntu1 on Ubuntu 16.04 servers. I have setup a FreeIPA master server with the following commands: apt install freeipa-server ipa-server-install --setup-dns --mkhomedir --auto-forwarders \ --no-reverse --hostname=ewserv-auth01-prod.unix.ewadmin.ch \