at 04:32:42PM +0200, Martin Kosek wrote:
On 07/29/2015 03:22 PM, Dewangga Bachrul Alam wrote:
Hello!
I'm using FreeIPA 4.1.x on CentOS 7, Is there any delay after
applied some rules to specified user?
[root@ipa ~]# ipa sudorule-show Rule name: wheel Rule name:
Wheel Enabled: TRUE Host
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello!
I got many error message from ipa-dnskeysyncd. Here is the snippet
from syslog http://fpaste.org/249594/20746714/raw
Is it normal? I just restart the ipa server and its going back to
normal again, but it come error on random times. Any debug
Hello!
I'm trying to reinstall ipa client, but have a problem with old/existing
ca.crt in `/etc/ipa/ca.crt`. Should I remove it manually? Since the IPA
server still on development and always reinstalled, I need to reproduce
any possible problem/error on FreeIPA 4.x on CentOS 7.
The error was :
Hello!
On 05/19/2015 12:53 PM, Martin Kosek wrote:
On 05/19/2015 04:04 AM, Dewangga Bachrul Alam wrote:
Hello!
I'm trying to reinstall ipa client, but have a problem with old/existing
ca.crt in `/etc/ipa/ca.crt`. Should I remove it manually? Since the IPA
server still on development
This is the verbose log, tried to convert them to p12 format (dont know
it's right or not), still no luck.
http://fpaste.org/223608/88775143/raw/
Ref: http://www.redhat.com/archives/freeipa-users/2014-August/msg00338.html
Any additional hints?
On 05/19/2015 08:30 PM, Dewangga Bachrul Alam
Hello!
I was build FreeIPA 4.1.4 on CentOS 7.1, the deployment was done, but
could I changes the HTTP and dirsv certificate? I have wildcard
certificate (thawte SSL CA - G2). It is compatible for FreeIPA (http and
dirsv)?
I've tried to follow the instruction
Well, thanks Martin for the info :)
On 05/19/2015 08:23 PM, Martin Kosek wrote:
On 05/19/2015 03:21 PM, Dewangga Bachrul Alam wrote:
Thank you Martin,
Yes, the IPA Server was built on CentOS 7.1. But, some client still
using CentOS 6.x, but I have plan upgrade them to 7.x.
Is it gave
/2015 10:53 AM, Dewangga Bachrul Alam wrote:
Hello!
On 05/19/2015 12:53 PM, Martin Kosek wrote:
On 05/19/2015 04:04 AM, Dewangga Bachrul Alam wrote:
Hello!
I'm trying to reinstall ipa client, but have a problem with old/existing
ca.crt in `/etc/ipa/ca.crt`. Should I remove it manually? Since
Hello!
On 05/20/2015 05:30 PM, Martin Kosek wrote:
On 05/20/2015 11:54 AM, Dewangga Bachrul Alam wrote:
Hello!
I've tried to setup my IPA server to work on multiple domain env, for
the example, I have 20 instance/servers using mydomain.co.id then I have
another 10 instance/servers using
Yes, of course.
I will add NS record to parent zone if my IPA server are ready for
production. :D
Thanks for any comments and help.
Cheers! :)
On 05/20/2015 06:02 PM, Petr Spacek wrote:
On 20.5.2015 12:56, Dewangga Bachrul Alam wrote:
Thanks Martin,
Better I leave the configuration as is :D
:38 PM, Dewangga Bachrul Alam wrote:
Hello!
On 05/20/2015 05:30 PM, Martin Kosek wrote:
On 05/20/2015 11:54 AM, Dewangga Bachrul Alam wrote:
Hello!
I've tried to setup my IPA server to work on multiple domain env, for
the example, I have 20 instance/servers using mydomain.co.id then I have
and point my DNS to the IPA
Server, the DNS Discovery was failed, but if I entered IPA server
address manually, the setup was success.
---
[root@joyoboyo ~]# getent passwd dewangga
dewangga:*:94001:94001:Dewangga Alam:/home/dewangga:/bin/bash
[root@joyoboyo ~]# uname -a
Linux
Hello!
Should I reboot the machine after changing sudo.conf file?
On 08/12/2015 09:26 PM, Jakub Hrozek wrote:
On Wed, Aug 12, 2015 at 07:44:15PM +0700, Dewangga Bachrul Alam wrote:
Hello!
On 08/12/2015 07:36 PM, Jakub Hrozek wrote:
On Wed, Aug 12, 2015 at 07:30:52PM +0700, Dewangga Bachrul
Hello!
On 08/13/2015 03:09 PM, Jakub Hrozek wrote:
On Thu, Aug 13, 2015 at 03:01:40PM +0700, Dewangga Bachrul Alam wrote:
Hello!
Should I reboot the machine after changing sudo.conf file?
No, it's read by sudo on every invocation. There is no sudo deamon or
such.
Yes, I found
On 08/21/2015 09:44 AM, Vaclav Adamec wrote:
Hi,
Don't want to start flame, but my question is quite simple, is there
anybody who use it in real production/commercial setup without any
major issues ? don't you lack commercial support ? no issues with
auditors ?
FreeIPA is upstream for
Hello Jakub!
Sorry for delayed email,
My bad, I disabled cache_credentials, not sssd_cache.
I tried modified my user `dewangga` to remove sudo rules, the cache
still active even I restart the sssd service and delete all ccache* files.
There's no information on sssd log folder.
-rw---. 1
related information about the 4 step above.
On 07/30/2015 08:54 PM, Jakub Hrozek wrote:
On Thu, Jul 30, 2015 at 07:09:47PM +0700, Dewangga Bachrul Alam wrote:
Hello Jakub!
Sorry for delayed email,
My bad, I disabled cache_credentials, not sssd_cache.
Then I think it's completely unrelated
Sudo order: 1
Users: dewangga
User Groups: wheel
Sudo Option: !authenticate
On ipa-client, user `dewangga` asking for password when execute command
`sudo -l`
[dewangga@sherief-repository ~]$ sudo -l
[sudo] password for dewangga:
Here is `ipa user-show dewangga` result :
$ ipa user-show
still didn't use correct configuration.
It's still using min 0, max 0 configuration (I set this policy
yesterday, and was revert it back to min 1 max 90 on yesterday too)
Any hints?
On 07/31/2015 01:47 AM, Jakub Hrozek wrote:
On Thu, Jul 30, 2015 at 09:50:23PM +0700, Dewangga Bachrul Alam wrote
Hello!
On 08/11/2015 01:43 PM, Alexander Bokovoy wrote:
On Tue, 11 Aug 2015, Dewangga Bachrul Alam wrote:
Hello!
I'm having problem with different hostname with primary domain on ipa
server. For example, my primary domain is mydomain.co.id, and then if
the server hostname using
Hello!
I'm having problem with different hostname with primary domain on ipa
server. For example, my primary domain is mydomain.co.id, and then if
the server hostname using mydomain.co.id, the dns discover was sucessfully.
The problem come if the client hostname using different domain, for
Hello!
I'm having problem with sudo command, the sudo command was sucessfully
initiated. But user still requested for password. For example :
ipa-client $ sudo -l
Matching Defaults entries for subhan on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep=COLORS
DISPLAY
Hello!
On 08/12/2015 07:36 PM, Jakub Hrozek wrote:
On Wed, Aug 12, 2015 at 07:30:52PM +0700, Dewangga Bachrul Alam wrote:
Hello!
I'm having problem with sudo command, the sudo command was sucessfully
initiated. But user still requested for password. For example :
ipa-client $ sudo -l
Hello!
On 08/11/2015 06:25 PM, Alexander Bokovoy wrote:
On Tue, 11 Aug 2015, Dewangga Bachrul Alam wrote:
Hello!
On 08/11/2015 01:43 PM, Alexander Bokovoy wrote:
On Tue, 11 Aug 2015, Dewangga Bachrul Alam wrote:
Hello!
I'm having problem with different hostname with primary domain on ipa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark as spam, and they gone from my inbox. :)
On 04/23/2017 05:10 PM, Prasun Gera wrote:
> This still continues to be a problem. Was any solution identified
> for this ? Why are the emails not obfuscated on the public archives
> ?
>
> On Tue, Dec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
Just update, manually add external CA(s) and signed certificated was
successful, but why it's didn't automatically transferred to
replica(s) from master.
On 04/22/2017 03:00 PM, Dewangga Bachrul Alam wrote:
> Hello!
>
> I've suc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
I've successfully create replica, everything works fine but why my
signed CA certificate didn't automatically transfer to another
replica(s)? Is it normal?
Trying to add manually, but the certificate in replica(s) still using
self-signed.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
Is it possible to create another sudo rules that same with
sudo_rule_full or admin privileges, it means that the user can run
`sudo su -` without password.
I've create the similar rules, but no luck.
[root@idm ~]# ipa sudorule-show
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
On 04/28/2017 07:26 PM, Jason B. Nance wrote:
> Hi Dewangga,
>
>> [root@idm ~]# ipa sudorule-show sudo_rules_rekanalar Rule name:
>> sudo_rules_rekanalar Enabled: TRUE Command category: all RunAs
>> User category:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
On 04/26/2017 08:08 PM, Florence Blanc-Renaud wrote:
> On 04/25/2017 10:56 AM, Dewangga Bachrul Alam wrote: Hello!
>
> Master IPA Server: - I install 1 (one) server as master
> (self-signed) and add/modify using external CA.
, the command ipa-server-certinstall must also be run on the
> replica with the appropriate certificate.
>
> HTH, Flo.
>
> On 04/22/2017 10:41 AM, Dewangga Bachrul Alam wrote: Hello!
>
> Just update, manually add external CA(s) and signed certificated
> was successful, but wh
31 matches
Mail list logo