29, 2015 at 04:32:42PM +0200, Martin Kosek wrote:
>> On 07/29/2015 03:22 PM, Dewangga Bachrul Alam wrote:
>>> Hello!
>>>
>>> I'm using FreeIPA 4.1.x on CentOS 7, Is there any delay after
>>> applied some rules to specified user?
>>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello!
I got many error message from ipa-dnskeysyncd. Here is the snippet
from syslog http://fpaste.org/249594/20746714/raw
Is it normal? I just restart the ipa server and its going back to
normal again, but it come error on random times. Any debug l
Hello!
I'm trying to reinstall ipa client, but have a problem with old/existing
ca.crt in `/etc/ipa/ca.crt`. Should I remove it manually? Since the IPA
server still on development and always reinstalled, I need to reproduce
any possible problem/error on FreeIPA 4.x on CentOS 7.
The error was :
LD
Hello!
On 05/19/2015 12:53 PM, Martin Kosek wrote:
> On 05/19/2015 04:04 AM, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> I'm trying to reinstall ipa client, but have a problem with old/existing
>> ca.crt in `/etc/ipa/ca.crt`. Should I remove it manually?
/19/2015 10:53 AM, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> On 05/19/2015 12:53 PM, Martin Kosek wrote:
>>> On 05/19/2015 04:04 AM, Dewangga Bachrul Alam wrote:
>>>> Hello!
>>>>
>>>> I'm trying to reinstall ipa client, but have
Hello!
I was build FreeIPA 4.1.4 on CentOS 7.1, the deployment was done, but
could I changes the HTTP and dirsv certificate? I have wildcard
certificate (thawte SSL CA - G2). It is compatible for FreeIPA (http and
dirsv)?
I've tried to follow the instruction
https://www.freeipa.org/page/Using_3rd
Well, thanks Martin for the info :)
On 05/19/2015 08:23 PM, Martin Kosek wrote:
> On 05/19/2015 03:21 PM, Dewangga Bachrul Alam wrote:
>> Thank you Martin,
>>
>> Yes, the IPA Server was built on CentOS 7.1. But, some client still
>> using CentOS 6.x, but I have plan up
This is the verbose log, tried to convert them to p12 format (dont know
it's right or not), still no luck.
http://fpaste.org/223608/88775143/raw/
Ref: http://www.redhat.com/archives/freeipa-users/2014-August/msg00338.html
Any additional hints?
On 05/19/2015 08:30 PM, Dewangga Bachrul
setup and point my DNS to the IPA
Server, the DNS Discovery was failed, but if I entered IPA server
address manually, the setup was success.
---
[root@joyoboyo ~]# getent passwd dewangga
dewangga:*:94001:94001:Dewangga Alam:/home/dewangga:/bin/bash
[root@joyoboyo ~]# unam
Hello!
On 05/20/2015 05:30 PM, Martin Kosek wrote:
> On 05/20/2015 11:54 AM, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> I've tried to setup my IPA server to work on multiple domain env, for
>> the example, I have 20 instance/servers using mydomain.co.id th
/2015 12:38 PM, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> On 05/20/2015 05:30 PM, Martin Kosek wrote:
>>> On 05/20/2015 11:54 AM, Dewangga Bachrul Alam wrote:
>>>> Hello!
>>>>
>>>> I've tried to setup my IPA server to work on
Yes, of course.
I will add NS record to parent zone if my IPA server are ready for
production. :D
Thanks for any comments and help.
Cheers! :)
On 05/20/2015 06:02 PM, Petr Spacek wrote:
> On 20.5.2015 12:56, Dewangga Bachrul Alam wrote:
>> Thanks Martin,
>>
>> Better I leave
: all
Sudo order: 1
Users: dewangga
User Groups: wheel
Sudo Option: !authenticate
On ipa-client, user `dewangga` asking for password when execute command
`sudo -l`
[dewangga@sherief-repository ~]$ sudo -l
[sudo] password for dewangga:
Here is `ipa user-show dewangga` result :
$ ipa user
Hello Jakub!
Sorry for delayed email,
My bad, I disabled cache_credentials, not sssd_cache.
I tried modified my user `dewangga` to remove sudo rules, the cache
still active even I restart the sssd service and delete all ccache* files.
There's no information on sssd log folder.
-rw--
t find any related information about the 4 step above.
On 07/30/2015 08:54 PM, Jakub Hrozek wrote:
> On Thu, Jul 30, 2015 at 07:09:47PM +0700, Dewangga Bachrul Alam wrote:
>> Hello Jakub!
>>
>> Sorry for delayed email,
>> My bad, I disabled cache_credentials, not sssd_cac
olicy still didn't use correct configuration.
It's still using min 0, max 0 configuration (I set this policy
yesterday, and was revert it back to min 1 max 90 on yesterday too)
Any hints?
On 07/31/2015 01:47 AM, Jakub Hrozek wrote:
> On Thu, Jul 30, 2015 at 09:50:23PM +0700, Dewangga
Hello!
I'm having problem with different hostname with primary domain on ipa
server. For example, my primary domain is mydomain.co.id, and then if
the server hostname using mydomain.co.id, the dns discover was sucessfully.
The problem come if the client hostname using different domain, for
exampl
Hello!
On 08/11/2015 01:43 PM, Alexander Bokovoy wrote:
> On Tue, 11 Aug 2015, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> I'm having problem with different hostname with primary domain on ipa
>> server. For example, my primary domain is mydomain.co.id, and then
Hello!
On 08/11/2015 06:25 PM, Alexander Bokovoy wrote:
> On Tue, 11 Aug 2015, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> On 08/11/2015 01:43 PM, Alexander Bokovoy wrote:
>>> On Tue, 11 Aug 2015, Dewangga Bachrul Alam wrote:
>>>> Hello!
>>>>
Hello!
I'm having problem with sudo command, the sudo command was sucessfully
initiated. But user still requested for password. For example :
ipa-client $ sudo -l
Matching Defaults entries for subhan on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS
DISPLAY HO
Hello!
On 08/12/2015 07:36 PM, Jakub Hrozek wrote:
> On Wed, Aug 12, 2015 at 07:30:52PM +0700, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> I'm having problem with sudo command, the sudo command was sucessfully
>> initiated. But user still requested for password
Hello!
Should I reboot the machine after changing sudo.conf file?
On 08/12/2015 09:26 PM, Jakub Hrozek wrote:
> On Wed, Aug 12, 2015 at 07:44:15PM +0700, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> On 08/12/2015 07:36 PM, Jakub Hrozek wrote:
>>> On Wed, Au
Hello!
I've been discovered something about pwd_expiration on freeipa 4.1.4,
I got a line from sssd_DOMAIN.log :
... snip ...
(Thu Aug 13 12:25:39 2015) [sssd[be[mydomain.co.id]]]
[confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1
... snip ...
$ ipa pwpolicy-find
Group: global
Hello!
On 08/13/2015 03:09 PM, Jakub Hrozek wrote:
> On Thu, Aug 13, 2015 at 03:01:40PM +0700, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> Should I reboot the machine after changing sudo.conf file?
>
> No, it's read by sudo on every invocation. There is no s
On 08/21/2015 09:44 AM, Vaclav Adamec wrote:
> Hi,
>
> Don't want to start flame, but my question is quite simple, is there
> anybody who use it in real production/commercial setup without any
> major issues ? don't you lack commercial support ? no issues with
> auditors ?
FreeIPA is upstream f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
Just update, manually add external CA(s) and signed certificated was
successful, but why it's didn't automatically transferred to
replica(s) from master.
On 04/22/2017 03:00 PM, Dewangga Bachrul Alam wrote:
> Hello!
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
I've successfully create replica, everything works fine but why my
signed CA certificate didn't automatically transfer to another
replica(s)? Is it normal?
Trying to add manually, but the certificate in replica(s) still using
self-signed. He
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark as spam, and they gone from my inbox. :)
On 04/23/2017 05:10 PM, Prasun Gera wrote:
> This still continues to be a problem. Was any solution identified
> for this ? Why are the emails not obfuscated on the public archives
> ?
>
> On Tue, Dec 2
on the
> replica, the command ipa-server-certinstall must also be run on the
> replica with the appropriate certificate.
>
> HTH, Flo.
>
> On 04/22/2017 10:41 AM, Dewangga Bachrul Alam wrote: Hello!
>
> Just update, manually add external CA(s) and signed certificated
> wa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
On 04/26/2017 08:08 PM, Florence Blanc-Renaud wrote:
> On 04/25/2017 10:56 AM, Dewangga Bachrul Alam wrote: Hello!
>
> Master IPA Server: - I install 1 (one) server as master
> (self-signed) and add/modify using external CA.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
Is it possible to create another sudo rules that same with
sudo_rule_full or admin privileges, it means that the user can run
`sudo su -` without password.
I've create the similar rules, but no luck.
[root@idm ~]# ipa sudorule-show sudo_rul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
On 04/28/2017 07:26 PM, Jason B. Nance wrote:
> Hi Dewangga,
>
>> [root@idm ~]# ipa sudorule-show sudo_rules_rekanalar Rule name:
>> sudo_rules_rekanalar Enabled: TRUE Command category: all RunAs
>> User category:
32 matches
Mail list logo