Re: [Freeipa-users] deleting ipa user

2015-05-04 Thread Tomas Babej
On 04/30/2015 02:31 PM, Andy Thompson wrote: It appears that f82 is the user object and f87 is the group object. So you are right, I don't think f82 is what we were looking for, it just happened to have the username in it when I grepped without filtering the uniqueid. I'm not sure why it was

Re: [Freeipa-users] Access to IPA Web-UI with different domain names

2015-05-04 Thread Tomas Babej
On 04/27/2015 06:06 PM, David Dimovski wrote: Hi Folks, does somebody have a best practice, how to access the IPA Web-UI with different domain names? Example: Our IPA 4.1 have two different IPs (extern and intern) with two domain names. The web gui is only accessible from the domain name, w

Re: [Freeipa-users] Access to IPA Web-UI with different domain names

2015-05-04 Thread Tomas Babej
On 05/04/2015 12:32 PM, Tomas Babej wrote: On 04/27/2015 06:06 PM, David Dimovski wrote: Hi Folks, does somebody have a best practice, how to access the IPA Web-UI with different domain names? Example: Our IPA 4.1 have two different IPs (extern and intern) with two domain names. The web

Re: [Freeipa-users] Removing REALM requirement and home directory location

2015-05-05 Thread Tomas Babej
On 05/04/2015 08:50 PM, Redmond, Stacy wrote: I am running a RHEL7 IPA Server ipa-server 3.3.3-28 RHEL6 clients running IPA Client 3.0.0-42 I have setup an AD trust which works great, however I want to make it so the users don’t have to use @realm to login and that their home directory doe

Re: [Freeipa-users] regex with sudo commands

2015-05-05 Thread Tomas Babej
Hello! On 05/05/2015 03:37 AM, Megan . wrote: Good Evening! I'm running 3.0.0-42 on Centos 6.6. I setup a number of sudo commands today with regular expressions and now users seem to be having issues running any sudo command. Are there any known issues with having regex in sudo commands withi

Re: [Freeipa-users] Partial replica

2015-09-21 Thread Tomas Babej
On 09/15/2015 05:14 PM, Nicola Canepa wrote: > Hello list. > I'm trying to make a test deploy of FreeIPA, and I was wondering if it > is possible to authenticate remote sites via LDAP by havong a partial > replica based on saome filter (maybe a group, an attribute or similar). > > Sorry if this

Re: [Freeipa-users] FreeIPA + Foreman 1.5

2014-04-28 Thread Tomas Babej
ase I shouldn't be > doing in a kickstart snippet. > > Will it be like automount: ipa-client-automount, or will it be an install > flag? Does it exist yet? It will be the default behaviour, that is, a flag will be available to turn it *off* (--no-sudo). Yes, patches ar

Re: [Freeipa-users] FreeBSD client

2014-07-24 Thread Tomas Babej
314-977-2583 >> === >> >> "The aim of education >> is the knowledge, >> not of facts, >> but of values." >> – William S. Burroughs >> -- >> Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] Del private group fail even using command

2014-08-01 Thread Tomas Babej
ups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com changetype: modify delete: mepManagedBy - #!RESULT OK #!DATE 2014-08-01T09:53:45.511 dn: cn=random,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com changetype: modify delete: objectClass objectClass: mepManagedEnt

Re: [Freeipa-users] Lost access after password policy change

2014-09-15 Thread Tomas Babej
ed it by turned the clock back to around 1975, playing around with > password change, and then returning to 2014. Eventually let me get in so I > could kinit and fix the policy. > > Phew. Sorry to bother. > > Jason > -- Tomas Babej Associate Software Engineer | Red Hat | Identity Ma

Re: [Freeipa-users] Lost access after password policy change

2014-09-15 Thread Tomas Babej
Sorry, second ticket should have been https://fedorahosted.org/freeipa/ticket/3312 On 09/15/2014 05:36 PM, Tomas Babej wrote: > Just for the record, this should be fixed since FreeIPA 3.2: > > https://fedorahosted.org/freeipa/ticket/3114 > https://fedorahosted.org/freeipa/ticket/31

Re: [Freeipa-users] FreeIPA for Debian Wheezy, Ubuntu 12.04

2015-01-15 Thread Tomas Babej
pa-advise config-generic-linux-sssd-before-1-9 on the IPA server. This will provide setup instructions to run on the client. HTH, -- Tomas Babej Associate Software Engineer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org -- Manage your subscription for the Freeipa-use

Re: [Freeipa-users] A public interface (aka My account management)

2013-04-24 Thread Tomas Babej
On 04/24/2013 01:53 PM, Arturo Borrero wrote: Hi there. I'm wondering if it's possible to get FreeIPA with a 'public user interface'. This is: a place where a standar user can update his password and other personal data. I'm thinking in something similar to google.com/accounts Does this exi

Re: [Freeipa-users] [freeipa-users] errors when trying to add public SSH key to user

2013-07-15 Thread Tomas Babej
On Monday 15 of July 2013 15:13:49 Armstrong, Kenneth Lawrence wrote: > Good thought. I just tried it and it still fails: > > [karmstrong@linuxtest ~]$ ipa user-mod > karmstrong --sshpubkey "$(cat .ssh/id_rsa.pub)" > ipa: ERROR: invalid 'sshpubkey': invalid SSH publi

Re: [Freeipa-users] [freeipa-users] errors when trying to add public SSH key to user

2013-07-15 Thread Tomas Babej
On Monday 15 of July 2013 15:36:46 Armstrong, Kenneth Lawrence wrote: > I do not believe that it is damaged. I have tried this out three times now > (deleting the key files between each attempt). > > -Kenny What is the version of your IPA server? Tomas__

Re: [Freeipa-users] FreeIPA 3.3 performance issues with many hosts

2015-10-05 Thread Tomas Babej
On 10/01/2015 05:06 PM, Dominik Korittki wrote: > Hello folks, > > I am running two FreeIPA Servers with around 100 users and around 15.000 > hosts, which are used by users to login via ssh. The FreeIPA servers > (which are Centos 7.0) ran good for a while, but as more and more hosts > got migrate

Re: [Freeipa-users] Winsync

2015-10-27 Thread Tomas Babej
On 10/27/2015 05:51 PM, Srdjan Dutina wrote: > Hi! > Hello Srdjan, > Is syncing (winsync) users and passwords from MS Active Directory > deprecated in FreeIPA 4.x? > If not, is there some documentation on how to use it? > Winsync synchronization is not deprecated as of now, but we are trying

Re: [Freeipa-users] FreeIPA user can't login to linux.

2015-11-16 Thread Tomas Babej
Can you provide a result of a LDAP search run on that entry? As Rob points out, you're probably creating the user in a manner that bypasses the framework. Tomas On 11/16/2015 06:43 AM, zhiyong xue wrote: > I am using IPA 4.1 in CenOS7. And I can login to system after "id > syncopex5", maybe it's

Re: [Freeipa-users] Problem adding DNS Zones

2012-11-16 Thread Tomas Babej
On 11/16/2012 04:11 PM, Bret Wortman wrote: Using FreeIPA on a private network (where it's easier to just alias our own servers to these names than to edit config file after config file). Any idea what I'm doing wrong here? # ipa dnszone-add 0.pool.ntp.org --name-serve