You don't have to add them as an administrator for login to work, just
sudo. Will send one over in a second.
On Tue, Jun 21, 2016 at 12:11 PM, Cal Sawyer wrote:
> ... "have to add the user as an administrator on
> the local machine"? That's pretty intriguing, but not great security-wise,
> unf
... "have to add the user as an administrator on
the local machine"? That's pretty intriguing, but not great
security-wise, unfortunately. Not a big deal at the moment, though
ok, just made my user account an admin but it's still dragging on login.
My IPA setup is the same: ipa-server-4.2.0
No fiddling that I remember. Basically got the setup working once and then
have been pushing out plist files to all new installs. Graphical login
works, as does sudo, sort of-still have to add the user as an administrator
on the local machine, but then their kerberos password works for
authenticati
Wow, that's surprising, Joe. I'm also using the linsec recipe. Yours
required no fiddling? You can login straight off from the graphical
loginWindow?
Yes, very interested in any help you can offer. Are you authenticating
against IPA 3 or 4, for sake of curiosity.
BTW: you can get your s
I've actually got a whole stack of El Capitan clients authenticating
against FreeIPA:
mac-mini-01:~ jdito$ system_profiler SPSoftwareDataType
Software:
System Software Overview:
System Version: OS X 10.11.5 (15F34)
Kernel Version: Darwin 15.5.0
Boot Volume: Macintosh HD
As usual, apologies for any formatting issues due to extracting message
threads out of digests ...
Anyhow., i have determined where everything goes terribly wrong with OSX
clients: OSX 10.10.3 ("out of the box" Yosemite) works fine using
linsec.ca's guidance. However, the second you patch to
Hi,
Are you only having problems to login to login to OSX with the IPA user
now? If that is the case then check the DNS settings you are using and make
sure the IPA server is listed first and that it has full name. Exactly the
same problem occurred for me with the slow logins to OSX which was due
I had to configure /etc/krb5.conf, and to avoid the requested reboot, I
did a "dscacheutil -flushcache", both as the logged in user and as root.
I tried enabling the anonymous bind and now also the directory browser
(and all the login process) works as expected.
Nicola
Il 21/12/15 17:39, Cal S
Thanks, John and Nicola
Kerberos occurred to me as well late in the day yesterday. Happily (?),
knit works fine simply specifying the user in question with no need to
suffix with the kerberos realm
I did find that my test user had an expired password, which i fixed on
the IPA server. This
I've setup some OSX (10.9 + 10.10) machines to authenticate against IPA
(centos 7.x), and like you I've followed the linsec.ca tutorial precisely.
I haven't had problems login in as an IPA user on any system I have setup,
so I'm afraid this reply is pretty useless to you.
Only issue that I had, th
Hello, I tried 2 weeks ago from Mavericks (OSX 10.9), but I had the
opposite problem: kinit works fine, while I'm unable to see users with
Directory Admin ((it always says it cant' connect, either with or
without SSL)
I disabled anonymous searches in 389-ds, by the way.
Nicola
Il 21/12/15 07:
Hi Cal,
Does a kinit work from a terminal? Does it work if you use "kinit user" or
just if you use "kinit user@REALM.suffix"
-- john
2015-12-20 15:09 GMT+01:00 Cal Sawyer :
> Hi, all
>
> I'm attempting to set up LDAP auth (against IPA server 4.10) from a OSX
> 10.10.5 (Yosemite) client
>
> Usi
Hi, all
I'm attempting to set up LDAP auth (against IPA server 4.10) from a OSX
10.10.5 (Yosemite) client
Using the excellent instructions at
http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8%20%22Linsec.ca%20tutorial%20for%20connecting%20Mac%20OS%2010.7%20to%20IPA%2
13 matches
Mail list logo
