Re: [Freeipa-users] Help needed - CA Server role not adding

Chris Moody wrote: > Hello. > > First wanted to thank everyone working hard to bring this awesome bundle > of applications to market. This is a great project and I really > appreciate the efforts. > > I need a hand with a new 4.4.3 install that I'm still trying to flesh > out fully to support

[Freeipa-users] Help needed - CA Server role not adding

Hello. First wanted to thank everyone working hard to bring this awesome bundle of applications to market. This is a great project and I really appreciate the efforts. I need a hand with a new 4.4.3 install that I'm still trying to flesh out fully to support all the services I need. I recently

Re: [Freeipa-users] help

On 10/17/2016 02:44 AM, 郑磊 wrote: Hello everyone, I'm using freeipa, and having a test and research with the function of freeipa. At the same time, I have carried on the chinese translation to the web interface, also added own function module in web interface. However, For these changes I

Re: [Freeipa-users] help

On 17/10/16 02:44, 郑磊 wrote: Hello everyone, I'm using freeipa, and having a test and research with the function of freeipa. At the same time, I have carried on the chinese translation to the web interface, also added own function module in web interface. However, For these changes I

[Freeipa-users] help

Hello everyone, I'm using freeipa, and having a test and research with the function of freeipa. At the same time, I have carried on the chinese translation to the web interface, also added own function module in web interface. However, For these changes I don't know how to interact with

Re: [Freeipa-users] Help with sudo permission for a command

Hey Pavel, Thanks for the reply! It's not exactly that I want to allow any command to be run as app_user. The command I actually want to run is very long, and complicated and wouldn't mean much in this context, so I simplified my example. The problem is that *any command *I run will fail, wether

Re: [Freeipa-users] Help with sudo permission for a command

On 08/30/2016 05:08 PM, Ryan Whalen wrote: Hi All, Im having an issue getting a command to run properly, and the issue seems to be with Freeipa sudo permissions. Specifically 'sudo su - app_user -c ""' prompts for a password when run. However if I 'sudo su - app_user' and then run the '' as

Re: [Freeipa-users] Help needed with keytabs

On 5.5.2016 18:39, Roderick Johnstone wrote: > Hi > > I need to run some ipa commands in cron jobs. > > The post here: > https://www.redhat.com/archives/freeipa-users/2014-March/msg00044.html > suggests I need to use a keytab file to authenticate kerberos. > > I've tried the prescription there,

Re: [Freeipa-users] Help needed with keytabs

f you need to access the service account, then setup a sudo rule to switch user to that account. Example: "sudo su - svc_useradm" -Mike -Original Message- From: Roderick Johnstone <r...@ast.cam.ac.uk> Sent: May 5, 2016 12:39 PM To: freeipa-users@redhat.com Subject: [

Re: [Freeipa-users] Help needed with keytabs

From: Roderick Johnstone <r...@ast.cam.ac.uk> Sent: May 5, 2016 12:39 PM To: freeipa-users@redhat.com Subject: [Freeipa-users] Help needed with keytabs Hi I need to run some ipa commands in cron jobs. The post here: https://www.redhat.com/archives/freeipa-users/2014-March/msg00044.h

Re: [Freeipa-users] Help needed with keytabs

sudo rule to switch user to that account. Example: "sudo su - svc_useradm" -Mike -Original Message- >From: Roderick Johnstone <r...@ast.cam.ac.uk> >Sent: May 5, 2016 12:39 PM >To: freeipa-users@redhat.com >Subject: [Freeipa-users] Help needed with keytabs &g

[Freeipa-users] Help needed with keytabs

Hi I need to run some ipa commands in cron jobs. The post here: https://www.redhat.com/archives/freeipa-users/2014-March/msg00044.html suggests I need to use a keytab file to authenticate kerberos. I've tried the prescription there, with variations, without success. My current testing

Re: [Freeipa-users] Help regarding SUDo rule implementation

On Mon, May 02, 2016 at 06:13:42AM +0300, Ben .T.George wrote: > HI All > > sudo rules got worked .actually i tried after 6 hours, what is the default > time to get affect this rule affect normally, is there any way to manually > pull changes from client? see man sssd-sudo, there are

Re: [Freeipa-users] Help regarding SUDo rule implementation

HI All sudo rules got worked .actually i tried after 6 hours, what is the default time to get affect this rule affect normally, is there any way to manually pull changes from client? Regards, Ben On Sun, May 1, 2016 at 11:46 PM, Ben .T.George wrote: > HI > > i have a

[Freeipa-users] Help regarding SUDo rule implementation

HI i have a working setup of FreeIPA 4.3 with AD integrated, I can able to apply HBAC rules and from client side it's working. how can i apply sudo rules to that specific POSIX group. i have created sample rue and added 2 commands put option as !authenticate and attached this rule to client,

[Freeipa-users] help

-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Help understanding issue with CentOS freeipa sudo host groups

>> [root@als-centos0002 sys-ops]# nisdomainname >> dakar.useast.hpcloud.net >> >> [root@als-centos0002 sys-ops]# getent netgroup opsauto >> opsauto >> (als-ubuntu0001.oa.ftc.hpelabs.net,-,eucalyptus.internal) >> (als-centos0002.dakar.useast.hpcloud.net,-,eucalyptus.internal) >

[Freeipa-users] Help understanding issue with CentOS freeipa sudo host groups

I still can't find the problem after a lot of searching, can someone give me a little advice? Assembling a POC of FreeIPA 4.1.0 server (stock CentOS-7 packages) and a CentOS 6.7 server with their stock 3.0.0 packages. Sudo version on the client is sudo-1.8.6p3. Have created a general sudo

Re: [Freeipa-users] Help understanding issue with CentOS freeipa sudo host groups

Sparks, Alan wrote: > I still can’t find the problem after a lot of searching, can someone > give me a little advice? Assembling a POC of FreeIPA 4.1.0 server > (stock CentOS-7 packages) and a CentOS 6.7 server with their stock 3.0.0 > packages. Sudo version on the client is sudo-1.8.6p3. >

Re: [Freeipa-users] Help understanding issue with CentOS freeipa sudo host groups

Sparks, Alan wrote: > >>> [root@als-centos0002 sys-ops]# nisdomainname >>> dakar.useast.hpcloud.net >>> >>> [root@als-centos0002 sys-ops]# getent netgroup opsauto >>> opsauto >>> (als-ubuntu0001.oa.ftc.hpelabs.net,-,eucalyptus.internal) >>>

Re: [Freeipa-users] Help Needed Sanitizing ldif and/or bak data from CA-less Replica to import into fresh CA Master

Martin Kosek wrote: On 06/01/2015 02:19 AM, Sina Owolabi wrote: Hi! I am still stumbling along with this, I have had my IPA domain destroyed and currently only a CA-less replica is left running the network. The existing CA-less replica is on RHEL6.6 with ipa-3.0.0. I am trying to setup a fresh

Re: [Freeipa-users] Help Needed Sanitizing ldif and/or bak data from CA-less Replica to import into fresh CA Master

Thanks Martin, Rob, but I think I am totally lost.. I was able to migrate-ds but I think along the way I broke the replica. Errors I am seeing in the ipa clients are like so: Jun 2 16:33:11 ipaclient1 [sssd[ldap_child[27865]]]: Client 'host/ipaclient1.mydom@mydom.com' not found in Kerberos

[Freeipa-users] Help Needed Sanitizing ldif and/or bak data from CA-less Replica to import into fresh CA Master

Hi! I am still stumbling along with this, I have had my IPA domain destroyed and currently only a CA-less replica is left running the network. The existing CA-less replica is on RHEL6.6 with ipa-3.0.0. I am trying to setup a fresh CA-master and I have exported the data in the replica into ldif

Re: [Freeipa-users] Help with debugging HBACs

​Thank you for the reply Sumit - I will look into updating the version of sssd. If that doesn't work, I will also try adding the ​'sourceHostCategory' attribute to rules. Though, I would imagine I would have to do this for *all* rules if I want them to work as intended. I'll report back my

Re: [Freeipa-users] Help with debugging HBACs

On Sat, Feb 14, 2015 at 12:52:10PM -0800, Andrew Egelhofer wrote: Hi FreeIPA Users- I've deployed a FreeIPA instance in my Lab, and enrolled a single host, and a single user ('testuser'). The only HBAC rule I currently have is the stock allow_all. Yet, when I attempt to log into the host via

[Freeipa-users] Help with debugging HBACs

Hi FreeIPA Users- I've deployed a FreeIPA instance in my Lab, and enrolled a single host, and a single user ('testuser'). The only HBAC rule I currently have is the stock allow_all. Yet, when I attempt to log into the host via ssh, it closes the connection. $ ssh testuser@host Warning:

Re: [Freeipa-users] Help: Rebooted IPA server and AD Trust shows offline

On Fri, Jun 27, 2014 at 02:23:47PM -0400, Mark Gardner wrote: Was trying to add an external ad group to IPA, it kept failing with unable to connect to server. Figured I'd reboot to clear things up. Oops. Now wbinfo --online-status shows are AD as offline. wbinfo -u shows blank wbinfo

[Freeipa-users] Help: Rebooted IPA server and AD Trust shows offline

Was trying to add an external ad group to IPA, it kept failing with unable to connect to server. Figured I'd reboot to clear things up. Oops. Now wbinfo --online-status shows are AD as offline. wbinfo -u shows blank wbinfo -n 'DOMAIN\user' gives the following message: failed to call

Re: [Freeipa-users] Help: Rebooted IPA server and AD Trust shows offline

. Johan From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Mark Gardner [malek...@gmail.com] Sent: Friday, June 27, 2014 20:23 To: freeipa-users Subject: [Freeipa-users] Help: Rebooted IPA server and AD Trust shows offline

[Freeipa-users] HELP

My Master IPA server has been lost, My replica is still up and functioning. what is the best way to proceed? Do I rebuild my master and add it has a replica? how do I get my master back in line with my IPA env? the Master needs to be rebuilt from scratch red hat 6.5 latest version of

Re: [Freeipa-users] HELP

On Thu, Mar 27, 2014 at 7:58 PM, Todd Maugh tma...@boingo.com wrote: My Master IPA server has been lost, My replica is still up and functioning. what is the best way to proceed? Do I rebuild my master and add it has a replica? how do I get my master back in line with my IPA env?

Re: [Freeipa-users] HELP

Todd Maugh wrote: My Master IPA server has been lost, My replica is still up and functioning. what is the best way to proceed? Do I rebuild my master and add it has a replica? how do I get my master back in line with my IPA env? the Master needs to be rebuilt from scratch red hat 6.5

Re: [Freeipa-users] help: ipa error 4301

On 07/17/2013 11:14 PM, Shapiro, Matthew E CTR DODHRA DMDC (US) wrote: Hi , While running the ipa-client-install script on a RHEL 6.4 server, I get the following output (please note the indicated line with the arrow): [root@[hostname]]# ipa-client-install Discovery was

Re: [Freeipa-users] Help troubleshooting migrate-ds

On 07/05/13 22:04, Rob Crittenden wrote: https://fedorahosted.org/freeipa/ticket/3364 rob Thanks for poiting. It was the key. Now I'm having other issues, but the kind of issues I use to like :) Regards -- Arturo Borrero González Departamento de Seguridad Informática (n...@cica.es) Centro

Re: [Freeipa-users] Help troubleshooting migrate-ds

On 03/05/13 12:40, Arturo Borrero wrote: Hi there! In a freshly installed FreeIPA server, I try: # ipa migrate-ds LDAP URI: ldaps://ldap.example.com Contraseña: ipa: ERROR: no es posible conectar con u'ldaps://ldap.example.com': LDAP Server Down This is a related line I found in the

Re: [Freeipa-users] Help troubleshooting migrate-ds

On 05/07/2013 07:53 AM, Arturo Borrero wrote: On 03/05/13 12:40, Arturo Borrero wrote: Hi there! In a freshly installed FreeIPA server, I try: # ipa migrate-ds LDAP URI: ldaps://ldap.example.com Contraseña: ipa: ERROR: no es posible conectar con u'ldaps://ldap.example.com': LDAP Server

Re: [Freeipa-users] Help troubleshooting migrate-ds

Arturo Borrero wrote: On 03/05/13 12:40, Arturo Borrero wrote: Hi there! In a freshly installed FreeIPA server, I try: # ipa migrate-ds LDAP URI: ldaps://ldap.example.com Contraseña: ipa: ERROR: no es posible conectar con u'ldaps://ldap.example.com': LDAP Server Down This is a related line I

[Freeipa-users] Help troubleshooting migrate-ds

Hi there! In a freshly installed FreeIPA server, I try: # ipa migrate-ds LDAP URI: ldaps://ldap.example.com Contraseña: ipa: ERROR: no es posible conectar con u'ldaps://ldap.example.com': LDAP Server Down This is a related line I found in the logfile: [Fri May 03 12:30:53 2013] [error] ipa:

Re: [Freeipa-users] Help with ipa-replica-manage

Sorry for the late reply Steven - No, there is no firewall. -Ben From: steven.jo...@vuw.ac.nz CC: freeipa-users@redhat.com Date: Tue, 15 May 2012 21:04:04 + Subject: Re: [Freeipa-users] Help with ipa-replica-manage firewall? regards Steven Jones Technical Specialist - Linux RHCE

Re: [Freeipa-users] Help with ipa-replica-manage

: rmegg...@redhat.com To: ben1...@hotmail.com CC: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Help with ipa-replica-manage On 05/15/2012 02:49 PM, Ben Ho wrote: This is the information I retrieved about my server. ipa

Re: [Freeipa-users] Help with ipa-replica-manage

@redhat.com Subject: Re: [Freeipa-users] Help with ipa-replica-manage On 05/15/2012 02:49 PM, Ben Ho wrote: This is the information I retrieved about my server. *ipa-server-selinux-2.1.3-9.el6.x86_64* *ipa-client-2.1.3-9.el6.x86_64* *ipa-server-2.1.3-9.el6.x86_64* *CentOS release

Re: [Freeipa-users] Help regarding Basic FreeIPA setup

On Mon, 2012-05-14 at 19:11 -0400, Dmitri Pal wrote: On 05/14/2012 05:25 PM, Chandan Kumar wrote: System: Centos 6.2 IPA version : ipa-server-2.1.3-9.el6.x86_64 Thanks Chandan I am not sure but seems like something is not properly configured with the browser. I do not

[Freeipa-users] Help regarding Basic FreeIPA setup

:* Tuesday, 15 May 2012 9:25 a.m. *To:* d...@redhat.com *Cc:* freeipa-users@redhat.com *Subject:* Re: [Freeipa-users] Help regarding Basic FreeIPA setup System: Centos 6.2 IPA version : ipa-server-2.1.3-9.el6.x86_64 Thanks Chandan On Mon, May 14, 2012 at 2:21 PM, Dmitri Pal d

Re: [Freeipa-users] Help regarding Basic FreeIPA setup

...@redhat.com] on behalf of Chandan Kumar [ chandank.ku...@gmail.com] *Sent:* Tuesday, 15 May 2012 9:25 a.m. *To:* d...@redhat.com *Cc:* freeipa-users@redhat.com *Subject:* Re: [Freeipa-users] Help regarding Basic FreeIPA setup System: Centos 6.2 IPA version : ipa-server-2.1.3-9.el6.x86_64

[Freeipa-users] Help with ipa-replica-manage

Hello, I am pretty new to IPA. Right now I have three servers that are running IPA. I am trying to replicate one server to two other servers. I use this command: ipa-replica-manage re-initialize --from example2.edu On the first server I need to replicate, it works fine. However, on the

Re: [Freeipa-users] Help with ipa-replica-manage

On 05/15/2012 01:00 PM, Ben Ho wrote: Hello, I am pretty new to IPA. Right now I have three servers that are running IPA. I am trying to replicate one server to two other servers. I use this command: ipa-replica-manage re-initialize --from example2.edu On the first server I need to

Re: [Freeipa-users] Help regarding Basic FreeIPA setup

...@redhat.com] on behalf of Chandan Kumar [chandank.ku...@gmail.com] Sent: Tuesday, 15 May 2012 9:25 a.m. To: d...@redhat.com Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Help regarding Basic FreeIPA setup System: Centos 6.2 IPA version : ipa-server-2.1.3-9.el6.x86_64 Thanks

Re: [Freeipa-users] Help with ipa-replica-manage

2012 8:49 a.m. To: rmegg...@redhat.com Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Help with ipa-replica-manage This is the information I retrieved about my server. ipa-server-selinux-2.1.3-9.el6.x86_64 ipa-client-2.1.3-9.el6.x86_64 ipa-server-2.1.3-9.el6.x86_64 CentOS release 6.2

Re: [Freeipa-users] Help with ipa-replica-manage

...@hotmail.com CC: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Help with ipa-replica-manage On 05/15/2012 01:00 PM, Ben Ho wrote: Hello, I am pretty new to IPA. Right now I have three servers that are running IPA. I am

Re: [Freeipa-users] Help with ipa-replica-manage

otherwise working? -Ben Date: Tue, 15 May 2012 13:15:46 -0600 From: rmegg...@redhat.com To: ben1...@hotmail.com CC: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Help with ipa-replica-manage On 05/15/2012 01:00 PM, Ben Ho

Re: [Freeipa-users] Help regarding Basic FreeIPA setup

On 05/14/2012 05:09 PM, Chandan Kumar wrote: I am a newbie in IPA and was experimenting it on my couple of VMs before considering it for production level. Installation went fine, however, I am getting the kerberos key expiration error at firefox. I am running firefox on the same machine

Re: [Freeipa-users] Help regarding Basic FreeIPA setup

System: Centos 6.2 IPA version : ipa-server-2.1.3-9.el6.x86_64 Thanks Chandan On Mon, May 14, 2012 at 2:21 PM, Dmitri Pal d...@redhat.com wrote: ** On 05/14/2012 05:09 PM, Chandan Kumar wrote: I am a newbie in IPA and was experimenting it on my couple of VMs before considering it for

Re: [Freeipa-users] Help regarding Basic FreeIPA setup

On 05/14/2012 05:25 PM, Chandan Kumar wrote: System: Centos 6.2 IPA version : ipa-server-2.1.3-9.el6.x86_64 Thanks Chandan I am not sure but seems like something is not properly configured with the browser. I do not remember seeing SPNEGO in the GSSAPI negotiation in this flow on a

Re: [Freeipa-users] Help regarding Basic FreeIPA setup

-users@redhat.com Subject: Re: [Freeipa-users] Help regarding Basic FreeIPA setup System: Centos 6.2 IPA version : ipa-server-2.1.3-9.el6.x86_64 Thanks Chandan On Mon, May 14, 2012 at 2:21 PM, Dmitri Pal d...@redhat.commailto:d...@redhat.com wrote: On 05/14/2012 05:09 PM, Chandan Kumar wrote: I

Re: [Freeipa-users] help! IPA server she explode!

On Thu, 2011-05-19 at 01:41 +, Steven Jones wrote: I have an internal ajax error! :( the logs say, Ping me later on IRC, I'd like you to run some commands, and it will be easier done interactively. Simo. ___ Freeipa-users mailing list

Re: [Freeipa-users] help! IPA server she explode!

Steven Jones wrote: I have an internal ajax error! :( the logs say, [Thu May 19 09:59:35 2011] [notice] Apache/2.2.15 (Unix) DAV/2 mod_auth_kerb/5.4 mod_nss/2.2.15 NSS/3.12.9.0 mod_wsgi/3.2 Python/2.6.6 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations jonesst1 [Thu