Thank you Lukas.
The issue , not being able to login to some servers in our setup with ssh
keys, was due to incorrect permissions on /usr directory,per the following
entry in /var/log/secure.
*sshd[12856]: error: bad ownership or modes for AuthorizedKeysCommand path
component "/usr"*
After
On (15/09/16 11:46), Venkataramana Kintali wrote:
>Hi Lukas,
>ssh_config is also same on all servers.
>Our need is to do it both ways, to be able to login with ssh public
>keys(uploaded in IPA) and disable password login, and be able to access
>allhosts within the same IPA domain silently from
Hi Lukas,
ssh_config is also same on all servers.
Our need is to do it both ways, to be able to login with ssh public
keys(uploaded in IPA) and disable password login, and be able to access
allhosts within the same IPA domain silently from any host.
Hoping the configs will help, I am including
On (15/09/16 09:56), Venkataramana Kintali wrote:
>Hi Lukas,
>Thank you for responding.
>I compared the configs.(sshd_config and sssd.conf ),they are same.
Is /etc/ssh/ssh_config the same as well?
NOTE: (ssh_config is not the same as sshd_config //extra 'd' in name)
>sssd and sshd services are
Hi Lukas,
Thank you for responding.
I compared the configs.(sshd_config and sssd.conf ),they are same.
sssd and sshd services are running on all the servers(IPA clients).
PubKey Authentication is enabled on all the servers.
I am not able to login with sshkeys.
But I am able to ssh to these
On (07/09/16 17:39), Venkataramana Kintali wrote:
>Hi,
>Of late, I am learning FreeIPA . I have installed IPA server and few
>clients (Version 3.0.0)
>I am facing an issue with ssh key authentication in my setup.
>I generated a putty ssh private key (using putty keygen) ,and uploaded it
>under a
On Sep 7, 2016 8:09 PM, "Venkataramana Kintali" <
venkataramana.kint...@gmail.com> wrote:
>
> Hi,
> Of late, I am learning FreeIPA . I have installed IPA server and few
clients (Version 3.0.0)
> I am facing an issue with ssh key authentication in my setup.
> I generated a putty ssh private key
Hi,
Of late, I am learning FreeIPA . I have installed IPA server and few
clients (Version 3.0.0)
I am facing an issue with ssh key authentication in my setup.
I generated a putty ssh private key (using putty keygen) ,and uploaded it
under a user through IPA GUI.
I am able to login to some IPA
On 12/21/2015 05:49 PM, Alex Williams wrote:
I began installing a new ipa4 replica this morning and it all went
wrong. The ipa-replica-install script got all the way to restarting
ipa with systemctl at the very end, having set up replication and then
fell over, because systemctl couldn't find
I began installing a new ipa4 replica this morning and it all went
wrong. The ipa-replica-install script got all the way to restarting ipa
with systemctl at the very end, having set up replication and then fell
over, because systemctl couldn't find the ipa service. I removed the
replica from
Hi all,
I'm a fairly advanced user, however, having issues with setting up
freeIPA. I've started with Fedora 22 server (both with minimal install
and basic install), modified the hosts and hostname file respectively to
xx.xx.xx.xx ipa.cloud.local ipa
cloud.local
and began the install options
On Thu, 2015-06-18 at 10:08 -0500, James Benson wrote:
Hi all,
I'm a fairly advanced user, however, having issues with setting up
freeIPA. I've started with Fedora 22 server (both with minimal install
and basic install), modified the hosts and hostname file respectively to
xx.xx.xx.xx
On 18.6.2015 17:08, James Benson wrote:
Hi all,
I'm a fairly advanced user, however, having issues with setting up freeIPA.
I've started with Fedora 22 server (both with minimal install and basic
install), modified the hosts and hostname file respectively to
xx.xx.xx.xx ipa.cloud.local ipa
Freeipa 4.1.4
On 06/18/2015 10:28 AM, Simo Sorce wrote:
On Thu, 2015-06-18 at 10:08 -0500, James Benson wrote:
Hi all,
I'm a fairly advanced user, however, having issues with setting up
freeIPA. I've started with Fedora 22 server (both with minimal install
and basic install), modified the
- Original Message -
Hi all,
I'm a fairly advanced user, however, having issues with setting up
freeIPA. I've started with Fedora 22 server (both with minimal install
and basic install), modified the hosts and hostname file respectively to
xx.xx.xx.xx ipa.cloud.local ipa
On Thu, 2015-06-18 at 10:47 -0500, James Benson wrote:
Freeipa 4.1.4
Please run rpm -qi pki-base
On 06/18/2015 10:28 AM, Simo Sorce wrote:
On Thu, 2015-06-18 at 10:08 -0500, James Benson wrote:
Hi all,
I'm a fairly advanced user, however, having issues with setting up
freeIPA. I've
This is a virtual machine, rng-tools-5-4.fc22.x86_64 is installed ...
I did just try to create a gpg key and it seemed to have entropy
issues... I did however run the command
$ rngd -W 4096
$ cat /proc/sys/kernel/random/entropy_avail
to fill the entropy up again (previously reporting around
- Original Message -
This is a virtual machine, rng-tools-5-4.fc22.x86_64 is installed ...
I did just try to create a gpg key and it seemed to have entropy
issues... I did however run the command
$ rngd -W 4096
$ cat /proc/sys/kernel/random/entropy_avail
to fill the entropy up
Brian Topping wrote:
Hi all,
I've been trying to work through the instructions at
https://www.freeipa.org/page/Apache_SNI_With_Kerberos and have not been having
much luck. I've followed the instructions there exactly, ending with the
following command:
ipa-getcert request -r -f
Hi all,
I've been trying to work through the instructions at
https://www.freeipa.org/page/Apache_SNI_With_Kerberos and have not been having
much luck. I've followed the instructions there exactly, ending with the
following command:
ipa-getcert request -r -f /etc/httpd/certs/example.crt -k
On Mon, Mar 02, 2015 at 04:09:34AM -0800, Janelle wrote:
That was the point. The clients were not installed with IPA client install.
I have 2000 clients and still working on a simple way to automate the client
install with ansible or puppet. Currently just trying to get it working with
On Mon, Mar 02, 2015 at 04:09:34AM -0800, Janelle wrote:
That was the point. The clients were not installed with IPA client install.
I have 2000 clients and still working on a simple way to automate the client
install with ansible or puppet. Currently just trying to get it working with
That was the point. The clients were not installed with IPA client install.
I have 2000 clients and still working on a simple way to automate the client
install with ansible or puppet. Currently just trying to get it working with
simple sssd/ldap only auth.
~J
On Mar 2, 2015, at 01:12,
: [Freeipa-users] issues with secondary groups? (sssd)
On Mon, Mar 02, 2015 at 04:09:34AM -0800, Janelle wrote:
That was the point. The clients were not installed with IPA client install.
I have 2000 clients and still working on a simple way to automate the client
install with ansible or puppet
On Sat, Feb 28, 2015 at 11:07:20AM -0800, Janelle wrote:
Hello,
I was wondering - I have searched around and seen a few questions and
solutions, but nothing I try is fixing my environment.
Things have been working quite well with IPA 4.0.5, simple things with auth
and logins - some with
On Mon, 2015-03-02 at 13:25 +0100, Jakub Hrozek wrote:
On Mon, Mar 02, 2015 at 04:09:34AM -0800, Janelle wrote:
That was the point. The clients were not installed with IPA client install.
I have 2000 clients and still working on a simple way to automate the
client install with ansible or
Hello,
I was wondering - I have searched around and seen a few questions and
solutions, but nothing I try is fixing my environment.
Things have been working quite well with IPA 4.0.5, simple things with
auth and logins - some with full ipa-client-install configured, others
just using LDAP
sure.
Let me come back on that matter a bit later on next week.
- Mail original -
De: Dmitri Pal d...@redhat.com
À: freeipa-users@redhat.com
Envoyé: Mardi 17 Février 2015 19:39:40
Objet: Re: [Freeipa-users] issues with sudo on RHEL5.8
On 02/17/2015 05:18 AM, Nicolas Zin wrote:
Thanks
: Re: [Freeipa-users] issues with sudo on RHEL5.8
With a RHEL7 IDM installation, I try to make sudo working.
On RHEL6 no problem (via sssd)
On RHEL5.8 I don't manage to make it working (credential are good, I manage to
request the schema, see below)
Where can I found more logs?
What did I forget
On Tue, Feb 17, 2015 at 03:52:31AM -0500, Nicolas Zin wrote:
Hi,
With a RHEL7 IDM installation, I try to make sudo working.
On RHEL6 no problem (via sssd)
On RHEL5.8 I don't manage to make it working (credential are good, I manage
to request the schema, see below)
Where can I found more
Hi,
With a RHEL7 IDM installation, I try to make sudo working.
On RHEL6 no problem (via sssd)
On RHEL5.8 I don't manage to make it working (credential are good, I manage to
request the schema, see below)
Where can I found more logs?
What did I forget?
[root@srv-rhel58-01 ~]# cat
Thanks,
that helps!
I mistyped binddn and bindpw
- Mail original -
De: Lukasz Jaworski lukasz.jawor...@allegrogroup.com
À: Nicolas Zin nicolas@savoirfairelinux.com
Cc: freeipa-users@redhat.com
Envoyé: Mardi 17 Février 2015 13:31:20
Objet: Re: [Freeipa-users] issues with sudo
I am having a very difficult time getting the ipa server installed on
our test server.
CentOS release 6.6 (Final)
Linux test1-vm.example.com 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17
01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
ipa-server-3.0.0-42.el6.centos.x86_64
I tried to reinstall
Hello,
I'm a bit at loss with my freeipa kerberized nfs4 shares.
the nfs4 shares mount fine and users can read and write their files.
However pulse audio does not work properly, and some programs fail to start.
When logging in with a local account using a local homedrive
pulseaudio works, and
On Fri, 2014-06-20 at 18:02 +0200, Rob Verduijn wrote:
Hello,
I'm a bit at loss with my freeipa kerberized nfs4 shares.
the nfs4 shares mount fine and users can read and write their files.
However pulse audio does not work properly, and some programs fail to start.
When logging in with a
Hi Simo,
Thanx for the quick answer, i will consider the root implications.
However, what about pulse audio not working ?
The logs complain about that one not beeing able to write in home as well.
Rob
2014-06-20 18:27 GMT+02:00 Simo Sorce s...@redhat.com:
On Fri, 2014-06-20 at 18:02 +0200, Rob
On Fri, 2014-06-20 at 18:57 +0200, Rob Verduijn wrote:
Hi Simo,
Thanx for the quick answer, i will consider the root implications.
However, what about pulse audio not working ?
The logs complain about that one not beeing able to write in home as well.
Is it running as the pulse user ?
If so
Hi,
I have not touched pulse audio configuration, it's set to default, I
can see in the logs the pulseaudio daemon assumes the user id.
rtkit-daemon[697]: Successfully made thread 3299 of process 3299
(/usr/bin/pulseaudio) owned by '4701' high priority at nice level
-11.
rtkit-daemon[697]:
Considering the root immplications.
Handing out root to all nfs clients is indeed something that is undesirable.
However personally I believe manually creating homedirs to be a
procedure from the previous millenium.
Can I get freeipa to do this automatically the right way ? (respecting security)
On Fri, 2014-06-20 at 19:51 +0200, Rob Verduijn wrote:
Considering the root immplications.
Handing out root to all nfs clients is indeed something that is undesirable.
However personally I believe manually creating homedirs to be a
procedure from the previous millenium.
Can I get freeipa
On Fri, Feb 21, 2014 at 11:17:38PM +0200, Genadi Postrilko wrote:
I would like to clarify myself, i wasn't accurate when i compared it to :
https://bugzilla.redhat.com/show_bug.cgi?id=878564.
...
*But kinit with AD users failed:*
[root@ipaserver1 ~]# kinit gen...@adexample.com
kinit:
On Fri, 2014-02-21 at 00:27 +0200, Genadi Postrilko wrote:
Update:
For some reason the AD server has rebooted himself.
After the reboot i couldn't preform kinit with AD users.
I found a bugzilla that describes the symptoms that i experienced :
I would like to clarify myself, i wasn't accurate when i compared it to :
https://bugzilla.redhat.com/show_bug.cgi?id=878564.
I have tried to reproduce the bug by restarting the AD.
*I was able to preform winbindd commands:*
[root@ipaserver1 ~]# wbinfo -u
ADEXAMPLE\administrator
ADEXAMPLE\guest
Update:
For some reason the AD server has rebooted himself.
After the reboot i couldn't preform kinit with AD users.
I found a bugzilla that describes the symptoms that i experienced :
https://bugzilla.redhat.com/show_bug.cgi?id=878564
Not sure if it is the same bug - the bugzilla reports bug in
On Wed, Feb 19, 2014 at 12:17:59AM +0200, Genadi Postrilko wrote:
After i restarted SSSD nothing changed - still cannot login via ssh/su.
I have increased debug level to 6:
https://gist.github.com/anonymous/9081367
(krb5_child was empty)
The LDAP extented operation which should fetch the user
On Tue, Feb 18, 2014 at 01:11:38AM +0200, Genadi Postrilko wrote:
Thank you for the help!
I have preformed downgrade:
yum downgrade samba4*
[root@ipaserver1 ~]# rpm -qa | grep samb
samba4-python-4.0.0-58.el6.rc4.x86_64
samba4-winbind-4.0.0-58.el6.rc4.x86_64
On Sat, Feb 15, 2014 at 12:14:58AM +0200, Genadi Postrilko wrote:
I have seen threads where opened on trust issues:
AD - Freeipa trust confusion
Cross domain trust
Cannot loging via SSH with AD user TO IPA Domain - which I opened.
It looks like after creation of trust, TGT ticket can be
Thank you for the help!
I have preformed downgrade:
yum downgrade samba4*
[root@ipaserver1 ~]# rpm -qa | grep samb
samba4-python-4.0.0-58.el6.rc4.x86_64
samba4-winbind-4.0.0-58.el6.rc4.x86_64
samba4-common-4.0.0-58.el6.rc4.x86_64
samba4-winbind-clients-4.0.0-58.el6.rc4.x86_64
I have seen threads where opened on trust issues:
AD - Freeipa trust confusion
Cross domain trust
Cannot loging via SSH with AD user TO IPA Domain - which I opened.
It looks like after creation of trust, TGT ticket can be issued from AD,
but su and ssh do not allow a log in with AD user.
I'm not
[root@freeipa ~]# ipa hbactest --user=myuser --host=my.fqdn. --service=sshd
Access granted: True
Matched rules: allow_all
[root@freeipa ~]#
└─ ssh myus...@ec2-54-xxx.xxx.compute-1.amazonaws.com -i
/home/user/.ssh/key
Connection closed by 54x.x.x.x
Shawn wrote:
[root@freeipa ~]# ipa hbactest --user=myuser --host=my.fqdn. --service=sshd
Access granted: True
Matched rules: allow_all
[root@freeipa ~]#
└─ ssh myus...@ec2-54-xxx.xxx.compute-1.amazonaws.com
On Wed, Apr 10, 2013 at 02:11:14PM -0400, Rob Crittenden wrote:
Shawn wrote:
[root@freeipa ~]# ipa hbactest --user=myuser --host=my.fqdn. --service=sshd
Access granted: True
Matched rules: allow_all
[root@freeipa ~]#
└─ ssh
(Wed Apr 10 14:22:45 2013) [sssd[pam]] [sss_parse_name_for_domains]
(0x0200): name 'staaj' matched without domain, user is staaj
(Wed Apr 10 14:22:45 2013) [sssd[pam]] [sss_parse_name_for_domains]
(0x0200): using default domain [(null)]
(Wed Apr 10 14:22:45 2013) [sssd[pam]] [pam_print_data]
On Wed, Apr 10, 2013 at 02:27:36PM -0400, Shawn wrote:
(Wed Apr 10 14:22:45 2013) [sssd[pam]] [write_selinux_login_file] (0x0040):
creating the temp file for SELinux data failed.
/etc/selinux/targeted/logins/staajtlQ108(Wed Apr 10 14:22:45 2013)
[sssd[pam]] [pam_reply] (0x0100): blen: 30
I
[root@freeclient1 sssd]# sestatus
SELinux status: disabled
[root@freeclient1 sssd]# ls -ldZ /etc/selinux/
drwxr-xr-x root root ?/etc/selinux/
[root@freeclient1 sssd]#
On Wed, Apr 10, 2013 at 2:31 PM, Jakub Hrozek jhro...@redhat.com wrote:
On
Yep, sure does. Thanks much.
If selinux is disabled, why does it care?
On Wed, Apr 10, 2013 at 2:37 PM, Jakub Hrozek jhro...@redhat.com wrote:
On Wed, Apr 10, 2013 at 02:34:06PM -0400, Shawn wrote:
[root@freeclient1 sssd]# sestatus
SELinux status: disabled
On Wed, Apr 10, 2013 at 02:49:46PM -0400, Shawn wrote:
Yep, sure does. Thanks much.
If selinux is disabled, why does it care?
It's an SSSD bug:
https://bugzilla.redhat.com/show_bug.cgi?id=914433
We didn't realize that SELinux disabled might mean that the directory is
not there at all.
Hi,
I have configured a ipa-server, replica and client.
In the GUI I can see that all hosts are in the hosts list.. I have
created a single user as well and attached that user to the client.
When trying to login as the user to the client, I see this in the
secure.log.
fatal: Access denied for
I am able to login to my replica and master with users no problem, just
having issues with clients..
On Thu, Apr 4, 2013 at 3:27 PM, Shawn taaj.sh...@gmail.com wrote:
Hi,
I have configured a ipa-server, replica and client.
In the GUI I can see that all hosts are in the hosts list.. I have
Shawn wrote:
Hi,
I have configured a ipa-server, replica and client.
In the GUI I can see that all hosts are in the hosts list.. I have
created a single user as well and attached that user to the client.
When trying to login as the user to the client, I see this in the
secure.log.
fatal:
On Thu, Apr 04, 2013 at 03:27:37PM -0400, Shawn wrote:
Hi,
I have configured a ipa-server, replica and client.
In the GUI I can see that all hosts are in the hosts list.. I have
created a single user as well and attached that user to the client.
When trying to login as the user to the
Run an hbactest:
ipa hbactest --user=youruser --host=fqdn.of.host --service=sshd
Make sure that works, if it does, then you can move on to troubleshooting
the host itself.
On Thu, Apr 4, 2013 at 2:27 PM, Shawn taaj.sh...@gmail.com wrote:
Hi,
I have configured a ipa-server, replica and
Wow this looks like a huge improvement...I can see my next few days is booked.
More pictures showing how to do things please
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Steven Jones wrote, on 06/23/2011 05:16 PM:
Wow this looks like a huge improvement...I can see my next few days is booked.
More pictures showing how to do things please
For you, I'll do it! But only for you. :)
Actually, it's already on my project to-do list. FreeIPAv2.1 is having a
64 matches
Mail list logo