On Mon, Apr 17, 2017 at 04:49:59PM +0300, Alexander Bokovoy wrote:
> On Mon, 17 Apr 2017, Jan Pazdziora wrote:
> >
> > Hello,
> >
> > on freeipa-server-4.4.4-1.fc25.x86_64, admin can generate and retrieve
> > new keytab for a service but they cannot retrieve the existing keys
> > with the -r
On Mon, 17 Apr 2017, Jan Pazdziora wrote:
Hello,
on freeipa-server-4.4.4-1.fc25.x86_64, admin can generate and retrieve
new keytab for a service but they cannot retrieve the existing keys
with the -r option. Is that expected?
Yes. Access to existing keys is intentionally restricted. There are
Hello,
on freeipa-server-4.4.4-1.fc25.x86_64, admin can generate and retrieve
new keytab for a service but they cannot retrieve the existing keys
with the -r option. Is that expected?
# kdestroy -A
# kinit admin
Password for ad...@example.test:
# ipa host-add test1.example.test --force
On 08/18/2016 04:16 PM, Deepak Dimri wrote:
> Hi All,
>
> While trying to automate IPA client registration programatically, i seems
> have
> made my admin password out of sync between KDC and
> /etc/krb5.keytab.
This looks confusing, admin password and /etc/krb5.keytab do not look related.
The
Hi All,
While trying to automate IPA client registration programatically, i seems have
made my admin password out of sync between KDC and
/etc/krb5.keytab. Now when i try login into ipa GUI via admin i am getting "The
password or username is incorrect" - though i am trying with the
I was facing similar issues, and ended up changing the username from admin
to something else since admin is a common name in brute force ssh attacks.
It was getting locked out in spite of using fail2ban. I guess fail2ban can
be tweaked to block the host before ipa blocks the admin account, but I
Prasun Gera wrote:
> I was facing similar issues, and ended up changing the username from
> admin to something else since admin is a common name in brute force ssh
> attacks. It was getting locked out in spite of using fail2ban. I guess
> fail2ban can be tweaked to block the host before ipa blocks
Torsten Harenberg wrote:
> Hi Janelle,
>
> Am 04.10.2015 um 19:25 schrieb Janelle:
>> Just wondering if anyone knows why this happens from time to time on
>> servers:
>>
>> $ kinit admin
>> kinit: Clients credentials have been revoked while getting initial
>> credentials
>>
>> there are no failed
On 10/5/15 7:39 AM, Rob Crittenden wrote:
Torsten Harenberg wrote:
Hi Janelle,
Am 04.10.2015 um 19:25 schrieb Janelle:
Just wondering if anyone knows why this happens from time to time on
servers:
$ kinit admin
kinit: Clients credentials have been revoked while getting initial
credentials
Janelle wrote:
> On 10/5/15 7:39 AM, Rob Crittenden wrote:
>> Torsten Harenberg wrote:
>>> Hi Janelle,
>>>
>>> Am 04.10.2015 um 19:25 schrieb Janelle:
Just wondering if anyone knows why this happens from time to time on
servers:
$ kinit admin
kinit: Clients credentials
Hello everyone,
Just wondering if anyone knows why this happens from time to time on
servers:
$ kinit admin
kinit: Clients credentials have been revoked while getting initial
credentials
there are no failed logins to the admin account - not even any login
attempts, so it is not like
Hi Janelle,
Am 04.10.2015 um 19:25 schrieb Janelle:
> Just wondering if anyone knows why this happens from time to time on
> servers:
>
> $ kinit admin
> kinit: Clients credentials have been revoked while getting initial
> credentials
>
> there are no failed logins to the admin account - not
When this command failed for me, it usually was a problem with SSSD on the
master. The service was down, offline or simply something wrong was with it.
On the master, I would try:
$ id admin
$ ssh admin@localhost # (with password)
If that works, try manual
$ ssh admin@ipa.master.server # with
@gmail.com, Janelle
janellenicol...@gmail.com
Cc: freeipa-users@redhat.com freeipa-users@redhat.com
Date: 03.08.2015 08:49
Subject:Re: [Freeipa-users] Admin password not accepted during replica
install
Sent by:freeipa-users-boun...@redhat.com
When
Hi Guys,
I'm doing a replica install there my admin password for the SSH check
to the master is not accepted.
The password is not expired, I can use it on the GUI and even changing
it in the GUI doesn't fix this.
What can I check ?
Cheers,
Matt
--
Manage your subscription for the
What is in the logs on the machine that is failing? Can you login to
admin from anywhere? Logs are you best friend.
Also, a simply ssh -vvv will help.
~J
On 8/1/15 12:51 PM, Matt . wrote:
Hi,
This didn't fix it yet.
I wonder if there are any checks I can do as in the very past I was
able
lastly -- on the master - do you get the same error if you kinit admin?
~J
On 8/1/15 1:05 PM, Matt . wrote:
This actually the most important part, and the GSS Failure concerns me:
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa ((nil)),
debug2: key: /root/.ssh/id_dsa
Hi,
This didn't fix it yet.
I wonder if there are any checks I can do as in the very past I was
able to do a simple replica without any issues.
Matt
2015-08-01 21:34 GMT+02:00 Janelle janellenicol...@gmail.com:
Double check you do not have AllowGroups set in your /etc/ssh/sshd_config
file.
kinit admin works perfectly, that is such strange.
2015-08-01 22:15 GMT+02:00 Janelle janellenicol...@gmail.com:
lastly -- on the master - do you get the same error if you kinit admin?
~J
On 8/1/15 1:05 PM, Matt . wrote:
This actually the most important part, and the GSS Failure concerns
which points to the configuration of sssd.conf and/or nsswitch.conf
It is in there. If you say there are no AllowGroups in sshd, it has to
be in one of those 2 places.
~J
On 8/1/15 1:26 PM, Matt . wrote:
kinit admin works perfectly, that is such strange.
2015-08-01 22:15 GMT+02:00 Janelle
I even checked working version (IPA clusters) and they don't even have
this AllowGroups.
Am I missing something ?
2015-08-01 22:52 GMT+02:00 Janelle janellenicol...@gmail.com:
which points to the configuration of sssd.conf and/or nsswitch.conf
It is in there. If you say there are no
Roderick Johnstone wrote:
On 10/02/15 07:44, Dmitri Pal wrote:
On 02/09/2015 05:35 PM, Roderick Johnstone wrote:
Hi
I seem to have locked myself out of my ipa admin account (on RHEL
6.6). This is an evaluation instance so not too big a deal, but a good
learning experience. I suspect its
On 10/02/2015 14:36, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 10/02/15 07:44, Dmitri Pal wrote:
On 02/09/2015 05:35 PM, Roderick Johnstone wrote:
Hi
I seem to have locked myself out of my ipa admin account (on RHEL
6.6). This is an evaluation instance so not too big a deal, but a
On 10/02/15 07:44, Dmitri Pal wrote:
On 02/09/2015 05:35 PM, Roderick Johnstone wrote:
Hi
I seem to have locked myself out of my ipa admin account (on RHEL
6.6). This is an evaluation instance so not too big a deal, but a good
learning experience. I suspect its some changes that I made to the
On 02/10/2015 12:00 PM, Roderick Johnstone wrote:
On 10/02/15 07:44, Dmitri Pal wrote:
On 02/09/2015 05:35 PM, Roderick Johnstone wrote:
Hi
I seem to have locked myself out of my ipa admin account (on RHEL
6.6). This is an evaluation instance so not too big a deal, but a good
learning
On 02/09/2015 05:35 PM, Roderick Johnstone wrote:
Hi
I seem to have locked myself out of my ipa admin account (on RHEL
6.6). This is an evaluation instance so not too big a deal, but a good
learning experience. I suspect its some changes that I made to the
password policy that caused this.
Hi
I seem to have locked myself out of my ipa admin account (on RHEL 6.6).
This is an evaluation instance so not too big a deal, but a good
learning experience. I suspect its some changes that I made to the
password policy that caused this.
The admin account has expired and I'm trying to
All,
I'm setting up a new replicated master (CentOS7) from a CentOS 6.5
original master. I added the patch (to the freeIPA 3.3 on CentOS 7) from
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=8c98561c209d0ccaa692a335e3e9a10aec23ee0e
to handle the 2 replication IDs bug.
The replication
Jim Kinney wrote:
All,
I'm setting up a new replicated master (CentOS7) from a CentOS 6.5
original master. I added the patch (to the freeIPA 3.3 on CentOS 7) from
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=8c98561c209d0ccaa692a335e3e9a10aec23ee0e
to handle the 2 replication
Found a solution:
The first replica I built did not have the CA replication setup. So I
ran the ipa-ca-install with it's original replica file on the first
replica.
Now that system is able to generate a replica.gpg file for the new
centos7 box. The new box replicated just fine and all is well
Hi,
I want to set a group of admin level users admin rights to select user and host
groups, can this be done in IPA?
How?
So they need to be able to add users from the general pool to specific groups
and add specific hosts to specific groups only, can these be done?
regards
Steven Jones
Sylvain Angers wrote:
Hello
Someone did delete the admin account by mistake, how can we recover from
this?
You might want to have a look on this, There is a RFE which will prompt you
before you delete some important things.
https://fedorahosted.org/freeipa/ticket/2560
On 05/09/2012 10:24 PM, Rob Crittenden wrote:
Sylvain Angers wrote:
Hello
Someone did delete the admin account by mistake, how can we recover from
this?
Fortunately there is nothing really special about the admin account except
that they are a member of the admins group, that is the important
Is this user blocked from logging into a IPA client?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
___
Freeipa-users mailing list
Freeipa-users@redhat.com
On Thu, Dec 08, 2011 at 08:49:06PM +, Steven Jones wrote:
Is this user blocked from logging into a IPA client?
It is not blocked, I often use admin as a test dummy for SSSD testing.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
Steven Jones wrote:
Is this user blocked from logging into a IPA client?
No, it is more or less a normal user.
rob
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
, Wellington, NZ
0064 4 463 6272
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Jakub Hrozek [jhro...@redhat.com]
Sent: Friday, 9 December 2011 10:00 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users
Hi all
How do I make admin password not to expire immediately after changing it?
thanks
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On Thu, 2011-01-27 at 09:09 -0500, Uzor Ide wrote:
Hi all
How do I make admin password not to expire immediately after changing
it?
It is always set to expire even if you use kpasswd to change it ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
39 matches
Mail list logo