Chris Moody wrote:
> Hello.
>
> First wanted to thank everyone working hard to bring this awesome bundle
> of applications to market. This is a great project and I really
> appreciate the efforts.
>
> I need a hand with a new 4.4.3 install that I'm still trying to flesh
> out fully to support al
On 10/17/2016 02:44 AM, 郑磊 wrote:
Hello everyone,
I'm using freeipa, and having a test and research with the function
of freeipa. At the same time, I have carried on the chinese translation
to the web interface, also added own function module in web interface.
However, For these changes I don
On 17/10/16 02:44, 郑磊 wrote:
Hello everyone,
I'm using freeipa, and having a test and research with the function of
freeipa. At the same time, I have carried on the chinese translation to the
web interface, also added own function module in web interface. However, For
these changes I do
Hey Pavel,
Thanks for the reply! It's not exactly that I want to allow any command to
be run as app_user. The command I actually want to run is very long, and
complicated and wouldn't mean much in this context, so I simplified my
example. The problem is that *any command *I run will fail, wether o
On 08/30/2016 05:08 PM, Ryan Whalen wrote:
Hi All,
Im having an issue getting a command to run properly, and the issue
seems to be with Freeipa sudo permissions. Specifically 'sudo su -
app_user -c ""' prompts for a password when run.
However if I 'sudo su - app_user' and then run the '' as
app
On 5.5.2016 18:39, Roderick Johnstone wrote:
> Hi
>
> I need to run some ipa commands in cron jobs.
>
> The post here:
> https://www.redhat.com/archives/freeipa-users/2014-March/msg00044.html
> suggests I need to use a keytab file to authenticate kerberos.
>
> I've tried the prescription there,
Hi again
After further testing, it seems like my problems were caused by the use
of the -F option on the kinit line.
Roderick
On 05/05/2016 22:31, Roderick Johnstone wrote:
Hi Mike
Thanks for sharing your setup. It looks pretty much like mine.
I just tried your kinit command syntax and the
Hi Mike
Thanks for sharing your setup. It looks pretty much like mine.
I just tried your kinit command syntax and then I can ipa ping
successfully. Then I tried my kinit syntax (after a kdestroy) and I can
still ipa ping successfully!
So, it does work now, but I don't know why it didn't work
Roderick,
Here's how we do it.
Create a service account user, for example "svc_useradm".
Then generate a keytab for the service account, and store it somewhere secure.
ipa-getkeytab -s infrae2u01.lnx.dr.local -p svc_useradm -k
/root/svc_useradm.keytab
Now we can leverage the keytab for that u
On Mon, May 02, 2016 at 06:13:42AM +0300, Ben .T.George wrote:
> HI All
>
> sudo rules got worked .actually i tried after 6 hours, what is the default
> time to get affect this rule affect normally, is there any way to manually
> pull changes from client?
see man sssd-sudo, there are explanations
HI All
sudo rules got worked .actually i tried after 6 hours, what is the default
time to get affect this rule affect normally, is there any way to manually
pull changes from client?
Regards,
Ben
On Sun, May 1, 2016 at 11:46 PM, Ben .T.George
wrote:
> HI
>
> i have a working setup of FreeIPA 4
Sparks, Alan wrote:
>
>>> [root@als-centos0002 sys-ops]# nisdomainname
>>> dakar.useast.hpcloud.net
>>>
>>> [root@als-centos0002 sys-ops]# getent netgroup opsauto
>>> opsauto
>>> (als-ubuntu0001.oa.ftc.hpelabs.net,-,eucalyptus.internal)
>>> (als-centos0002.dakar.useast.hpcloud.net,
>> [root@als-centos0002 sys-ops]# nisdomainname
>> dakar.useast.hpcloud.net
>>
>> [root@als-centos0002 sys-ops]# getent netgroup opsauto
>> opsauto
>> (als-ubuntu0001.oa.ftc.hpelabs.net,-,eucalyptus.internal)
>> (als-centos0002.dakar.useast.hpcloud.net,-,eucalyptus.internal)
>
>
Sparks, Alan wrote:
> I still cant find the problem after a lot of searching, can someone
> give me a little advice? Assembling a POC of FreeIPA 4.1.0 server
> (stock CentOS-7 packages) and a CentOS 6.7 server with their stock 3.0.0
> packages. Sudo version on the client is sudo-1.8.6p3.
>
>
Thanks Martin, Rob,
but I think I am totally lost.. I was able to migrate-ds but I think
along the way I broke the replica. Errors I am seeing in the ipa
clients are like so:
Jun 2 16:33:11 ipaclient1 [sssd[ldap_child[27865]]]: Client
'host/ipaclient1.mydom@mydom.com' not found in Kerberos
Martin Kosek wrote:
On 06/01/2015 02:19 AM, Sina Owolabi wrote:
Hi!
I am still stumbling along with this, I have had my IPA domain
destroyed and currently only a CA-less replica is left running the
network.
The existing CA-less replica is on RHEL6.6 with ipa-3.0.0.
I am trying to setup a fresh
On 06/01/2015 02:19 AM, Sina Owolabi wrote:
Hi!
I am still stumbling along with this, I have had my IPA domain
destroyed and currently only a CA-less replica is left running the
network.
The existing CA-less replica is on RHEL6.6 with ipa-3.0.0.
I am trying to setup a fresh CA-master and I have
Thank you for the reply Sumit - I will look into updating the version of
sssd. If that doesn't work, I will also try adding the
'sourceHostCategory' attribute to rules. Though, I would imagine I would
have to do this for *all* rules if I want them to work as intended. I'll
report back my findings
On Sat, Feb 14, 2015 at 12:52:10PM -0800, Andrew Egelhofer wrote:
> Hi FreeIPA Users-
>
> I've deployed a FreeIPA instance in my Lab, and enrolled a single host, and
> a single user ('testuser'). The only HBAC rule I currently have is the
> stock allow_all. Yet, when I attempt to log into the host
On Fri, Jun 27, 2014 at 02:23:47PM -0400, Mark Gardner wrote:
> Was trying to add an external ad group to IPA, it kept failing with unable
> to connect to server.
>
> Figured I'd reboot to clear things up. Oops.
>
> Now wbinfo --online-status shows are AD as offline.
> wbinfo -u shows blank
>
>
Hi,
Probably there are better ways to solve this issue but the way that works for
me is to validate the trust from the AD side after a reboot of the IPA Server -
it always shows as offline for me too. On 2012 Server you can do this through
Active Directory Domains and Trusts - properties on you
Todd Maugh wrote:
My Master IPA server has been lost,
My replica is still up and functioning.
what is the best way to proceed?
Do I rebuild my master and add it has a replica?
how do I get my master back in line with my IPA env?
the Master needs to be rebuilt from scratch
red hat 6.5
On Thu, Mar 27, 2014 at 7:58 PM, Todd Maugh wrote:
> My Master IPA server has been lost,
>
>
> My replica is still up and functioning.
>
>
> what is the best way to proceed?
>
>
> Do I rebuild my master and add it has a replica?
>
>
> how do I get my master back in line with my IPA env?
>
>
o
>
>
> -Original Message-
> From: Martin Kosek [mailto:mko...@redhat.com]
> Sent: Thursday, July 18, 2013 1:15 AM
> To: Shapiro, Matthew E CTR DODHRA DMDC (US)
> Cc: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] help: ipa error 4301
>
> On 07/17/2013 1
redhat.com]
Sent: Thursday, July 18, 2013 1:15 AM
To: Shapiro, Matthew E CTR DODHRA DMDC (US)
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] help: ipa error 4301
On 07/17/2013 11:14 PM, Shapiro, Matthew E CTR DODHRA DMDC (US) wrote:
> Hi ,
>
>
>
> While running the
On 07/17/2013 11:14 PM, Shapiro, Matthew E CTR DODHRA DMDC (US) wrote:
> Hi ,
>
>
>
> While running the ipa-client-install script on a RHEL 6.4 server, I get the
> following output (please note the indicated line with the arrow):
>
>
>
> [root@[hostname]]# ipa-client-install
>
> Discovery
On 07/05/13 22:04, Rob Crittenden wrote:
https://fedorahosted.org/freeipa/ticket/3364
rob
Thanks for poiting. It was the key.
Now I'm having other issues, but the kind of issues I use to like :)
Regards
--
Arturo Borrero González
Departamento de Seguridad Informática (n...@cica.es)
Centro I
Arturo Borrero wrote:
On 03/05/13 12:40, Arturo Borrero wrote:
Hi there!
In a freshly installed FreeIPA server, I try:
# ipa migrate-ds
LDAP URI: ldaps://ldap.example.com
Contraseña:
ipa: ERROR: no es posible conectar con u'ldaps://ldap.example.com':
LDAP Server Down
This is a related line I
On 05/07/2013 07:53 AM, Arturo Borrero wrote:
> On 03/05/13 12:40, Arturo Borrero wrote:
>> Hi there!
>>
>> In a freshly installed FreeIPA server, I try:
>>
>> # ipa migrate-ds
>> LDAP URI: ldaps://ldap.example.com
>> Contraseña:
>> ipa: ERROR: no es posible conectar con u'ldaps://ldap.example.com'
On 03/05/13 12:40, Arturo Borrero wrote:
Hi there!
In a freshly installed FreeIPA server, I try:
# ipa migrate-ds
LDAP URI: ldaps://ldap.example.com
Contraseña:
ipa: ERROR: no es posible conectar con u'ldaps://ldap.example.com':
LDAP Server Down
This is a related line I found in the logfile:
eipa-users@redhat.com
Subject: Re: [Freeipa-users] Help with ipa-replica-manage
On 05/15/2012 02:49 PM, Ben Ho wrote:
This is the information I retrieved about my server.
*ipa-server-selinux-2.1.3-9.el6.x86_64*
*ipa-client-2.1.3-9.el6.x86_64*
*ipa-server-2.1.3-9.el6.x86_64*
*Cent
: rmegg...@redhat.com
To: ben1...@hotmail.com
CC: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Help with ipa-replica-manage
On 05/15/2012 02:49 PM, Ben Ho wrote:
This is the information I retrieved about my server.
ipa
Sorry for the late reply Steven - No, there is no firewall.
-Ben
From: steven.jo...@vuw.ac.nz
CC: freeipa-users@redhat.com
Date: Tue, 15 May 2012 21:04:04 +
Subject: Re: [Freeipa-users] Help with ipa-replica-manage
firewall?
regards
Steven Jones
Technical Specialist - Linux RHCE
otherwise working?
-Ben
Date: Tue, 15 May 2012 13:15:46 -0600
From: rmegg...@redhat.com
To: ben1...@hotmail.com
CC: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Help with ipa-replica-manage
On 05/15/2012 01:00 PM, Ben Ho
...@hotmail.com
CC: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Help with ipa-replica-manage
On 05/15/2012 01:00 PM, Ben Ho wrote:
Hello,
I am pretty new to IPA. Right now I have three servers
that are running IPA. I am
2012 8:49 a.m.
To: rmegg...@redhat.com
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Help with ipa-replica-manage
This is the information I retrieved about my server.
ipa-server-selinux-2.1.3-9.el6.x86_64
ipa-client-2.1.3-9.el6.x86_64
ipa-server-2.1.3-9.el6.x86_64
CentOS release 6.2
t.com [freeipa-users-boun...@redhat.com] on
behalf of Chandan Kumar [chandank.ku...@gmail.com]
Sent: Tuesday, 15 May 2012 9:25 a.m.
To: d...@redhat.com
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Help regarding Basic FreeIPA setup
System: Centos 6.2
IPA version : ipa-server-2.1.3-9
On 05/15/2012 01:00 PM, Ben Ho wrote:
Hello,
I am pretty new to IPA. Right now I have three servers that are
running IPA. I am trying to replicate one server to two other
servers. I use this command:
ipa-replica-manage re-initialize --from example2.edu
On the first server I need to re
t;>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>> --
>> *From:* freeipa-users-boun...@redhat.com [
>> free
On Mon, 2012-05-14 at 19:11 -0400, Dmitri Pal wrote:
> On 05/14/2012 05:25 PM, Chandan Kumar wrote:
> >
> > System: Centos 6.2
> > IPA version : ipa-server-2.1.3-9.el6.x86_64
> >
> >
> > Thanks
> > Chandan
> >
> >
>
> I am not sure but seems like something is not properly configured with
> the bro
com
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Help regarding Basic FreeIPA setup
System: Centos 6.2
IPA version : ipa-server-2.1.3-9.el6.x86_64
Thanks
Chandan
On Mon, May 14, 2012 at 2:21 PM, Dmitri Pal
mailto:d...@redhat.com>> wrote:
On 05/14/2012 05:09 PM, Chanda
On 05/14/2012 05:25 PM, Chandan Kumar wrote:
>
> System: Centos 6.2
> IPA version : ipa-server-2.1.3-9.el6.x86_64
>
>
> Thanks
> Chandan
>
>
I am not sure but seems like something is not properly configured with
the browser.
I do not remember seeing SPNEGO in the GSSAPI negotiation in this flow
on
System: Centos 6.2
IPA version : ipa-server-2.1.3-9.el6.x86_64
Thanks
Chandan
On Mon, May 14, 2012 at 2:21 PM, Dmitri Pal wrote:
> **
> On 05/14/2012 05:09 PM, Chandan Kumar wrote:
>
> I am a newbie in IPA and was experimenting it on my couple of VMs before
> considering it for production
On 05/14/2012 05:09 PM, Chandan Kumar wrote:
> I am a newbie in IPA and was experimenting it on my couple of VMs
> before considering it for production level.
>
> Installation went fine, however, I am getting the kerberos key
> expiration error at firefox. I am running firefox on the same machine
>
Steven Jones wrote:
I have an internal ajax error!
:(
the logs say,
[Thu May 19 09:59:35 2011] [notice] Apache/2.2.15 (Unix) DAV/2
mod_auth_kerb/5.4 mod_nss/2.2.15 NSS/3.12.9.0 mod_wsgi/3.2 Python/2.6.6
mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
[Thu May 19 09:5
On Thu, 2011-05-19 at 01:41 +, Steven Jones wrote:
> I have an internal ajax error!
>
> :(
>
> the logs say,
Ping me later on IRC, I'd like you to run some commands, and it will be
easier done interactively.
Simo.
___
Freeipa-users mailing list
46 matches
Mail list logo