Re: [Freeipa-users] ipa / sudoers on centos 6.3 client

‎Hi, I also think you will have to update to rhel 6.6 if you want to use sssd for sudo. If updating to 6.6 is not a problem, this would be least painful.  > > > The problem is that I can't get sudo rules to work. I know that the > > > ipa client software version 3.0.0 doesn't automatically set u

[Freeipa-users] IPA trust integration in AD Forests that been upgraded to higher functional level

Hello all. I'm working on integrating AD trust feature in the forest of a large organization (Its network is not connected to the internet). First I tested the trust in "clean" environment (that i have deployed) to simulate production forest deployment , in the following configuration: The fore

Re: [Freeipa-users] Integration with Solaris 10

Watson, Dan wrote: > Hi Rob, > > Thanks for the reply. Unfortunately /usr/bin/getent on my system doesn't seem > to like the netgroup option: > -bash-3.2# getent netgroup test1 > Unknown database: netgroup > usage: getent database [ key ... ] > -bash-3.2# uname -a > SunOS vdcudantest01 5.10 Gener

Re: [Freeipa-users] Integration with Solaris 10

Watson, Dan wrote: > I finally got it working, the default setup of "ldapclient init" missed the > special mapping for netgroups, so I had to do a manual setup that included > the mapping. > > ldapclient manual \ > -a credentialLevel=anonymous \ > -a authenticationMethod=none \ > -a defaultSearc

Re: [Freeipa-users] Integration with Solaris 10

On 01/02/2015 03:17 PM, Watson, Dan wrote: I finally got it working, the default setup of "ldapclient init" missed the special mapping for netgroups, so I had to do a manual setup that included the mapping. ldapclient manual \ -a credentialLevel=anonymous \ -a authenticationMethod=none \ -a def

Re: [Freeipa-users] Integration with Solaris 10

I finally got it working, the default setup of "ldapclient init" missed the special mapping for netgroups, so I had to do a manual setup that included the mapping. ldapclient manual \ -a credentialLevel=anonymous \ -a authenticationMethod=none \ -a defaultSearchBase=dn=domain,dn=name \ -a domain

Re: [Freeipa-users] Integration with Solaris 10

Hi Rob, Thanks for the reply. Unfortunately /usr/bin/getent on my system doesn't seem to like the netgroup option: -bash-3.2# getent netgroup test1 Unknown database: netgroup usage: getent database [ key ... ] -bash-3.2# uname -a SunOS vdcudantest01 5.10 Generic_147440-27 sun4v sparc SUNW,SPARC-

Re: [Freeipa-users] KDC has no support for encryption type

On 12/30/2014 06:06 AM, Matt . wrote: Readin up on this the weak password setting should work, but it doesn't. What are my chances here as I need to do a "ipa pwpolicy-mod --maxlife 200" This touches the expiration not the encryption types. Or can this be done from a ldap browser too ? Yes

Re: [Freeipa-users] ipa / sudoers on centos 6.3 client

On 01/02/2015 12:12 PM, Craig White wrote: *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Chris Card *Sent:* Friday, January 02, 2015 8:45 AM *To:* Brendan Kearney *Cc:* freeipa-users@redhat.com *Subject:* Re: [Freeipa-users] ipa / sudoers on c

Re: [Freeipa-users] firewalld management

On 01/01/2015 07:49 PM, Rob Crittenden wrote: Andrew Holway wrote: This would perhaps be a very interesting addition to the HBAC stuff. We're considering deploying freeipa on EC2 and LDAP backed firewalld would be a very powerful tool for a geographically distributed system. There is an existin

[Freeipa-users] sudo !requiretty !authenticate

Subject pretty much says it all. Starting to play around with rundeck and was thinking it would be nice if I could create a user that had the ability to sudo, without password, a public key and the ability to run commands. But the use of 'sudo' gets me an error that says it requires a tty to ru

Re: [Freeipa-users] Integration with Solaris 10

Watson, Dan wrote: > Hi All, > > I've lurked in the list history and cannot find anyone saying they have > gotten login restrictions working with Solaris 10 u8. Has anyone on here > successfully configured login restrictions on Solaris 10 u8 through u11? I'm > looking for specific instructions

Re: [Freeipa-users] trust non-IPA certificate client

Stephen Ingram wrote: > On Mon, Dec 15, 2014 at 6:40 PM, Stephen Ingram > wrote: > > I have one client using a certificate issued by a third party > provider such that any secure (TLS) LDAP queries are refused since > the certificates were not issued by IPA.

Re: [Freeipa-users] ipa / sudoers on centos 6.3 client

From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Chris Card Sent: Friday, January 02, 2015 8:45 AM To: Brendan Kearney Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] ipa / sudoers on centos 6.3 client > Subject: Re: [Freeipa-users] ipa / s

Re: [Freeipa-users] ipa / sudoers on centos 6.3 client

> Subject: Re: [Freeipa-users] ipa / sudoers on centos 6.3 client > From: bpk...@gmail.com > To: ctc...@hotmail.com > CC: freeipa-users@redhat.com > Date: Fri, 2 Jan 2015 10:28:16 -0500 > > On Fri, 2015-01-02 at 15:19 +, Chris Card wrote: > > I have existing machines running CentOS 6.3 which

Re: [Freeipa-users] ipa / sudoers on centos 6.3 client

On Fri, 2015-01-02 at 15:19 +, Chris Card wrote: > I have existing machines running CentOS 6.3 which I want to include in > a freeipa domain. > > The domain controller machine is running Fedora 21 and > freeipa-server-4.1.1-2 while the latest version of ipa I can find that > runs on CentOS 6.3

[Freeipa-users] ipa / sudoers on centos 6.3 client

I have existing machines running CentOS 6.3 which I want to include in a freeipa domain. The domain controller machine is running Fedora 21 and freeipa-server-4.1.1-2 while the latest version of ipa I can find that runs on CentOS 6.3 is ipa-client-3.0.0-37.el6.x86_64. I have successfully run ipa