Re: [Freeipa-users] Limiting Host access by UID/GID
On Wed, Jun 05, 2013 at 03:56:25PM -0700, Chandan Kumar wrote: > Sorry for late reply. Thanks for helping out. Yes after deleting the sssd > cache from /var/lib it does not allow user groups outside min/max_id. > Great, I'm glad it works for you now. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA Training Series
On 06/05/2013 10:20 AM, Martin Kosek wrote: > Hello FreeIPA and SSSD users, > > Our team just published FreeIPA&SSSD training presentations created in the > event of finishing FreeIPA 3.0 and SSSD 1.9.2 back in beginning of 2013. > > I would like to welcome you to look at the presentations, they contain useful > information with aim to help you with understanding, configuring or even > debugging the features. All presentations were uploaded to the FreeIPA.org > wiki: > > http://www.freeipa.org/page/Documentation#FreeIPA_Training_Series > There was a (reasonable) request to have also a PDF version of the presentations, they are now uploaded to the wiki, for your convenience. HTH, Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Ubunto client?
Sorry, I should have mentioned that I need this for precise! Timo, Is the IRC channel still up? I tried to get on yesterday, but couldn't find it on freenode . . . Ah, I can join now . . . will find you there! :-) Thanks, Guy On 06/05/2013 11:34 PM, Timo Aaltonen wrote: > On 06.06.2013 00:53, Guy Matz wrote: >> Hi! Can anyone recommend a PPA that contains a freeIPA client that: >> 1. works > and what's wrong with the one I gave you on #ubuntu-freeipa? > (https://launchpad.net/~freeipa/+archive/ppa) > > IOW, why ask here and not contact me directly.. especially since you > said the backport worked. > >> 2. Also contains an openssh-server that uses AuthorizedKeysCommand > looks like it's quite fresh and in saucy: > > https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/911747 > > no idea of a ppa with it > ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Ubunto client?
On 06.06.2013 15:51, Guy Matz wrote: > Sorry, I should have mentioned that I need this for precise! ok, so the issue was that the ppa needs another ppa for sssd, for reference: https://launchpad.net/~sssd/+archive/updates I should probably push 1.9.5 there.. -- t ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] why default shell /bin/sh
hi, just interested. We have noticed that ldap users have this PS1 envvar: PS1='\s-\v\$ ' instead of the usual [\u@\h \W]\$ This is a confusing moment. Changing the shell to /bin/bash solves this, but maybe this is not optimal for other systems or users. -- Groeten, natxo ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] why default shell /bin/sh
Natxo Asenjo wrote: hi, just interested. We have noticed that ldap users have this PS1 envvar: PS1='\s-\v\$ ' instead of the usual [\u@\h \W]\$ This is a confusing moment. Changing the shell to /bin/bash solves this, but maybe this is not optimal for other systems or users. Lowest-common denominator. One can configure all sorts of *nix-like systems to use IPA for authentication so we needed a default shell that is available on all systems and that is the bourne shell. This is configurable in the IPA configuration, and you can override the shell in sssd as well. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] why default shell /bin/sh
On Thu, Jun 06, 2013 at 10:30:34AM -0400, Rob Crittenden wrote: > Natxo Asenjo wrote: > >hi, > > > >just interested. We have noticed that ldap users have this PS1 envvar: > >PS1='\s-\v\$ ' instead of the usual [\u@\h \W]\$ > > > >This is a confusing moment. Changing the shell to /bin/bash solves this, > >but maybe this is not optimal for other systems or users. > > Lowest-common denominator. One can configure all sorts of *nix-like systems > to use IPA for authentication so we needed a default shell that is available > on all systems and that is the bourne shell. > > This is configurable in the IPA configuration, and you can override the > shell in sssd as well. > > rob yep, see the override_shell option for a complete client side override and allowed_shells/shell_fallback if you need more control over which shell gets used. All the options are in man sssd.conf(5). ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] why default shell /bin/sh
On 06/06/2013 04:37 PM, Jakub Hrozek wrote: > On Thu, Jun 06, 2013 at 10:30:34AM -0400, Rob Crittenden wrote: >> Natxo Asenjo wrote: >>> hi, >>> >>> just interested. We have noticed that ldap users have this PS1 envvar: >>> PS1='\s-\v\$ ' instead of the usual [\u@\h \W]\$ >>> >>> This is a confusing moment. Changing the shell to /bin/bash solves this, >>> but maybe this is not optimal for other systems or users. >> >> Lowest-common denominator. One can configure all sorts of *nix-like systems >> to use IPA for authentication so we needed a default shell that is available >> on all systems and that is the bourne shell. >> >> This is configurable in the IPA configuration, and you can override the >> shell in sssd as well. >> >> rob > > yep, see the override_shell option for a complete client side override and > allowed_shells/shell_fallback if you need more control over which shell > gets used. All the options are in man sssd.conf(5). > Yup, in FreeIPA admin just need to change global config object: # ipa config-show ... Default shell: /bin/sh ... # ipa config-mod --defaultshell=/bin/bash ... Default shell: /bin/bash ... Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] why default shell /bin/sh
On Thu, Jun 6, 2013 at 4:30 PM, Rob Crittenden wrote: > Natxo Asenjo wrote: >> >> hi, >> >> just interested. We have noticed that ldap users have this PS1 envvar: >> PS1='\s-\v\$ ' instead of the usual [\u@\h \W]\$ >> >> This is a confusing moment. Changing the shell to /bin/bash solves this, >> but maybe this is not optimal for other systems or users. > > > Lowest-common denominator. One can configure all sorts of *nix-like systems > to use IPA for authentication so we needed a default shell that is available > on all systems and that is the bourne shell. thanks all for your explanations. In the bash man page I found this little gem: --norc Do not read and execute the personal initialization file ~/.bashrc if the shell is interactive. This option is on by default if the shell is invoked as sh. So this is the problem, when using /bin/sh (which in rhel is a symlink to /bin/bash), the profile files do not get executed. We do have other systems than rhel/fedora/centos, but none where users interactively login. So I am just going to go ahead and make my life a little more pleasant with a minder spartan shell :-) -- groet, natxo ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] why default shell /bin/sh
On Thu, Jun 6, 2013 at 9:30 AM, Rob Crittenden wrote: > > Lowest-common denominator. One can configure all sorts of *nix-like > systems to use IPA for authentication so we needed a default shell that is > available on all systems and that is the bourne shell. > > I have a bunch of AIX machines, the users on those demand ksh, mostly. Luckily I have ksh for Linux and bash for AIX to cover everyone, but I'm tempted to give them all csh just to teach them a lesson. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users