[Freeipa-users] Re: Configuring SSL Ciphers for FreeIPA / DogTag on port 8443

Thanks, but that documentation is inconsistent.   Section 8.1.1 advises upgrading one version of RedHat IDM at a time. Fair dos.   However section 8.1.2 advises running "yum update ipa-*" which will update to the latest version of IPA available in the repo, which may well be a jump of several IPA

[Freeipa-users] Re: No group membership attribute(s) found in user object

Starting radiusd -X to check the config i got many errors so i did : - Changing the key file in /etc/raddb/mods-enabled/eap: From private_key_file = ${certdir}/server.pem To private_key_file = ${certdir}/radius.key # cp /etc/pki/tls/certs/radius.pem /etc/raddb/certs/server.pm # chmod 0640

[Freeipa-users] Re: No group membership attribute(s) found in user object

On ke, 13 maalis 2019, Boudjoudad Abdelkader wrote: Thank for the quick reply, i followed this steps but it seems that its missing some steps, after moving certs the certs.back and creating a new certificate: - The private key and

[Freeipa-users] Re: No group membership attribute(s) found in user object

Thank for the quick reply, i followed this steps but it seems that its missing some steps, after moving certs the certs.back and creating a new certificate: - The private key and certificate files should be copied in the new certs

[Freeipa-users] Re: No group membership attribute(s) found in user object

On ke, 13 maalis 2019, Boudjoudad Abdelkader via FreeIPA-users wrote: Hi Alexander and thank you for the documents, Right i din't configure freeradius to use kerberos authentication but question please: with the radtest command above the authentication is performed and if i see Accept-Accept so

[Freeipa-users] Re: No group membership attribute(s) found in user object

Hi Alexander and thank you for the documents, Right i din't configure freeradius to use kerberos authentication but question please: with the radtest command above the authentication is performed and if i see Accept-Accept so it does mean the password provided in the command matches the password

[Freeipa-users] Re: Configuring SSL Ciphers for FreeIPA / DogTag on port 8443

Christopher Lamb via FreeIPA-users wrote: > Hi >   > A recent security scan has shown that our FreeIPA server is using 3DES > SSL ciphers on port 8443, which I understand to be used by the DogTag > PKI component of IPA. >   > The question is, how can I configure the SSL Ciphers used by DogTag (e.g

[Freeipa-users] Re: Sub-zone client fails to install, GSS authentication pre-auth issues

On ke, 13 maalis 2019, Callum Smith wrote: Dear Alexander, Golden! We are in business - all puzzle pieces are in place so thank you very much for ongoing stamina with this. I'll write this all up so that someone else might take some value from it in the future. Great. Yes, please do a write

[Freeipa-users] Re: Sub-zone client fails to install, GSS authentication pre-auth issues

Dear Alexander, Golden! We are in business - all puzzle pieces are in place so thank you very much for ongoing stamina with this. I'll write this all up so that someone else might take some value from it in the future. Thank you again. Regards, Callum -- Callum Smith Research Computing Core

[Freeipa-users] Re: Sub-zone client fails to install, GSS authentication pre-auth issues

On ke, 13 maalis 2019, Callum Smith wrote: Dear Alexander, The last small wrinkle, setting the server options is fine and works well, but the DNS record creation still doesn't work. I see it queries the SOA record and then appears to use that as the server to send the changes to. I tried to

[Freeipa-users] Re: problem access Linux shares from Windows "ticket is likely out of date"

OK, looking forward to seeing your work done. Regards. F On Wed, Mar 13, 2019 at 11:20 AM Alexander Bokovoy wrote: > On ke, 13 maalis 2019, fujisan wrote: > >Hi Alexander, > >Finally succeeded to make it work with the following configuration on the > >freeipa server. > > > >[global] > >

[Freeipa-users] Re: problem access Linux shares from Windows "ticket is likely out of date"

On ke, 13 maalis 2019, fujisan wrote: Hi Alexander, Finally succeeded to make it work with the following configuration on the freeipa server. [global] workgroup = MYDOMAIN.LOCAL netbios name = MYSERVER realm = MYDOMAIN.LOCAL kerberos method = dedicated keytab dedicated keytab

[Freeipa-users] Re: Sub-zone client fails to install, GSS authentication pre-auth issues

Dear Alexander, The last small wrinkle, setting the server options is fine and works well, but the DNS record creation still doesn't work. I see it queries the SOA record and then appears to use that as the server to send the changes to. I tried to set the SOA records for the virt.$domain

[Freeipa-users] Re: problem access Linux shares from Windows "ticket is likely out of date"

Hi Alexander, Finally succeeded to make it work with the following configuration on the freeipa server. [global] workgroup = MYDOMAIN.LOCAL netbios name = MYSERVER realm = MYDOMAIN.LOCAL kerberos method = dedicated keytab dedicated keytab file = /etc/samba/samba.keytab