[Freeipa-users] Re: sudorule not working for external user

On Thu, May 13, 2021 at 01:52:18PM -, Sam Morris via FreeIPA-users wrote: > What does 'sudo -l -U ext' say? # sudo -l -U ext User ext is not allowed to run sudo on (Restarting sssd does not help.) If I define a rule for that user with visudo, that works fine and is shown in the output o

[Freeipa-users] Re: FreeIPA and SSL with the Web GUI

Yes, this helps. Thanks Rob and Flo. Steve ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/pr

[Freeipa-users] Re: ID views/override issues for AD trust

I think the very strange behaviour was due to the fact that I did not have a name for the gid in AD . As a workaround, I removed the gid from override (and let IPA generate one) . The interesting part was that getent did assign the username to the respective gid (therefore both getent group co

[Freeipa-users] Re: when client install ask to download CA cert

On 03/05/2021 13:58, Rob Crittenden wrote: lejeczek via FreeIPA-users wrote: Hi guys I do not see any clear problems and no errors in client log but each time I try to install client process stops: ... No SRV records of NTP servers found and no NTP server or pool address was provided. Using d

[Freeipa-users] Re: primary group ID for AD users

Hi , Thank you for the explanation. It does make sense now. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedorapr

[Freeipa-users] Re: FreeIPA and SSL with the Web GUI

Steve Reed via FreeIPA-users wrote: >> Steve Reed via FreeIPA-users wrote: >> >> It depends on the version of IPA. Either mod_nss via >> /etc/httpd/conf.d/nss.conf or mod_ssl via /etc/httpd/conf.d/ssl.conf. >> >> rob > We're running ver 4.6.8. > > That puts us in with mod_nss? That's correct.

[Freeipa-users] Re: FreeIPA and SSL with the Web GUI

Hi, ipa started using mod_ssl in the version 4.7+. Your version 4.6.8 still relies on mod_nss with the http cert stored in /etc/httpd/alias. Hope this clarifies, flo On Fri, May 14, 2021 at 4:36 PM Steve Reed via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > > Steve Reed via Free

[Freeipa-users] Re: FreeIPA-Kubernetes Setup

On 5/14/21 9:42 PM, Christian Hernandez via FreeIPA-users wrote: On Fri, May 14, 2021 at 2:35 AM Ronald Wimmer via FreeIPA-users > wrote: Hi, are there any plans (or maybe ongoing work already) to let FreeIPA run in a K8s enviro

[Freeipa-users] Re: FreeIPA-Kubernetes Setup

On Fri, May 14, 2021 at 2:35 AM Ronald Wimmer via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi, > > are there any plans (or maybe ongoing work already) to let FreeIPA run > in a K8s environment? > There's already a container[0] for it. This is maintained by the community [1]

[Freeipa-users] Re: FreeIPA and SSL with the Web GUI

> Steve Reed via FreeIPA-users wrote: > > It depends on the version of IPA. Either mod_nss via > /etc/httpd/conf.d/nss.conf or mod_ssl via /etc/httpd/conf.d/ssl.conf. > > rob We're running ver 4.6.8. That puts us in with mod_nss? ___ FreeIPA-users ma

[Freeipa-users] Re: FreeIPA and SSL with the Web GUI

Steve Reed via FreeIPA-users wrote: > Hey, > > This is a general question. What is providing SSL for the web GUI? I don't > see the ssl module installed with the apache server. That would be the usual > way it is done. How is it done for FreeIPA? It depends on the version of IPA. Either mod

[Freeipa-users] FreeIPA and SSL with the Web GUI

Hey, This is a general question. What is providing SSL for the web GUI? I don't see the ssl module installed with the apache server. That would be the usual way it is done. How is it done for FreeIPA? Thanks, Steve ___ FreeIPA-users mailing list

[Freeipa-users] Re: ID views/override issues for AD trust

Am Wed, May 12, 2021 at 11:25:38AM - schrieb iulian roman via FreeIPA-users: > > Am Wed, May 12, 2021 at 06:46:29AM - schrieb iulian roman via > > FreeIPA-users: > > > > Hi, > > > > did you use the IPA 'unix_users' group as primary group for those users > > and given the GID of 'unix_use

[Freeipa-users] Re: primary group ID for AD users

Am Fri, May 14, 2021 at 07:30:10AM - schrieb iulian roman via FreeIPA-users: > Hello , > > I would like to know how is the primary group id calculated for > trusted users from AD. For example, all users in AD have primary > group 'domain users' . I see on the IPA side that the gid is > diff

[Freeipa-users] FreeIPA-Kubernetes Setup

Hi, are there any plans (or maybe ongoing work already) to let FreeIPA run in a K8s environment? Cheers, Ronald ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahos

[Freeipa-users] primary group ID for AD users

Hello , I would like to know how is the primary group id calculated for trusted users from AD. For example, all users in AD have primary group 'domain users' . I see on the IPA side that the gid is different for all users who have primary group 'domain users' in AD . Is the algorithm differ