Dear Alexander,
thank you for your great support, I have sent the logs directly to you by
e-mail.
Best regards,
Thomas
-Original Message-
From: Alexander Bokovoy
Reply: Alexander Bokovoy
Date: 1. March 2024 at 08:29:34
To: Thomas Handler
Cc: FreeIPA users list
Subject: Re: [Free
On Чцв, 29 лют 2024, Thomas Handler wrote:
Dear Alexander,
thank you for your assistance this is greatly appreciated.
Regarding the logs - the got quite big, not sure if I can attach them
here as a .tgz as I have 972k uncompressed.
You can send to me directly or upload somewhere and send a l
reeipa-users@lists.fedorahosted.org/thread/KFQXY6V4UKYOWCGD4YCZTCSGFWVL3QK7/
But I have a another issue
grant@ef-idm01:~[20240229-10:11][#772]$ klist
Ticket cache: KCM:555
Default principal: gr...@production.efilm.com<mailto:gr...@production.efilm.com>
Is this user has UID 555?
Can you
thread/KFQXY6V4UKYOWCGD4YCZTCSGFWVL3QK7/
But I have a another issue
grant@ef-idm01:~[20240229-10:11][#772]$ klist
Ticket cache: KCM:555
Default principal: gr...@production.efilm.com<mailto:gr...@production.efilm.com>
Valid starting Expires Service principal
02/29/2024 10:11:56 03/01/2024 09:42
Giuseppe Calo via FreeIPA-users wrote:
> Hi Robert Crittend
> then if i set EnforceLDAPOTP and users has OTP defined the LDAP BIND will
> need 2 factor?
> Where can i set EnforceLDAPOTP ? Please note that I use 4.10.0-7 (not 4.11 as
> wrote in https://pagure.io/freeipa/issue/5169)
This is a cha
Dear Alexander,
thank you for your assistance this is greatly appreciated.
Regarding the logs - the got quite big, not sure if I can attach them here as a
.tgz as I have 972k uncompressed.
But on the client I got an error message that might explain he problem better
(I have obfuscated the do
Hi Robert Crittend
then if i set EnforceLDAPOTP and users has OTP defined the LDAP BIND will need
2 factor?
Where can i set EnforceLDAPOTP ? Please note that I use 4.10.0-7 (not 4.11 as
wrote in https://pagure.io/freeipa/issue/5169)
Thanks
--
___
Free
Thanks Sam.
I'll explain better my case.
- We didn't define default authentication metod for user and for host/service
- For all defined users we enabled only OTP metod (we want that all users use 2
factor)
- All users have to use OTP to log in each enroled hosts
- Our VPN system use LDAP (freeip
Jaehwan Kim via FreeIPA-users wrote:
> Hello.
>
> I verified that this disconnection happens because new hosts are continuously
> added into a SINGLE BIG host-group by automembership, which results in slow
> response of ldap search.
> I also verified that the disconnection does't happen if ldap_
Thanks for the recommendation, it certainly looks promising.
On Thu, Feb 29, 2024 at 7:05 AM Alexander Bokovoy
wrote:
> On Няд, 25 лют 2024, Carlos Eduardo Porter via FreeIPA-users wrote:
> >So, I did so more research and found this thread from 7 years ago [1]
> which
> >I obviously missed and
On Срд, 28 лют 2024, Thomas Handler via FreeIPA-users wrote:
Hi all,
I am facing a problem I got stuck upon.
We have the following setup:
+---+
| |
| AD |
On Няд, 25 лют 2024, Carlos Eduardo Porter via FreeIPA-users wrote:
So, I did so more research and found this thread from 7 years ago [1] which
I obviously missed and clearly answers my previous question
Quote:
""
Even with that, I'd not recommend tightening permissions so that users
would not
Hi,
Thank you Fabian, your suggested commands lead me to the answer and a solution!
```
[root@se-rhidm01x ~]# ldapsearch -Y GSSAPI -H
ldap://usidc1-rhidm01x.idc1.us.example.com -b "" -s base
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info
13 matches
Mail list logo