On Thu, Jan 24, 2013 at 10:51 PM, KodaK wrote:
> I have a need to have certain mission critical application accounts
> non-expiring (people don't log in directly, but if the accounts expire
> it could stop production jobs.)
Without knowing anything about this particular case, could you not use
a
On Thu, 2013-01-24 at 21:36 -0500, Matthew Barr wrote:
> On Jan 24, 2013, at 6:53 PM, Dmitri Pal wrote:
> >
> > Yes you can set it again. This is how we envisioned the feature to be used.
> > If it does not work it is a bug.
>
>
> ipa-server-2.2.0-16.el6.x86_64, Centos 6.3
>
> [mbarr@ipa ~]$ i
On Jan 24, 2013, at 6:53 PM, Dmitri Pal wrote:
>
> Yes you can set it again. This is how we envisioned the feature to be used.
> If it does not work it is a bug.
ipa-server-2.2.0-16.el6.x86_64, Centos 6.3
[mbarr@ipa ~]$ ipa host-mod wiki01.ayisnap.com --password=foo
ipa: ERROR: invalid 'passw
Thank you for clarifying. I had thought they said that was planned for 1.0
release, but it has been a while since I last looked at Samba4, other than
to skim the press releases a couple of weeks ago, when it actually released.
-DTK
--
david t. klein
Cisco Certified Network Associate (CSCO112
On 01/24/2013 04:36 PM, Eric Chennells wrote:
> Hi Christian / Dmitri,
>
> Yes I have confirmed in the KDC logs that when I attempt to login that the
> kerberos server is recognizing the request and issuing a ticket.
>
> Is anyone aware of if there is an LDAP related configuration needed? It
> seem
On 01/24/2013 12:29 PM, Alexander Bokovoy wrote:
> On Thu, 24 Jan 2013, Bob Sauvage wrote:
>> I'll give your a concrete example:
>>
>> A developer is connected on his laptop with Windows 7. At startup,
>> he's prompted to login to the domain with his credentials. These
>> credentials are verified b
It works like a champ for me.
--
Bret Wortman
http://bretwortman.com/
http://twitter.com/bretwortman
On Thursday, January 24, 2013 at 6:53 PM, Dmitri Pal wrote:
> On 01/24/2013 11:34 AM, Matthew Barr wrote:
> > Just reading this over, and the RFE, I've got another possible option.
> >
> > O
On 01/24/2013 11:34 AM, Matthew Barr wrote:
> Just reading this over, and the RFE, I've got another possible option.
>
> Our standard build uses a key tab of a user with permission to add a host,
> and that sets the OTP for the kickstart to use.
>
> Is it possible to reset the state of the host re
On Thu, Jan 24, 2013 at 5:05 PM, Sigbjorn Lie wrote:
> A calender will be shown to choose a date and time for simplicity if you
> download and use the Apache Directory Studio
> (http://directory.apache.org/studio/) to edit the krbPasswordExpiration
> attribute for an user account. It works well.
On 01/24/2013 11:17 PM, KodaK wrote:
On Thu, Jan 24, 2013 at 4:03 PM, Rob Crittenden wrote:
It is a 32-bit time problem.
I'd set the maxlife no higher than 5000 for now.
Thanks. Is there a way to apply this policy retroactively without
requiring my users to reset passwords?
A calender wi
KodaK wrote:
On Thu, Jan 24, 2013 at 4:03 PM, Rob Crittenden wrote:
It is a 32-bit time problem.
I'd set the maxlife no higher than 5000 for now.
Thanks. Is there a way to apply this policy retroactively without
requiring my users to reset passwords?
--Jason
You'd have to manually tweak
On Thu, Jan 24, 2013 at 4:03 PM, Rob Crittenden wrote:
> It is a 32-bit time problem.
>
> I'd set the maxlife no higher than 5000 for now.
Thanks. Is there a way to apply this policy retroactively without
requiring my users to reset passwords?
--Jason
__
Steven Jones wrote:
Hi,
That could explain why hasnt worked for my service accounts.
Is this fixed in 6.4?
No, we are still working on the fix on the freeipa-devel list.
rob
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 627
Hi,
That could explain why hasnt worked for my service accounts.
Is this fixed in 6.4?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: freeipa-users-boun...@redhat.com [freeipa-us
KodaK wrote:
I have a need to have certain mission critical application accounts
non-expiring (people don't log in directly, but if the accounts expire
it could stop production jobs.)
I've set "Max lifetime (days)" to 9 in the web interface, but
here's what I see when I do "ipa pwpolicy show
I have a need to have certain mission critical application accounts
non-expiring (people don't log in directly, but if the accounts expire
it could stop production jobs.)
I've set "Max lifetime (days)" to 9 in the web interface, but
here's what I see when I do "ipa pwpolicy show":
Group: ap
Hi Christian / Dmitri,
Yes I have confirmed in the KDC logs that when I attempt to login that the
kerberos server is recognizing the request and issuing a ticket.
Is anyone aware of if there is an LDAP related configuration needed? It
seems like only setting up the kerberos authentication is not
小龙 陈 wrote:
Hi everyone,
I have been having trouble getting FreeIPA set up on Fedora 18.
ipa-server-install
keeps failing at the "[2/20]: configuring certificate server instance" stage.
This is
on a fresh Fedora 18 virtual machine. I never had any issues on any of the
Fedora 18
prereleases.
Hi everyone,
I have been having trouble getting FreeIPA set up on Fedora 18.
ipa-server-install
keeps failing at the "[2/20]: configuring certificate server instance" stage.
This is
on a fresh Fedora 18 virtual machine. I never had any issues on any of the
Fedora 18
prereleases.
ipa-server-ins
Hi,
What's possible and what's practical could well be 2 different things. So yes
you may get say XP to join, whether its stable, reliable, gives you the
functionality you need and wont take a huge effort to look after is something
else.
I realise there is the nirvana ideal that says get one "
On Thu, 24 Jan 2013, Bob Sauvage wrote:
I'll give your a concrete example:
A developer is connected on his laptop with Windows 7. At startup,
he's prompted to login to the domain with his credentials. These
credentials are verified by the RHEL server running IPA. Credentials
are correct and the
Just reading this over, and the RFE, I've got another possible option.
Our standard build uses a key tab of a user with permission to add a host, and
that sets the OTP for the kickstart to use.
Is it possible to reset the state of the host record to the state where it can
use the same install c
I'll give your a concrete example:
A developer is connected on his laptop with Windows 7. At startup, he's
prompted to login to the domain with his credentials. These credentials are
verified by the RHEL server running IPA. Credentials are correct and the user
is logged in the domain. => At t
On Thu, 24 Jan 2013, david t. klein wrote:
While you can make it sort of work, it will be a lot more difficulty,
and will never work quite how you want. You would be better off using
Active Directory or Samba4, and creating trusts between the two
domains.
Samba 4 AD DC does not support cross-f
While you can make it sort of work, it will be a lot more difficulty, and will
never work quite how you want. You would be better off using Active Directory
or Samba4, and creating trusts between the two domains.
-DTK
--
david t. klein
Cisco Certified Network Associate (CSCO112818
Hi Dimitri,
Thanks for your response but I'm a little bit confused. Indeed, some users
tell me that it's possible to join an IPA domain from a windows workstation and
you say this is not possible.
I don't have an AD server, I want to configure IPA to act like an AD. My
network contains Win
Hi Rob and Simo,
Is there
a way to make the schema readable so the error does not show up? Or is
that pointless? What is the migrate-ds looking for specifically? Can I
manually create it for now?
Regards
John
On Wed, Jan 23, 2013 at 4:42 PM, Rob Crittenden wrote:
> Simo Sorce wrote:
>
>> On
27 matches
Mail list logo