On Sun, Apr 14, 2013 at 01:49:14PM +0200, Jan-Frode Myklebust wrote:
On Thu, Dec 20, 2012 at 04:43:08PM +0100, Han Boetes wrote:
An even better config would be if we could use the host's keytab to bind
to LDAP here..
Coming up as a default in sssd 1.10 (beta).
On 04/12/2013 08:17 PM, Chandan Kumar wrote:
Thanks for the response.
The way we can turn off the anonymous bind in 389 Server. using
nsslapd-allow-anonymous-access: off.
Is there any way to limit the read access of user to only to the DNS
entries? In that way I can create a user who
On 04/15/2013 03:16 PM, Arturo Borrero wrote:
Hi there,
In a freshly installed server, I try:
# ipa-server-install
[...]
[12/13]: restarting httpd
[13/13]: configuring httpd to start on boot
Done configuring the web interface (httpd).
Applying LDAP updates
Restarting the directory
Dmitri Pal wrote:
On 04/12/2013 08:17 PM, Chandan Kumar wrote:
Thanks for the response.
The way we can turn off the anonymous bind in 389 Server. using
nsslapd-allow-anonymous-access: off.
Is there any way to limit the read access of user to only to the DNS
entries? In that way I can create
Arturo Borrero wrote:
On 15/04/13 15:33, Martin Kosek wrote:
On 04/15/2013 03:16 PM, Arturo Borrero wrote:
Hi there,
In a freshly installed server, I try:
# ipa-server-install
[...]
[12/13]: restarting httpd
[13/13]: configuring httpd to start on boot
Done configuring the web interface
On 04/15/2013 03:50 PM, Rob Crittenden wrote:
Arturo Borrero wrote:
On 15/04/13 15:33, Martin Kosek wrote:
On 04/15/2013 03:16 PM, Arturo Borrero wrote:
Hi there,
In a freshly installed server, I try:
# ipa-server-install
[...]
[12/13]: restarting httpd
[13/13]: configuring httpd
On 15/04/13 15:33, Martin Kosek wrote:
On 04/15/2013 03:16 PM, Arturo Borrero wrote:
Hi there,
In a freshly installed server, I try:
# ipa-server-install
[...]
[12/13]: restarting httpd
[13/13]: configuring httpd to start on boot
Done configuring the web interface (httpd).
Applying LDAP
On 15.4.2013 15:39, Rob Crittenden wrote:
There is no easy way to do this. We start with granting all authenticated
users read access to the tree with the exception of certain attributes (like
passwords).
You'd have to start by removing that, then one by one granting read access to
the various
On Mon, 15 Apr 2013, Petr Spacek wrote:
On 15.4.2013 15:39, Rob Crittenden wrote:
There is no easy way to do this. We start with granting all authenticated
users read access to the tree with the exception of certain attributes (like
passwords).
You'd have to start by removing that, then one by
I think controlling Visibility of tabs would be the best option, if
possible, based on Roles as mentioned by Rob. As long as other entries are
not visible in UI, even though they have read only access with command
line, should be enough.
On Monday, April 15, 2013, Alexander Bokovoy wrote:
On
Hi,
I've just had a go at deploying FreeIPA v3.1.3 and have hit a minor road bump.
The server hostname resolves to more than one address:
:::::4
xxx.xxx.xxx.180
Please provide the IP address to be used for this host name:
The answer I would like to give here is both
On 04/15/2013 09:45 AM, Adam Bishop wrote:
Hi,
I've just had a go at deploying FreeIPA v3.1.3 and have hit a minor road bump.
The server hostname resolves to more than one address:
:::::4
xxx.xxx.xxx.180
Please provide the IP address to be used for this host
On 04/15/2013 11:45 AM, Adam Bishop wrote:
Hi,
I've just had a go at deploying FreeIPA v3.1.3 and have hit a minor road bump.
The server hostname resolves to more than one address:
:::::4
xxx.xxx.xxx.180
Please provide the IP address to be used for this host
On 04/15/2013 05:45 PM, Adam Bishop wrote:
Hi,
I've just had a go at deploying FreeIPA v3.1.3 and have hit a minor road bump.
The server hostname resolves to more than one address:
:::::4
xxx.xxx.xxx.180
Please provide the IP address to be used for this host
Hello,
From time to time we are getting complaints that I can sum up as I cannot
log in to server X
Here is a spinet of the /var/log/sssd/sssd_DOMAIN.log ...
*(Mon Apr 15 09:36:59 2013) [sssd[be[4OVER.COM]]] [be_pam_handler]
(0x0100): Got request with the following data
(Mon Apr 15 09:36:59
Christian Hernandez wrote:
Hello,
From time to time we are getting complaints that I can sum up as I
cannot log in to server X
Here is a spinet of the /var/log/sssd/sssd_DOMAIN.log ...
/(Mon Apr 15 09:36:59 2013) [sssd[be[4OVER.COM http://4OVER.COM]]]
[be_pam_handler] (0x0100): Got request
We are running 1.9.2
Looks like 3.0 is available for my build of CentOS ~ Any suggestions on how
to proceed to updating? Is Multimaster replication sustained during
updating?
Thank you,
Christian Hernandez
1225 Los Angeles Street
Glendale, CA 91204
Phone: 877-782-2737 ext. 4566
Fax:
On 04/15/2013 11:11 AM, Chandan Kumar wrote:
I think controlling Visibility of tabs would be the best option, if
possible, based on Roles as mentioned by Rob. As long as other entries
are not visible in UI, even though they have read only access with
command line, should be enough.
It would
On Mon, Apr 15, 2013 at 3:13 PM, Dmitri Pal d...@redhat.com wrote:
On 04/15/2013 11:11 AM, Chandan Kumar wrote:
I think controlling Visibility of tabs would be the best option, if
possible, based on Roles as mentioned by Rob. As long as other entries are
not visible in UI, even though
On 12 April 2013 23:59, Rich Megginson rmegg...@redhat.com wrote:
On 04/11/2013 11:58 PM, Peter Brown wrote:
On 12 April 2013 15:51, Simon Williams
simon.willi...@thehelpfulcat.comwrote:
I use Atlassian products, but use Crowd to provide single signon. This
means that Crowd is the only
On Mon, Apr 15, 2013 at 02:29:18PM -0400, Rob Crittenden wrote:
There are some odd errors in ldap_child.log but it seems to cover a
later period than the other logs (not being able to bind using its
keytab is a bad thing).
I think what you'll want to do, and this may be relatively tough, is
I agree it won't be a security feature nor you are doing wrong by not
adding it. However, it might come as nice to have feature. Let me explain
you my condition.
We host web application where lot of DNS entries (Public and Internal) are
created for different kind of requests and features. Now we
Okay,
So I tried to update to the newest version. Update went okay and users can
authenticate (as far as I can tell)...
But I think may be replication broke?
[r...@ipa1.da2.4over.com log]# ipa-replica-manage force-sync --from=
ipa1.gln.4over.com
Invalid password
Any ideas?
Thank you,
On 04/15/2013 07:42 PM, Chandan Kumar wrote:
I agree it won't be a security feature nor you are doing wrong by not
adding it. However, it might come as nice to have feature. Let me
explain you my condition.
We host web application where lot of DNS entries (Public and Internal)
are created
On 04/15/2013 08:41 PM, Christian Hernandez wrote:
Yup, looks like replication is broken =\
[r...@ipa1.gln.4over.com mailto:r...@ipa1.gln.4over.com ipa]#
ipa-replica-manage disconnect ipa1.la3.4over.com
http://ipa1.la3.4over.com
Failed to get list of agreements from 'ipa1.la3.4over.com
Yes; I verified that both forward and reverse DNS match on all nodes.
Thank you,
Christian Hernandez
1225 Los Angeles Street
Glendale, CA 91204
Phone: 877-782-2737 ext. 4566
Fax: 818-265-3152
christi...@4over.com mailto:christi...@4over.com
www.4over.com http://www.4over.com
On Mon, Apr 15,
Looks like I've narrowed it down to...something...
[r...@ipa1.la3.4over.com ~]# ipa-replica-manage list ipa1.gln.4over.com
Failed to get data from 'ipa1.gln.4over.com': Invalid credentials
SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context
[r...@ipa1.la3.4over.com ~]#
Christian Hernandez wrote:
Looks like I've narrowed it down to...something...
[r...@ipa1.la3.4over.com mailto:r...@ipa1.la3.4over.com ~]#
ipa-replica-manage list ipa1.gln.4over.com http://ipa1.gln.4over.com
Failed to get data from 'ipa1.gln.4over.com
http://ipa1.gln.4over.com': Invalid
28 matches
Mail list logo