Hello all
When I try to execute and commands from the an ipa-replica I get
[rkelly@replicahostname ~]$ ipa user-find
ipa: ERROR: did not receive Kerberos credentials
[rkelly@replicahostname ~]$ kinit
Password for rke...@ipa2.dc.sita.aero:
[rkelly@replicahostname ~]$ ipa user-find
ipa: ERROR:
On 04/10/2014 06:50 AM, Arthur Fayzullin wrote:
If this
http://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_update is it,
then it is quite not easy to understand what is it about.
here, in mail-list it was much more understandable.
The HOWTOs provided in
On 04/10/2014 08:31 AM, rashard.ke...@sita.aero wrote:
Hello all
When I try to execute and commands from the an ipa-replica I get
[rkelly@replicahostname ~]$ ipa user-find
ipa: ERROR: did not receive Kerberos credentials
[rkelly@replicahostname ~]$ kinit
Password for
On Thu, 10 Apr 2014, rashard.ke...@sita.aero wrote:
Hello all
When I try to execute and commands from the an ipa-replica I get
[rkelly@replicahostname ~]$ ipa user-find
ipa: ERROR: did not receive Kerberos credentials
[rkelly@replicahostname ~]$ kinit
Password for rke...@ipa2.dc.sita.aero:
We have a few services using IPA via LDAP.
E.G. Apache connecting
to ldap://snip/cn=users,cn=accounts,dc=ipa,dc=snip?uid
This works fine but users with expired passwords are still able to
authenticate.
Is there any way to stop this in FreeIPA, or do I have to
check krbPasswordExpiration in my
The krb5 files are not readable by everyone. There are multiple krb5 files
in tmp, should they automatically be readable by all? BTW our users do not
have home directories if that makes a difference.
[rkelly@replicahostname ~]$ ls -lZ /tmp |grep krb
-rw--- rootroot?
Thanks Rob, those bug reports help.
One more question, in the official Solaris 10 documentation, i see this
stuff -
-a proxyPassword={NS1}*fbc123a92116812*
userPassword:: *e1NTSEF9Mm53KytGeU81Z1dka1FLNUZlaDdXOHJkK093TEppY2NjRmt6Wnc9PQ*=
Is there a way to generate that password hash for a new
I can run commands after changing the permissions on the files, but why is
it generating files that are not world readable?
[rkelly@replicahostname ~]$ ll
total 84
-rw-r--r-- 1 rootroot 2428 Apr 9 22:34 krb5cc_0
-rw-r--r-- 1 xs05144 xs05144 1146 Apr 3 16:10 krb5cc_159920_u5RRhd
On 04/10/2014 08:03 AM, Matthew Symonds wrote:
We have a few services using IPA via LDAP.
E.G. Apache connecting
to ldap://snip/cn=users,cn=accounts,dc=ipa,dc=snip?uid
This works fine but users with expired passwords are still able to
authenticate.
Is there any way to stop this in
On 04/10/2014 11:41 AM, quest monger wrote:
Thanks Rob, those bug reports help.
One more question, in the official Solaris 10 documentation, i see
this stuff -
-aproxyPassword={NS1}*fbc123a92116812*
userPassword::*e1NTSEF9Mm53KytGeU81Z1dka1FLNUZlaDdXOHJkK093TEppY2NjRmt6Wnc9PQ*=
Is there a
On Thu, Apr 10, 2014 at 11:55:05AM -0400, rashard.ke...@sita.aero wrote:
I can run commands after changing the permissions on the files, but why is
it generating files that are not world readable?
[rkelly@replicahostname ~]$ ll
total 84
-rw-r--r-- 1 rootroot 2428 Apr 9 22:34
Sorry about that. So I am Looking at the Solaris 10 client documentation
here -
http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html
It says do the following on Solaris client -
ldapclient manual
...
-a proxyPassword={NS1}fbc123a92116812
Hello,
I'm looking to use puppet to add my servers to IPA automatically. This
would be used when building VMs from templates and their first puppet run
would add them into IPA.
I am wondering if anyone has any success with doing this? Any thing I
should consider... any gotchas.
Thanks!
--
On 04/10/2014 12:24 PM, Brent Clark wrote:
Hello,
I'm looking to use puppet to add my servers to IPA automatically. This
would be used when building VMs from templates and their first puppet
run would add them into IPA.
Google returns this
http://forge.puppetlabs.com/tags/freeipa
Dmitri Pal wrote:
On 04/10/2014 12:18 PM, quest monger wrote:
Sorry about that. So I am Looking at the Solaris 10 client
documentation here -
http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html
It says do the following on Solaris client -
On 04/10/2014 01:37 PM, Johan Petersson wrote:
Proxy user is only necessary if you disable anonymous bind on the IPA LDAP.
Example configuration for making Solaris 11 work as an IPA client.
If you want autofs of shared NFS home directory too, let me know and i can
provide it.
I will add this
SELinux is disabled, I changed the permissions back to the old ones and I
have the problem again, although as root I can kinit as myself and can run
commands. But not as the regular user. Do you have any strace examples to
share?
[root@replicahostname /tmp]# ll -Za
drwxrwxrwt. rootroot
On Thu, Apr 10, 2014 at 02:32:06PM -0400, rashard.ke...@sita.aero wrote:
SELinux is disabled, I changed the permissions back to the old ones and I
have the problem again, although as root I can kinit as myself and can run
commands. But not as the regular user. Do you have any strace examples
I feel dumb, but I cannot seem to find anything about this. How do I rekey the
self-signed CA cert for IdM/IPA? It seems like it should be something simple,
but I’m not finding anything. CentOS 6.5 install. If you’ve got a place to
point me towards, that would be wonderful.
Thanks,
Greg
Greg Harris wrote:
I feel dumb, but I cannot seem to find anything about this. How do I
rekey the self-signed CA cert for IdM/IPA? It seems like it should be
something simple, but I’m not finding anything. CentOS 6.5 install. If
you’ve got a place to point me towards, that would be
Close. The problem is to expose kerberized services in the local realm to
users holding foreign credentials, supporting SSO wherever possible. This
includes file sharing via NFS, kerberized web apps, ssh logins, and anything
else the local realm has to offer. SSSD can handle ssh logins (if
On 04/10/2014 05:40 PM, Nordgren, Bryce L -FS wrote:
Close. The problem is to expose kerberized services in the local realm to
users holding foreign credentials, supporting SSO wherever possible. This
includes file sharing via NFS, kerberized web apps, ssh logins, and anything
else the local
Greg Harris wrote:
Rob,
Thanks for the quick response. It’s version 3.0, as included in CentOS
6.5 EPEL. Yes, I’m running the IPA CA, installed as a self-signed
setup. By rekey, I mean generating a new Public/Private key pair for
the CA certificate, and then subsequently rekeying all of the
Dear all:
I added *.abc.net cet to certutil -d /etc/httpd/alias and
/etc/dirsrv/slapd-ABC-COM
But error comes out after when i login the UI of service and cick in entry .
cannot connect to 'https://cert1.abc.com:443/ca/agent/ca/displayBySerial':
[Errno -12276] (SSL_ERROR_BAD_CERT_DOMAIN)
24 matches
Mail list logo