Re: [Freeipa-users] FreeIPA + Foreman 1.5

On 04/24/2014 10:46 PM, Dmitri Pal wrote: On 04/23/2014 07:23 PM, Stephen Benjamin wrote: ... I am not sure it is doing the right thing. In the blog you specify bindpw for SUDO, this means you are configuring SUDO without SSSD integration. If you use IPA it is a command switch on the

Re: [Freeipa-users] FreeIPA + Foreman 1.5

On 25.4.2014 09:07, Martin Kosek wrote: On 04/24/2014 10:46 PM, Dmitri Pal wrote: On 04/23/2014 07:23 PM, Stephen Benjamin wrote: ... I am not sure it is doing the right thing. In the blog you specify bindpw for SUDO, this means you are configuring SUDO without SSSD integration. If you use

Re: [Freeipa-users] services and openSSL and stuff

What are the certs for? At the moment for a third party application however we would like to issue our own certs for everything SSL such as LDAPs or OpenVPN. It is quite a powerful feature to be able to install an organisations root key on a clients machine and then be able to bosh out certs at

Re: [Freeipa-users] Free IPA and Google Apps

On 04/25/2014 01:59 AM, Chris Whittle wrote: I am wanting to use Free IPA as the authentication source for Google Apps. I can't seem to find any documentation on how to accomplish this. Anyone have any experience they would be willing to share? Or install is on CentOS 6.5 fyi. I did a

Re: [Freeipa-users] Hardening freeipa on the internet

On 04/25/2014 09:50 AM, Andrew Holway wrote: Hello, I am having a think about running freeipa on the open seas for more distributed organisations and would like to understand where the weaknesses might be. I would almost certainly only make the ui unavailable however I am unsure about the

Re: [Freeipa-users] FreeIPA + Foreman 1.5

- Original Message - From: Jan Cholasta jchol...@redhat.com To: Martin Kosek mko...@redhat.com, d...@redhat.com, Stephen Benjamin stben...@redhat.com Cc: freeipa-users@redhat.com Sent: Friday, April 25, 2014 9:44:37 AM Subject: Re: [Freeipa-users] FreeIPA + Foreman 1.5 AFAIK you

Re: [Freeipa-users] FreeIPA + Foreman 1.5

On 04/25/2014 10:16 AM, Stephen Benjamin wrote: - Original Message - From: Jan Cholasta jchol...@redhat.com To: Martin Kosek mko...@redhat.com, d...@redhat.com, Stephen Benjamin stben...@redhat.com Cc: freeipa-users@redhat.com Sent: Friday, April 25, 2014 9:44:37 AM Subject: Re:

Re: [Freeipa-users] Are replica gpg files reusable?

On 25.4.2014 00:15, Dave Jones wrote: Hi Rob, I was considering installing replicas using puppet. Having pre-prepared replica files available would be easier than having to run an ipa-replica-prepare and scp copy. I had guessed the ldap/kerberos replication would handle the

Re: [Freeipa-users] FreeIPA + Foreman 1.5

- Original Message - From: Martin Kosek mko...@redhat.com To: Stephen Benjamin stben...@redhat.com, Jan Cholasta jchol...@redhat.com Cc: d...@redhat.com, freeipa-users@redhat.com, Tomas Babej tba...@redhat.com Sent: Friday, April 25, 2014 10:54:13 AM Subject: Re: [Freeipa-users]

Re: [Freeipa-users] Free IPA and Google Apps

Thanks Martin, I found a few notes on FreeIPA and GADS but most were people saying not to do it on principal but nothing saying if it's possible or not. I like the SAML option, including the mysterious ipsilon (Is there anything more than the git repo yet?), but wonder how much control it has.

Re: [Freeipa-users] Free IPA and Google Apps

On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote: Thanks Martin, I found a few notes on FreeIPA and GADS but most were people saying not to do it on principal but nothing saying if it's possible or not. I like the SAML option, including the mysterious ipsilon (Is there anything more

Re: [Freeipa-users] Free IPA and Google Apps

Thank you Simo! Does anyone have any more info/experience on using GADS and FreeIPA that they would be willing to share? On Fri, Apr 25, 2014 at 7:39 AM, Simo Sorce sso...@redhat.com wrote: On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote: Thanks Martin, I found a few notes on FreeIPA

Re: [Freeipa-users] FreeIPA + Foreman 1.5

On 04/25/2014 07:44 AM, Martin Kosek wrote: On 04/25/2014 01:23 PM, Stephen Benjamin wrote: ... authconfig --nisdomain example.com --update nisdomainname example.com On Fedora or RHEL 7.0, you would also need to enable systemd service to make the NIS domain name setup persistent: # service

Re: [Freeipa-users] Are replica gpg files reusable?

On 04/25/2014 05:06 AM, Petr Spacek wrote: On 25.4.2014 00:15, Dave Jones wrote: Hi Rob, I was considering installing replicas using puppet. Having pre-prepared replica files available would be easier than having to run an ipa-replica-prepare and scp copy. I had guessed the ldap/kerberos

Re: [Freeipa-users] services and openSSL and stuff

On 04/25/2014 03:57 AM, Andrew Holway wrote: What are the certs for? At the moment for a third party application however we would like to issue our own certs for everything SSL such as LDAPs or OpenVPN. It is quite a powerful feature to be able to install an organisations root key on a clients

Re: [Freeipa-users] FreeIPA + Foreman 1.5

On 04/25/2014 09:52 AM, Stephen Benjamin wrote: - Original Message - From: Dmitri Pal d...@redhat.com To: Martin Kosek mko...@redhat.com, Stephen Benjamin stben...@redhat.com Cc: Jan Cholasta jchol...@redhat.com, freeipa-users@redhat.com, Tomas Babej tba...@redhat.com Sent: Friday,

Re: [Freeipa-users] Free IPA and Google Apps

On 04/25/2014 09:51 AM, Simo Sorce wrote: On Fri, 2014-04-25 at 09:29 -0400, Dmitri Pal wrote: On 04/25/2014 08:39 AM, Simo Sorce wrote: On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote: Thanks Martin, I found a few notes on FreeIPA and GADS but most were people saying not to do it on

Re: [Freeipa-users] Free IPA and Google Apps

On Fri, 2014-04-25 at 10:00 -0400, Dmitri Pal wrote: On 04/25/2014 09:51 AM, Simo Sorce wrote: On Fri, 2014-04-25 at 09:29 -0400, Dmitri Pal wrote: On 04/25/2014 08:39 AM, Simo Sorce wrote: On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote: Thanks Martin, I found a few notes on

Re: [Freeipa-users] Are replica gpg files reusable?

Dmitri Pal wrote: On 04/25/2014 05:06 AM, Petr Spacek wrote: On 25.4.2014 00:15, Dave Jones wrote: Hi Rob, I was considering installing replicas using puppet. Having pre-prepared replica files available would be easier than having to run an ipa-replica-prepare and scp copy. I had guessed

Re: [Freeipa-users] FreeIPA + Foreman 1.5

- Original Message - From: Dmitri Pal d...@redhat.com To: Stephen Benjamin stben...@redhat.com Cc: Martin Kosek mko...@redhat.com, Jan Cholasta jchol...@redhat.com, freeipa-users@redhat.com, Tomas Babej tba...@redhat.com Sent: Friday, April 25, 2014 3:59:31 PM Subject: Re:

Re: [Freeipa-users] FreeIPA + Foreman 1.5

On 04/25/2014 10:29 AM, Stephen Benjamin wrote: - Original Message - From: Dmitri Pal d...@redhat.com To: Stephen Benjamin stben...@redhat.com Cc: Martin Kosek mko...@redhat.com, Jan Cholasta jchol...@redhat.com, freeipa-users@redhat.com, Tomas Babej tba...@redhat.com Sent: Friday,

Re: [Freeipa-users] Are replica gpg files reusable?

This type of behavior is generally beyond what Puppet should do because it involves two systems retrieving information directly from one another and the puppet master can't reasonably serve as the repository of that information. Using a separate tool will likely work better. There's at least two

Re: [Freeipa-users] Are replica gpg files reusable?

On 04/25/2014 12:48 PM, Justin Brown wrote: This type of behavior is generally beyond what Puppet should do because it involves two systems retrieving information directly from one another and the puppet master can't reasonably serve as the repository of that information. Using a separate tool

Re: [Freeipa-users] Are replica gpg files reusable?

Justin Brown wrote: This type of behavior is generally beyond what Puppet should do because it involves two systems retrieving information directly from one another and the puppet master can't reasonably serve as the repository of that information. Using a separate tool will likely work better.