On 25 Aug 2014, at 23:54, William Graboyes wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi Megan,
>
> I had the same problem with CENTOS 6.5 and free-ipa.
Megan had a different problem. We were able to get to the root cause in an
off-list discussion, the ldap_sasl_authid pa
On (25/08/14 14:54), William Graboyes wrote:
>Hi Megan,
>
>I had the same problem with CENTOS 6.5 and free-ipa. I did a ton of
>searching, and IIRC the conclusion was a bug in that version of sssd, I
>don't remember all of the details, however I do remember the work
>around.
>
>Create a system acc
On (25/08/14 08:33), Megan . wrote:
>ok. Changed debug_level to 7. I already it in the domain section (first
>line).
>
>
>
>Not sure if this makes a difference
>
>[root@map1 pam.d]# cat system-auth
>#%PAM-1.0
># This file is auto-generated.
># User changes will be destroyed the next time authcon
I've got my server up and running great with one exception every time I
reboot I have to login and flush the iptables or nothing can connect.
I've found a ton of fixes and none seem to work, I'm on FC20 does anyone
have experience with it and wouldn't mind helping?
--
Manage your subscription for
Ott, Dennis wrote:
> I have an IPA setup, one master, one replica; originally installed as v
> 2.x and later updated to v 3.0. For whatever reasons, the certs did not
> automatically renew and the services would no longer start. I updated
> the certs manually on the master using the procedure show
I have an IPA setup, one master, one replica; originally installed as v 2.x and
later updated to v 3.0. For whatever reasons, the certs did not automatically
renew and the services would no longer start. I updated the certs manually on
the master using the procedure shown at:
http://www.freeip
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Megan,
I had the same problem with CENTOS 6.5 and free-ipa. I did a ton of
searching, and IIRC the conclusion was a bug in that version of sssd, I
don't remember all of the details, however I do remember the work
around.
Create a system account
I spoke a little too soon... It's working fine (browser is using new cert
and also ldaps is using the new cert) except when you go to the certs page
on the ui.
https://DOMAIN/ipa/ui/#/e/cert/search
An error has occurred (IPA Error 4301: CertificateOperationError)
Certificate operation cannot be c
ok I think I got it again... If anyone is looking for this here is the
answer that worked for me
1. Here are the steps
1.
http://stackoverflow.com/questions/23374894/mod-nss-with-apache-public-certificate-issue?noredirect=1#comment36504881_23374894
-- start at Convert crt
Yago Fernández Pinilla wrote:
> I'm using FreeIpa 3.3.5. And according to what I saw, using the API,
> seems to be the best option.
>
> For the time being I just want to request tickets and check tickets.
>
> Is that possible?
> .
I'm still not sure what it is you're trying to do.
It's importan
Yago Fernández Pinilla wrote:
> I want to integrate it in other service. Is there any good documentation
> about the APIs?
We really need more details in order to help you.
The API for IPA is not documented though once you get the patterns down
it is fairly straightforward.
This of course is a c
I found this but I think it's just IPA certs?
http://www.freeipa.org/page/V4/CA_certificate_renewal
Basically I want to use my existing wildcard cert for https and ldaps...
I did this on my 3.3 install on CentOS but now I'm on a 4 install on Fedora
Core.
Any help would be more than appreciated!
T
I want to integrate it in other service. Is there any good documentation
about the APIs?
Thanks in advance
On Mon, Aug 25, 2014 at 3:08 PM, Jakub Hrozek wrote:
> On Mon, Aug 25, 2014 at 02:43:00PM +0200, Yago Fernández Pinilla wrote:
> > Hi,
> >
> > I would like to create a script in python th
On Mon, Aug 25, 2014 at 02:43:00PM +0200, Yago Fernández Pinilla wrote:
> Hi,
>
> I would like to create a script in python that does the same that kinit, I
> don´t where to start.
Why do you need this?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailm
Hi,
I would like to create a script in python that does the same that kinit, I
don´t where to start.
I have checked many examples and I guess I need to do some HTTP requests
against the server, is that possible to do it using freeipa? What is the
url?
Thanks in advance
Yago
--
Yago Fernández
ok. Changed debug_level to 7. I already it in the domain section (first line).
Not sure if this makes a difference
[root@map1 pam.d]# cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired pam_env.so
On Mon, Aug 25, 2014 at 08:02:02AM -0400, Megan . wrote:
> Below is the output from the sss_.log when i ran the sudo
> command as the user. I see things about offline replies and LDAP not
> working. Is this my problem or is this part of a normal series of
> items that are tried?
>
>
> (Mon Aug
On Mon, Aug 25, 2014 at 01:58:41PM +0200, Jakub Hrozek wrote:
> For sudo logs, something like:
>Debug sudo /tmp/sudo_debug all@debug
> Should produce pretty verbose logs
Sorry, I should have said the Debug directive belongs to /etc/sudo.conf
--
Manage your subscription for the Fr
On Mon, Aug 25, 2014 at 06:51:27AM -0400, Megan . wrote:
> Good Morning,
>
> I'm very new to freeIPA. I'm running centOS 6.5 with freeIPA v3
>
> I have the freeIPA server up but i'm working on getting SUDO
> configured. Currently i'm having problems getting sudo commands to
> work on the client
Below is the output from the sss_.log when i ran the sudo
command as the user. I see things about offline replies and LDAP not
working. Is this my problem or is this part of a normal series of
items that are tried?
(Mon Aug 25 11:53:23 2014) [sssd[be[server.example.com]]]
[be_get_account_info]
On (25/08/14 14:31), alireza baghery wrote:
>hi
>i integrated AD windows 208 R2 with IPA server (centos 6.5)
>i write a sudo policy and access for specified user and host with allow any
>command.
>user can execute sudo in centos 7 but when user loggin on centos 6.5 can
>not execute sudo and get err
On Mon, Aug 25, 2014 at 12:12:26PM +0200, Dmitri Pal wrote:
> On 08/25/2014 12:01 PM, alireza baghery wrote:
> >hi
> >i integrated AD windows 208 R2 with IPA server (centos 6.5)
> >i write a sudo policy and access for specified user and host with allow
> >any command.
> >user can execute sudo in ce
I have 4 installed and I get it when I try to generate the pk12
On Aug 25, 2014 3:50 AM, "Jan Cholasta" wrote:
> Hi,
>
> Dne 25.8.2014 v 03:04 Chris Whittle napsal(a):
>
>> Trying to do this
>> http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
>>
>> And I keep getting "Error u
On Mon, 25 Aug 2014, Martin Kosek wrote:
On 08/25/2014 12:51 PM, Megan . wrote:
Good Morning,
I'm very new to freeIPA.
Welcome on board!
I'm running centOS 6.5 with freeIPA v3
I have the freeIPA server up but i'm working on getting SUDO
configured. Currently i'm having problems getting su
On 08/25/2014 12:51 PM, Megan . wrote:
> Good Morning,
>
> I'm very new to freeIPA.
Welcome on board!
> I'm running centOS 6.5 with freeIPA v3
>
> I have the freeIPA server up but i'm working on getting SUDO
> configured. Currently i'm having problems getting sudo commands to
> work on the cli
Good Morning,
I'm very new to freeIPA. I'm running centOS 6.5 with freeIPA v3
I have the freeIPA server up but i'm working on getting SUDO
configured. Currently i'm having problems getting sudo commands to
work on the client. I'm a bit unclear if i have everything configured
correctly. The on
On 08/25/2014 12:01 PM, alireza baghery wrote:
hi
i integrated AD windows 208 R2 with IPA server (centos 6.5)
i write a sudo policy and access for specified user and host with
allow any command.
user can execute sudo in centos 7 but when user loggin on centos 6.5
can not execute sudo and get er
hi
i integrated AD windows 208 R2 with IPA server (centos 6.5)
i write a sudo policy and access for specified user and host with allow any
command.
user can execute sudo in centos 7 but when user loggin on centos 6.5 can
not execute sudo and get error below
user@AD is not in sudoers file.
i configu
On Sun, 24 Aug 2014, Nordgren, Bryce L -FS wrote:
Over the past month, I rearranged my local systems for our
collaboration environment. The essence of the work is to combine
employee identities (defined in AD) with identities for external users
(defined in FreeIPA), massage them so that they look
Hi,
Dne 8.8.2014 v 14:46 Nicklas Björk napsal(a):
Trying to upgrade from FreeIPA 3.0 running on CentOS 6 to 3.3 on CentOS
7 using migration. I seem to have run into some certificate problems and
the replica installation halts half-way through. We have a simple
CA-structure, where FreeIPA has bee
Hi,
Dne 25.8.2014 v 03:04 Chris Whittle napsal(a):
Trying to do this
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
And I keep getting "Error unable to get local issuer certificate getting
chain."
Where are you getting this error? ipa-server-certinstall, or httpd, or
s
On 08/22/2014 10:41 PM, Michael Lasevich wrote:
> Trying to use ipa command line admin tools from Ubuntu 14.04 box against
> 3.0.0 CentOS 6 server and running into trouble.
>
> Seems like upgrading server is not an option without upgrading the server,
> and 3.3.0 client is not compatible with 3.0.
32 matches
Mail list logo