On (25/08/14 08:33), Megan . wrote:
ok. Changed debug_level to 7. I already it in the domain section (first
line).
Not sure if this makes a difference
[root@map1 pam.d]# cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is
On (25/08/14 14:54), William Graboyes wrote:
Hi Megan,
I had the same problem with CENTOS 6.5 and free-ipa. I did a ton of
searching, and IIRC the conclusion was a bug in that version of sssd, I
don't remember all of the details, however I do remember the work
around.
Create a system account
On 25 Aug 2014, at 23:54, William Graboyes wgrabo...@cenic.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Megan,
I had the same problem with CENTOS 6.5 and free-ipa.
Megan had a different problem. We were able to get to the root cause in an
off-list discussion, the
Thanks for the info!
I will work more on this and comment my progress
On Mon, Aug 25, 2014 at 5:48 PM, Rob Crittenden rcrit...@redhat.com wrote:
Yago Fernández Pinilla wrote:
I'm using FreeIpa 3.3.5. And according to what I saw, using the API,
seems to be the best option.
For the
I have checked what you told me.
What I would like to do is: having a user and a password, authenticate
against the kerberos server using a python script (not using kinit) and
then be able to access to the ticket that is returned back by kerberos.
User - Service -- Kerberos
The user
sorry for delay
file sssd.conf:
==
domain/example.com]
debug_level = 6
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = l.example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = client1.l.example.com
chpass_provider = ipa
On (26/08/14 16:50), alireza baghery wrote:
sorry for delay
file sssd.conf:
==
domain/example.com]
debug_level = 6
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = l.example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname =
systemctl stop firewalld
systemctl disable firewalld
systemctl stop iptables
systemctl disable iptables
sudo iptables -nvL
This is not a recommended config, as a firewall will save your bacon
without you realizing it. Fwbuilder is a great package in the fedora repos
that will write excellent
brendan kearney wrote:
systemctl stop firewalld
systemctl disable firewalld
systemctl stop iptables
systemctl disable iptables
sudo iptables -nvL
This is not a recommended config, as a firewall will save your bacon
without you realizing it. Fwbuilder is a great package in the fedora
Here is what I found that seems to work from
http://adam.younglogic.com/2013/04/firewall-d-for-freeipa/
It only has to be ran once...
cat /etc/firewalld/services/kerberos.xml EOD
?xml version=1.0 encoding=utf-8?
service
shortkerberos/short
descriptionKerberos/description
port protocol=tcp
So I have a user called mac_slave that is used to verify a that a user is
active or not and also used to bind a mac laptop to freeipa's ldap.
What I want to do is limit what that used can do and see, for example I
wwant to keep them from logging in to my macs (i think i can do that by
moving them
Chris,
My understanding is that firewalld services are where we're heading
but I'm not entirely
sure how much or how little of these are fully supported/available yet.
I've copied Thomas - he'll know :-)
-m
On 08/26/2014 10:26 AM, Chris Whittle wrote:
Here is what I found that seems to
This actually died after restart so I ended up starting over...
So here is the process I did that looks like it works and also survives
restart
Step 1 - Before install
http://stackoverflow.com/questions/23374894/mod-nss-with-apache-public-certificate-issue?noredirect=1#comment36504881_23374894
I have successfully enabled SNMP monitoring of FreeIPA server following the
instructions available at RedHat's portal:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Monitoring_DS_Using_SNMP.html
The problem is I cannot retrieve any metrics
Problem resolved. I completely forgot to check the access privileges in
/etc/snmp/snmpd.conf. By default NET-SNMP configures the agent to provide
access to .iso.org.dod.internet.mgmt. sub-tree only.
The redhat sub-tree is under .iso.org.dod.internet.private.enterprises. I
had to add a view on this
Ott, Dennis wrote:
No services are currently running on the replica (and I am hesitant to start
them) but, my recollection is that I did the replica server installation with
the --setup-ca option. Also, there are /var/lib/dirsrv/slapd-PKI-IPA/ and
/etc/pki-ca/ directories in place on the
Thanks for sharing your (rather painful) experience, I am glad you made it
working in the end.
Just note that we are currently (read FreeIPA 4.0.x and FreeIPA 4.1) working
making the cert operations in the installers smoother so that after so that
people like you would have much easier job.
On 08/26/2014 11:43 AM, Yago Fernández Pinilla wrote:
I have checked what you told me.
What I would like to do is: having a user and a password, authenticate
against the kerberos server using a python script (not using kinit)
and then be able to access to the ticket that is returned back by
Hi all...
Migrating from Open LDAP and it works fine to FreeIPA to 3.x but 4.x I
get migration errors?
/Constraint violation: invalid password syntax - passwords with storage
scheme are not allowed/
I did find one reference to this in the archives, but it references
389-ds 1.3.2.20 and i
19 matches
Mail list logo
