On 03/10/2015 02:39 PM, Robert Erzen wrote:
Hi all,
I'm new to freeIPA and I'm researching how freeIPA bassically work.
How does this looks like from the perspective of the end user.
Can you please confirm or correct my knowledge about freeIPA functioning.
Let assume we have a mixed environme
On Mon, Mar 9, 2015 at 2:45 PM, Alexander Bokovoy
wrote:
> On Mon, 09 Mar 2015, Ben Slusky wrote:
>
>> Greetings FreeIPA users,
>>
>> I'm setting up FreeIPA service in our production environment to replace
>> several different authentication methods for various systems. I'm trying
>> to
>> migrat
On 03/10/2015 01:19 PM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 03/10/2015 10:22 AM, Rob Crittenden wrote:
K SHK wrote:
hi,
My hortonworks hadoop cluster is keberized with FreeIPA and works
splendid :)
I want to clarify if SSL authentication with out a login/password will
work against Fre
Hi all,
I'm new to freeIPA and I'm researching how freeIPA bassically work. How
does this looks like from the perspective of the end user.
Can you please confirm or correct my knowledge about freeIPA functioning.
Let assume we have a mixed environment of five freeIPA servers which are
gatheredint
I was told the GoDaddy certs were just imported using certutil -a but in
looking at the certs the original certs were actually replaced. This is only in
/etc/dirsrv/slapd-REALM-COM:
Certificate Nickname Trust Attributes
Dmitri Pal wrote:
> On 03/10/2015 10:22 AM, Rob Crittenden wrote:
>> K SHK wrote:
>>> hi,
>>>
>>> My hortonworks hadoop cluster is keberized with FreeIPA and works
>>> splendid :)
>>>
>>> I want to clarify if SSL authentication with out a login/password will
>>> work against FreeIPA...
>>>
>>> ie.
On Fri, Mar 6, 2015 at 1:53 PM, Martin Kosek wrote:
> On 03/06/2015 05:59 PM, Dan Mossor wrote:
>
>>
>> IT WORKS! WOOT!
>>
>> In the steps of researching a small issue on another hypervisor, I
>> discovered
>> that my underlying network, while operational, was not properly
>> configured. The
>> I
On Tue, 10 Mar 2015, Traiano Welcome wrote:
Hi Alexander
On Tue, Mar 10, 2015 at 12:08 PM, Alexander Bokovoy wrote:
On Tue, 10 Mar 2015, Traiano Welcome wrote:
However, I'm still not able to authenticate via the ssh->sssd path (I
cn get kerberos tickets for ad users via cli though), so I th
On 03/10/2015 10:22 AM, Rob Crittenden wrote:
K SHK wrote:
hi,
My hortonworks hadoop cluster is keberized with FreeIPA and works
splendid :)
I want to clarify if SSL authentication with out a login/password will
work against FreeIPA...
ie. client connects to apache webserver over SSL, and set
On 3/10/15 10:06 AM, Alexander Bokovoy wrote:
> We have http://www.freeipa.org/page/Documentation#User_Guides and going
> through user guide would be our recommended action. There is a whole
> chapter 6 in RHEL7 docs for upgrades and migration.
Ah, I see it now. I had no idea from the name that "
Hi Alexander
On Tue, Mar 10, 2015 at 12:08 PM, Alexander Bokovoy wrote:
> On Tue, 10 Mar 2015, Traiano Welcome wrote:
>>
>> However, I'm still not able to authenticate via the ssh->sssd path (I
>> cn get kerberos tickets for ad users via cli though), so I think that
>> incorrect dc discovery is
K SHK wrote:
> hi,
>
> My hortonworks hadoop cluster is keberized with FreeIPA and works
> splendid :)
>
> I want to clarify if SSL authentication with out a login/password will
> work against FreeIPA...
>
> ie. client connects to apache webserver over SSL, and sets in username via
>
> http://h
Dmitri Pal wrote:
> On 03/08/2015 05:25 PM, Jakub Hrozek wrote:
>> On Sun, Mar 08, 2015 at 04:51:08PM -0400, Rob Crittenden wrote:
>>> The IPA team has moved away from trying to provide direct support
>>> /documentation for non-Linux platforms since we don't have the in-house
>>> expertise. The doc
On Tue, 10 Mar 2015, Benjamin Reed wrote:
On 3/10/15 9:31 AM, Alexander Bokovoy wrote:
Are you following these instructions?
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html
Aha! No. T
On 3/10/15 9:31 AM, Alexander Bokovoy wrote:
> Are you following these instructions?
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html
Aha! No. There are so many false positives in google
@Martin Basti that was it. Thanks so much for the assistance.
@Petr Spacek also thanks for the reply also. I failed to provide some
rather important information that you mentioned.
Thanks all for your the help.
On Tue, Mar 10, 2015 at 1:35 AM, Petr Spacek wrote:
> Hello!
>
> First of all, what
On Tue, 10 Mar 2015, Benjamin Reed wrote:
I'm attempting to migrate FreeIPA from an RHEL6 server to a CentOS7 server.
When I run ipa-replica-install to set up the CentOS7 server, I get the
following error:
ipa : CRITICAL The master CA directory server does not have
necessary schema. Pl
I'm attempting to migrate FreeIPA from an RHEL6 server to a CentOS7 server.
When I run ipa-replica-install to set up the CentOS7 server, I get the
following error:
> ipa : CRITICAL The master CA directory server does not have
> necessary schema. Please copy the following script to all CA
On Tue, 10 Mar 2015, Guertin, David S. wrote:
You should be able to 'see' them via getent passwd but they should not be
allowed to login when HBAC_ALLOW_ALL is disabled.
Ah, OK, thanks, that's what is happening. I can see them with getent
passwd and id, and I can su to them, but I can't log in
> You should be able to 'see' them via getent passwd but they should not be
> allowed to login when HBAC_ALLOW_ALL is disabled.
Ah, OK, thanks, that's what is happening. I can see them with getent passwd and
id, and I can su to them, but I can't log in as them.
On the other hand, I also can't lo
On Tue, Mar 10, 2015 at 11:14:21AM +, Guertin, David S. wrote:
> > > Seems the initial/default setup for IPA server is to put in an 'allow_all'
> > rule. Thus you can actively manage HBAC but out of the box, it is
> > essentially
> > turned off by that rule.
> >
> > Yes. The default was the o
On Tue, 10 Mar 2015, Guertin, David S. wrote:
> Seems the initial/default setup for IPA server is to put in an 'allow_all'
rule. Thus you can actively manage HBAC but out of the box, it is essentially
turned off by that rule.
Yes. The default was the opposite very long time ago, you had to expli
On 10.3.2015 12:14, Guertin, David S. wrote:
>>> Seems the initial/default setup for IPA server is to put in an 'allow_all'
>> rule. Thus you can actively manage HBAC but out of the box, it is essentially
>> turned off by that rule.
>>
>> Yes. The default was the opposite very long time ago, you ha
> > Seems the initial/default setup for IPA server is to put in an 'allow_all'
> rule. Thus you can actively manage HBAC but out of the box, it is essentially
> turned off by that rule.
>
> Yes. The default was the opposite very long time ago, you had to explicitly
> enable access to the box. But
>>I have already:
>>- created an IPA group called ad_users.
>>- created an IPA group called ad_users_external.
> Did you create this group with --external?
Doh! Nope, somehow I missed that. I've done that and that part is working now.
But the other part of the question remains, i.e. I'm still se
hi,
My hortonworks hadoop cluster is keberized with FreeIPA and works splendid
:)
I want to clarify if SSL authentication with out a login/password will work
against FreeIPA...
ie. client connects to apache webserver over SSL, and sets in username via
http://httpd.apache.org/docs/2.2/mod/mod_ss
On Tue, Mar 10, 2015 at 09:47:18AM +0100, Sumit Bose wrote:
> On Mon, Mar 09, 2015 at 08:27:05PM -0400, Dmitri Pal wrote:
> > On 03/09/2015 03:40 PM, Jakub Hrozek wrote:
> > >On Mon, Mar 09, 2015 at 02:58:14PM -0400, Dmitri Pal wrote:
> > >>On 03/09/2015 02:29 PM, Traiano Welcome wrote:
> > >>>Hi A
On Tue, 10 Mar 2015, Traiano Welcome wrote:
However, I'm still not able to authenticate via the ssh->sssd path (I
cn get kerberos tickets for ad users via cli though), so I think that
incorrect dc discovery is not really the issue here. Instead, it seem
the ldap query against the discovered AD do
On Mon, Mar 9, 2015 at 9:49 PM, Alexander Bokovoy wrote:
> On Mon, 09 Mar 2015, Traiano Welcome wrote:
>>
>> Hi Alexander
>>
>> Thanks for the response:
>>
>> On Mon, Mar 9, 2015 at 8:04 PM, Alexander Bokovoy
>> wrote:
>>>
>>> On Mon, 09 Mar 2015, Traiano Welcome wrote:
Hi List
>>>
On Mon, Mar 09, 2015 at 08:27:05PM -0400, Dmitri Pal wrote:
> On 03/09/2015 03:40 PM, Jakub Hrozek wrote:
> >On Mon, Mar 09, 2015 at 02:58:14PM -0400, Dmitri Pal wrote:
> >>On 03/09/2015 02:29 PM, Traiano Welcome wrote:
> >>>Hi Alexander
> >>>
> >>> Thanks for the response:
> >>>
> >>>On Mon, Mar
Hello!
First of all, what version of FreeIPA do you use? FreeIPA 4.1.what?
On 9.3.2015 19:18, Matt Wells wrote:
> I'm getting some errors on a DNS Zone that I'm attempting to create.
> My systems reside within a sub-domain of example.com.
> (xyz.example.com)
> Of course example.com is the interne
On 09/03/15 19:18, Matt Wells wrote:
I'm getting some errors on a DNS Zone that I'm attempting to create.
My systems reside within a sub-domain of example.com.
(xyz.example.com)
Of course example.com is the internet address, but I want to host the
internal example.com so we're able to point to in
32 matches
Mail list logo