Re: [Freeipa-users] Ubuntu sssd client -- FreeIPA Server fed from AD

Hey Guys Not sure if I am missing any bit but this was the thing in the end: http://generations.menteyarte.org/archives/195-freeipa-server-and-SSSD-on-Ubuntu.html I managed to have it working and I have documented all those nasty bits which might save people's time. The whole weekend gon

Re: [Freeipa-users] using dogtag outside of freeIPA?

On Fri, Mar 27, 2015 at 03:52:12PM -0500, Steve Neuharth wrote: > Hello, > > Is it possible or perhaps not recommended to use the dogtag API and/or UI > on a FreeIPA system without using the freeIPA CLI or UI? I have a > requirement to submit a certificate to a service without kerberos and > witho

Re: [Freeipa-users] Additional pre-authentication required, Ticket Wrong ?

Hi, I just tot home and typing from my cell so i'm suite short in words Create keytab for ldap-01.domain Kinit with that to ldap.domain Curl against ldap.domain Get a 301 which I manage from curl (goes well) Get kerberos ticket error now I don't kinit anymore so re-use my existing ticket and cur

Re: [Freeipa-users] Can freeIPA work without Kerberos and DNS

Thanks for getting back. 1. As security Kerberos can ticket and in memory can be taken and that session key Can be used to gain access every where. Primarily this because the plan is to use the solution in cloud. 2. Can I disable DNS as well? And have IPA to run only ldap, ssh key rotation an

Re: [Freeipa-users] ipa-cliebt-automount problem

Dmitri Pal wrote: > On 03/29/2015 06:00 PM, Günther J. Niederwimmer wrote: >> Hello, >> >> My automount is not working correct? >> >> I have a centos 7 with "cr" Update, this is IPA 4.1 and sssd 1.12 >> >> I have this Error in the logs >> >> automount[1899]: lookup_read_map: lookup(sss): getautomnt

Re: [Freeipa-users] Freeipa Server down !!

Dmitri Pal wrote: > On 03/29/2015 06:35 AM, Peter Fern wrote: >> On 29/03/15 05:46, Rob Crittenden wrote: >>> Should be back up now. >>> >>> rob >> >> Appears to be dead again. >> > It is in fact down again. > The quote is exceeded in the openshift gear. I cleaned up a log file which should buy a

Re: [Freeipa-users] Steps for automount

On 03/28/2015 12:22 PM, Jose Luis Mantilla wrote: Adding below mail: [root@server2 home]# ssh jmantilla@desktop2 jmantilla@desktop2's password: Creating home directory for jmantilla. Last login: Sat Mar 28 11:05:48 2015 from server2.example.com Could not chdir to ho

Re: [Freeipa-users] Additional pre-authentication required, Ticket Wrong ?

On 03/29/2015 04:47 AM, Matt . wrote: Hi Guys, Now my Certification issues are solved for using a loadbalancer in front of my ipa servers I get the following: Unable to verify your Kerberos credentials and in my logs: Additional pre-authentication required. This happens when I connect throug

Re: [Freeipa-users] Freeipa Server down !!

On 03/29/2015 06:35 AM, Peter Fern wrote: On 29/03/15 05:46, Rob Crittenden wrote: Should be back up now. rob Appears to be dead again. It is in fact down again. -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users

Re: [Freeipa-users] Can freeIPA work without Kerberos and DNS

On 03/29/2015 11:50 AM, Gokul wrote: Hi, I am tried to run some of my user cases with FreeIPA. Have FreeIPA to do only SSH key management in LDAP and PKI management. The understand that every request is kerberized and it has the DNS is must configuration. Can I have FreeIPA to run only SSH

Re: [Freeipa-users] ipa-cliebt-automount problem

On 03/29/2015 06:00 PM, Günther J. Niederwimmer wrote: Hello, My automount is not working correct? I have a centos 7 with "cr" Update, this is IPA 4.1 and sssd 1.12 I have this Error in the logs automount[1899]: lookup_read_map: lookup(sss): getautomntent_r: No such file or directory Is this

Re: [Freeipa-users] anonymous binds limits?

On 03/27/2015 08:22 PM, Janelle wrote: Hello, Just wondering if there is an easy way to increase anonymous binds on the back end for non Kerberos clients? I have seen some mention of it, and that IPA has limits, can't can't find a lot of detail? Thank you ~J I am not sure I understand what

Re: [Freeipa-users] Steps for automount

Adding below mail: [root@server2 home]# ssh jmantilla@desktop2 jmantilla@desktop2's password: Creating home directory for jmantilla. Last login: Sat Mar 28 11:05:48 2015 from server2.example.com Could not chdir to home directory /home/remoteusers/jmantilla: No such file or directory -sh-4.1$ pwd /

Re: [Freeipa-users] passwordStorageScheme

> -Original Message- > From: Sankar Ramlingam [mailto:sraml...@redhat.com] > Sent: Sunday, March 29, 2015 4:35 AM > To: Andy Thompson > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] passwordStorageScheme > > On 03/28/2015 12:32 AM, Andy Thompson wrote: > > > >> -Original

[Freeipa-users] Steps for automount

Can someone help me please? I would like that anyone write the steps only with 2 machines (server ipa with nfs, and ipa client), I executed the guide but isn't make it, I think that need some steps!!. There are 2 machines, server2.example.com (with ipa server and NFS) and desktop2.example.com (on

[Freeipa-users] ipa-cliebt-automount problem

Hello, My automount is not working correct? I have a centos 7 with "cr" Update, this is IPA 4.1 and sssd 1.12 I have this Error in the logs automount[1899]: lookup_read_map: lookup(sss): getautomntent_r: No such file or directory Is this correct with IPA 4.1 /etc/sysconfig/autofs and /etc/au

Re: [Freeipa-users] IPA Client Install on Amazon Linux

Quick question, if you have used Deion for ldap and Sudo, are all connections through Kerberos ? And all client and registered hosts will be in the same domain ? Gokul Sent from iPhone > On Mar 29, 2015, at 12:14 PM, Yogesh Sharma wrote: > > Thanks Gonzalo. Appreciate your help here, Let me

Re: [Freeipa-users] IPA Client Install on Amazon Linux

Thanks Gonzalo. Appreciate your help here, Let me try this. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com | Web: www.initd.in * RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile]

[Freeipa-users] Can freeIPA work without Kerberos and DNS

Hi, I am tried to run some of my user cases with FreeIPA. Have FreeIPA to do only SSH key management in LDAP and PKI management. The understand that every request is kerberized and it has the DNS is must configuration. Can I have FreeIPA to run only SSH Key management with LDAP and a PKI server

Re: [Freeipa-users] how can i give set of users to one particular host

HI i have compiled the pam_access modules successfuly and copied access.conf to /etc/security folder. i included other account requiredpam_access.so and added -:ben b...@infra.com:ALL but still user ben can able to access the machine anyone achieved this? On Tue, Mar 24, 2015 at

Re: [Freeipa-users] Freeipa Server down !!

On 29/03/15 05:46, Rob Crittenden wrote: Should be back up now. rob Appears to be dead again. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

[Freeipa-users] Additional pre-authentication required, Ticket Wrong ?

Hi Guys, Now my Certification issues are solved for using a loadbalancer in front of my ipa servers I get the following: Unable to verify your Kerberos credentials and in my logs: Additional pre-authentication required. This happens when I connect throught my loadbalancers, I see my server com

Re: [Freeipa-users] passwordStorageScheme

On 03/28/2015 12:32 AM, Andy Thompson wrote: -Original Message- From: Sankar Ramlingam [mailto:sraml...@redhat.com] Sent: Friday, March 27, 2015 2:00 PM To: Andy Thompson Subject: Re: [Freeipa-users] passwordStorageScheme On 03/27/2015 11:17 PM, Andy Thompson wrote: Can you show me th