On 05/11/2015 05:14 PM, Thibaut Pouzet wrote:
> Hi !
>
> I am running into a weird problem with my IPA Server, and the
> certificates management. My setup is :
> CentOS 6.6
> pki-ca-9.0.3-38.el6_6.noarch
> ipa-server-3.0.0-42.el6.centos.x86_64
> Linux ipa_server 2.6.32-504.16.2.el6.x86_64 #1 SMP W
On Tue, 12 May 2015, Arthur Fayzullin wrote:
В Пн, 11/05/2015 в 11:35 -0400, Dmitri Pal пишет:
AFAIR some time ago we stopped fetching host cert by default. There was
no use of it so we decided not issue a cert that has not practical use.
--
Thank you,
Dmitri Pal
Director of Engineering for Id
В Пн, 11/05/2015 в 11:35 -0400, Dmitri Pal пишет:
> AFAIR some time ago we stopped fetching host cert by default. There was
> no use of it so we decided not issue a cert that has not practical use.
>
> --
> Thank you,
> Dmitri Pal
>
> Director of Engineering for IdM portfolio
> Red Hat, Inc.
>
I have about the same setup:
This is the setup (everything is up-to-date):
- ipa-server: F21, ipa-server 4.1, samba 4.1
- win-client: Windows 7 Home Premium
I tried to enroll the win-client in the domain but failed on the windows
side due to home editions not being able to join a domain.
But I ca
On Mon, 11 May 2015, Vangass wrote:
OK. But the answer granted/declined comes from IPA. So why IPA doesn't
check its own HBAC rules at all?
Maybe the line 'account required pam_sss.so' isn't
necessary/required. I just want to do authentication by IPA HBAC rules.
Authentication and acco
OK. But the answer granted/declined comes from IPA. So why IPA doesn't
check its own HBAC rules at all?
Maybe the line 'account required pam_sss.so' isn't
necessary/required. I just want to do authentication by IPA HBAC rules.
Thanks,
Bartek.
2015-05-11 17:22 GMT+02:00 Sumit Bose :
> O
On 05/11/2015 09:53 AM, Petr Spacek wrote:
On 11.5.2015 14:51, Arthur Fayzullin wrote:
Have a nice day!
I think that I have found somethings that are mispresent and unpresent in
documentation.
I have tried to configure debian jessie as a freeipa client. This has been done
in 2 ways:
* refere
On Mon, May 11, 2015 at 05:15:31PM +0200, Sumit Bose wrote:
> On Mon, May 11, 2015 at 04:47:01PM +0200, Lukas Slebodnik wrote:
> > On (11/05/15 14:57), Vangass wrote:
> > >Hi,
> > >
> > >I try to access Cisco switch via ssh. Cisco has tacacs login configured.
> > >
> > ># tail /var/log/secure
> > >
Hi !
I am running into a weird problem with my IPA Server, and the
certificates management. My setup is :
CentOS 6.6
pki-ca-9.0.3-38.el6_6.noarch
ipa-server-3.0.0-42.el6.centos.x86_64
Linux ipa_server 2.6.32-504.16.2.el6.x86_64 #1 SMP Wed Apr 22 06:48:29
UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
Th
On Mon, May 11, 2015 at 04:47:01PM +0200, Lukas Slebodnik wrote:
> On (11/05/15 14:57), Vangass wrote:
> >Hi,
> >
> >I try to access Cisco switch via ssh. Cisco has tacacs login configured.
> >
> ># tail /var/log/secure
> >May 11 14:18:46 freeipa tac_plus[29096]: pam_sss(tac_plus:auth):
> >authenti
On (11/05/15 14:57), Vangass wrote:
>Hi,
>
>I try to access Cisco switch via ssh. Cisco has tacacs login configured.
>
># tail /var/log/secure
>May 11 14:18:46 freeipa tac_plus[29096]: pam_sss(tac_plus:auth):
>authentication success; logname=bartosz uid=0 euid=0 tty= ruser= rhost=
>user=bartosz
>Ma
On 11.5.2015 14:51, Arthur Fayzullin wrote:
> Have a nice day!
>
> I think that I have found somethings that are mispresent and unpresent in
> documentation.
> I have tried to configure debian jessie as a freeipa client. This has been
> done in 2 ways:
>
> * reference instalation:
> I have inst
On Wed, Apr 29, 2015 at 10:57:45AM +, Andy Thompson wrote:
> In the environment I'm working on currently we have a single trusted AD
> domain and will never have any additional domain trusts in place. Is there a
> way to allow users to login without using @ad_domain in their username? We
>
Have a nice day!
I think that I have found somethings that are mispresent and unpresent in
documentation.
I have tried to configure debian jessie as a freeipa client. This has been done
in 2 ways:
* reference instalation:
I have installed freeipa-client package from sid and configured host by r
Hi,
I try to access Cisco switch via ssh. Cisco has tacacs login configured.
# tail /var/log/secure
May 11 14:18:46 freeipa tac_plus[29096]: pam_sss(tac_plus:auth):
authentication success; logname=bartosz uid=0 euid=0 tty= ruser= rhost=
user=bartosz
May 11 14:18:53 freeipa tac_plus[29096]: pam_ss
> -Original Message-
> From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
> boun...@redhat.com] On Behalf Of Jan Pazdziora
> Sent: Monday, May 11, 2015 8:14 AM
> To: Alexander Bokovoy
> Cc: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] multi homed environment
>
> On Fr
On Fri, May 08, 2015 at 05:21:09PM +0300, Alexander Bokovoy wrote:
> On Fri, 08 May 2015, Andy Thompson wrote:
> On Fri, 08 May 2015, Andy Thompson wrote:
> >
> >I'm having an issue with adding a trust to the domain with the error
> >below
> >
> >ipa: ERROR: CIFS serve
On Mon, May 11, 2015 at 01:57:38PM +0200, Jakub Hrozek wrote:
> On Mon, May 11, 2015 at 01:19:01PM +0200, Vangass wrote:
> > Hello,
> >
> > I have a problem with HBAC rules with conjunction with PAM authentication.
> > What I try to do is to authenticate users: tac_plus - PAM (pam_sssd) -
> > Free
On Mon, May 11, 2015 at 01:19:01PM +0200, Vangass wrote:
> Hello,
>
> I have a problem with HBAC rules with conjunction with PAM authentication.
> What I try to do is to authenticate users: tac_plus - PAM (pam_sssd) -
> FreeIPA.
> It works just fine but without checking HBAC rules.
> What I did:
>
Hello,
I have a problem with HBAC rules with conjunction with PAM authentication.
What I try to do is to authenticate users: tac_plus - PAM (pam_sssd) -
FreeIPA.
It works just fine but without checking HBAC rules.
What I did:
- disabled allow_all rule
- created new rule with one user and one servi
On Sun, 10 May 2015, Janelle wrote:
On 5/5/15 6:47 AM, Dmitri Pal wrote:
On 05/04/2015 09:38 PM, Janelle wrote:
On 5/4/15 6:06 PM, Nathaniel McCallum wrote:
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem
21 matches
Mail list logo