On 07/10/2015 02:56 AM, Janelle wrote:
Hello,
I see 4.2 is released today with lots of cool new features. I think I
understand the new Vault, but am not familiar with KRA? Wondering if there
might be some information on what this is?
~Janelle
KRA (or DRM) is the Dogtag subsystem we use for V
On 07/09/2015 01:25 PM, Joseph, Matthew (EXP) wrote:
Hello,
We are currently in the process of replacing our IdM 3.x server with 4.x.
There are going to be some major directory changes during the upgrade so I need
to keep both the old and new IdM servers up and running separately.
This danger
On 07/09/2015 11:09 AM, Rudolf Gabler wrote:
Hi,
we are dealing with a huge number of mail aliases which are not purely user
aliases but distribution-lists, actions on distribution-list and so on
(mailman).
There was a former sendmail.schema in fedora-ds (we are using fds 21 at the
moment), w
On 07/08/2015 10:11 AM, ilaria cianci wrote:
Hi All,
I am a new user and I have a question about FreeIPA authentication methods.
Can FreeIPA select different auth methods (i.e. otp, password, etc) for the
same user based on the service he wants to access? I mean using this user
should use o
Hello,
I see 4.2 is released today with lots of cool new features. I think I
understand the new Vault, but am not familiar with KRA? Wondering if
there might be some information on what this is?
~Janelle
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/m
Ah! Perfect! Thank you, Craig!
On 7/9/15, 4:33 PM, "Craig White" wrote:
>Should be relatively easy enough using ipa-admintools cli
>
>ipa help dnsrecord-add
>
>Craig White
>System Administrator
>O 623-201-8179 M 602-377-9752
>
>
>
>SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ
Hello,
I've been given a list of DNS info [ipaddress, FQDN]
to import into FreeIPA. The current DNS setup doesn't
allow me to do a zone transfer so the zone2dyndb-ldif
tool won't help me at the moment.
I'm hoping there is another method I can leverage to
do the import. Some kind of API call would
(Not sure if this message went through initially, this is a resend.)
I'm trying to add a freeIPA client on a Ubuntu 14.04.02 Version and it's
failing. Here is somebackground information. We lost (RIP) our main IPA
server ipa.mydomain.com a while ago, but we were able to fail over to a replica
On Thu, 2015-07-09 at 19:14 +, John Williams wrote:
> I'm trying to add a freeIPA client on a Ubuntu 14.04.02 Version and it's
> failing. Here is somebackground information. We lost (RIP) our main IPA
> server ipa.mydomain.com a while ago, but we were able to fail over to a
> replica calle
I'm trying to add a freeIPA client on a Ubuntu 14.04.02 Version and it's
failing. Here is somebackground information. We lost (RIP) our main IPA
server ipa.mydomain.com a while ago, but we were able to fail over to a replica
called ipa2. Since then we've built a redundant ipa3.mydomain.com re
Hi Martin
I have taken the plunge, and created a detailed HOWTO at
http://www.freeipa.org/page/HowTos/LDAP_authentication_for_Atlassian_JIRA_using_FreeIPA
@Petr, for the moment I have left your HOWTO / link in place, but have also
linked to that thread from my HOWTO.
I hope it helps
Chris
Fr
On Thu, 09 Jul 2015, Nicola Canepa wrote:
If I enable the PAM plugin of 389-ds, I'm able to let users be
authenticated by PAM, even if the user is not present il LDAP, hence
the plain-text password is passed to PAM.
The only missing step is: if PAM correctly authenticates a
non-existing user, i
On 07/09/2015 08:36 AM, Nicola Canepa wrote:
If I enable the PAM plugin of 389-ds, I'm able to let users be
authenticated by PAM, even if the user is not present il LDAP, hence
the plain-text password is passed to PAM.
The only missing step is: if PAM correctly authenticates a
non-existing user
If I enable the PAM plugin of 389-ds, I'm able to let users be
authenticated by PAM, even if the user is not present il LDAP, hence the
plain-text password is passed to PAM.
The only missing step is: if PAM correctly authenticates a non-existing
user, it should be created (using the just supplie
Yeah I knew that the passync utility would only communicate with 1 server.
I'm not too worried about password sync for our new IdM server until it
actually replaces the old server.
I just didn't know how Windows would handle having multiple CA certs and if it
would get cranky because of it. Last
On 07/09/2015 07:23 AM, Rob Crittenden wrote:
Joseph, Matthew (EXP) wrote:
Hello,
We are currently in the process of replacing our IdM 3.x server with
4.x.
There are going to be some major directory changes during the upgrade so
I need to keep both the old and new IdM servers up and running
On Fri, Jun 26, 2015 at 09:19:51PM -0400, Dmitri Pal wrote:
> On 05/19/2015 05:29 AM, thewebbie wrote:
> >
> >My requirements is to replace dozens of htaccess folders on one server.
> >Each folder requiring a user group. So Host based will not work in this
> >case
>
> Was this resolved in some way
Joseph, Matthew (EXP) wrote:
Hello,
We are currently in the process of replacing our IdM 3.x server with 4.x.
There are going to be some major directory changes during the upgrade so
I need to keep both the old and new IdM servers up and running separately.
Part of our configuration is using t
On Thu, 09 Jul 2015, Nicola Canepa wrote:
Thank you Alexander.
If the previous password is not used, I could set an impossible-hash
password (such as "{crypt}*") and let users login authenticating
trhough PAM?
How would you authenticate then? Remember that it is the hash in
userPassword attrib
Martin Chamambo wrote:
I have the following configuration below and im able to login via SSH
into a 32 bit server. With the same username im able to login on other
servers
Please see https://fedorahosted.org/sssd/wiki/Troubleshooting for the
information necessary to assist.
rob
--
Manage yo
Matt . wrote:
I now get: [Thu Jul 09 02:50:18.815219 2015] [:error] [pid 16615]
Certificate not found: 'Server-Cert'
So, it's no good at all :)
I think you need to take a step back and tell us what you've done to get
into this situation.
The error messages are fairly clear. The first one wa
Thank you Alexander.
If the previous password is not used, I could set an impossible-hash
password (such as "{crypt}*") and let users login authenticating trhough
PAM?
Or I could put the "user-add" in the pam_exec script (but only if the
user does not already exists).
I'll test both ways.
Ni
On Thu, 09 Jul 2015, Nicola Canepa wrote:
OK, I'm sorry for the little information provided: I can't do
migrate-ds, since I'm not coming from a "DS" (which can only be
another LDAP server, I guess).
The only thing I can expect is that users will login to one of the
applicazions which I put unde
OK, I'm sorry for the little information provided: I can't do
migrate-ds, since I'm not coming from a "DS" (which can only be another
LDAP server, I guess).
The only thing I can expect is that users will login to one of the
applicazions which I put under FreeIPA authentication.
So I mixed the "N
Nicola,
perhaps it would help if you explain what did you mean by saying below
My problem is with Kerberos and FreeIPA web GUI, which don't accept LDAP
users not created by IPA.
When you enabled migration mode and actually migrated users with 'ipa
migrate-ds' command, you will have those users
> -Original Message-
> From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
> boun...@redhat.com] On Behalf Of Andy Thompson
> Sent: Monday, July 6, 2015 2:28 PM
> To: Rich Megginson; freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] nsslapd-maxbersize and cachememsize
>
> >
2015-06-29 19:37 GMT+02:00 Alexandre Ellert :
> Hello,
>
> I have a problem on a replica server running Centos 7.1 and ipa
> 4.1.0-18.el7.centos.3.x86_64 (last version)
> Ipa server doesn’t restart correctly (using systemctl restart ipa or reboot
> the whole server) :
> # ipactl status
> Director
I don't understand the question: aren't users created by IPA command
line the same as if they are created via the web GUI?
Nicola
Il 09/07/15 13:05, Jan Pazdziora ha scritto:
On Thu, Jul 09, 2015 at 11:33:23AM +0200, Nicola Canepa wrote:
Hello.
I was trying Freeipa as an addition and (maybe)
Hello,
We are currently in the process of replacing our IdM 3.x server with 4.x.
There are going to be some major directory changes during the upgrade so I need
to keep both the old and new IdM servers up and running separately.
Part of our configuration is using the password sync between IdM an
On Thu, Jul 09, 2015 at 11:33:23AM +0200, Nicola Canepa wrote:
> Hello.
> I was trying Freeipa as an addition and (maybe) future replacement for the
> current SSO solution (custom and only for web apps).
> I was able to authenticate (via pam_exec) LDAP users on the legacy system.
> My problem is wi
On Thu, Jul 09, 2015 at 12:36:53PM +0200, Giorgio Biacchi wrote:
> On 06/29/2015 03:11 PM, Sumit Bose wrote:
> > On Mon, Jun 29, 2015 at 11:24:00AM +0200, Giorgio Biacchi wrote:
> >> On 06/29/2015 10:30 AM, Sumit Bose wrote:
> >>> On Mon, Jun 29, 2015 at 10:04:04AM +0200, Giorgio Biacchi wrote:
> >
On 06/29/2015 03:11 PM, Sumit Bose wrote:
> On Mon, Jun 29, 2015 at 11:24:00AM +0200, Giorgio Biacchi wrote:
>> On 06/29/2015 10:30 AM, Sumit Bose wrote:
>>> On Mon, Jun 29, 2015 at 10:04:04AM +0200, Giorgio Biacchi wrote:
On 06/26/2015 08:06 PM, Sumit Bose wrote:
> On Fri, Jun 26, 2015 at
I have the following configuration below and im able to login via SSH into a 32
bit server. With the same username im able to login on other servers
[root@alvin ~]# cat /etc/sssd/sssd.conf
[domain/xx.co.zw]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = xx.co.zw
id_p
Hello.
I was trying Freeipa as an addition and (maybe) future replacement for
the current SSO solution (custom and only for web apps).
I was able to authenticate (via pam_exec) LDAP users on the legacy system.
My problem is with Kerberos and FreeIPA web GUI, which don't accept LDAP
users not cr
Hi,
we are dealing with a huge number of mail aliases which are not purely user
aliases but distribution-lists, actions on distribution-list and so on
(mailman).
There was a former sendmail.schema in fedora-ds (we are using fds 21 at the
moment), which is gone (at least I didn’t find it). Is th
35 matches
Mail list logo