On Sat, Nov 21, 2015 at 02:21:52AM +, Jeffrey Stormshak wrote:
> Rob -
> Here’s the test configurations/data when I manipulate the BINDDN/BINDPW
> fields to get get both AUTH and SUDO to work in Linux 5.5. I have three
> questions below that I would like to get your comments on or see what
On 11/20/2015 08:16 PM, Rob Verduijn wrote:
> Hello,
>
> I've tested the solution you suggested it doesnt work
> I think ovirt-engine looks for the other users in the same context as
> the bind user, it will ofcourse find not many there,
Ah, I see. oVirt apparently expects the users to be only
Hi there,
Although I can't see anything failing, the logs of all clients in my IPA
domain (FC22, freeipa 4.1.4) contain lots of these failures every day:
nov 23 10:43:34 hadron.hq.example.com gssproxy[742]: (OID: { 1 2 840 113554
1 2 2 }) Unspecified GSS failure. Minor code may provide more
On 11/23/2015 04:44 AM, Orion Poplawski wrote:
Trying to install freeipa-server on Fedora 23. When I try to connect to
the web UI from a non-domain EL7 client with firefox I get:
Runtime error
Web UI got in unrecoverable state during "init" phase
Technical details:
The operation is insecure.
Hi all,
For some reason, we only want to use the Active Directory user
from an Active Directory using a Trust. (groups like "Domain
Users" are of no use...)
Is it possible to ignore (hide) ALL groups from a particular
Domain (trust)/
On 11/20/2015 04:44 PM, Karl Forner wrote:
Hello,
My server runs ubuntu 14.04 and uses sssd 1.12.5-1~trusty1.
The freeipa server runs inside a docker (an adelton/freeipa-server), and
the docker host pretends to be the freeIPA server by forwarding the
appropriate ports.
This works very fine.
On Fri, Nov 20, 2015 at 04:44:38PM +0100, Karl Forner wrote:
>
> My server runs ubuntu 14.04 and uses sssd 1.12.5-1~trusty1.
> The freeipa server runs inside a docker (an adelton/freeipa-server), and
> the docker host pretends to be the freeIPA server by forwarding the
> appropriate ports.
Is
On 11/23/2015 04:50 AM, Petr Vobornik wrote:
On 11/23/2015 04:44 AM, Orion Poplawski wrote:
Trying to install freeipa-server on Fedora 23. When I try to connect to
the web UI from a non-domain EL7 client with firefox I get:
Runtime error
Web UI got in unrecoverable state during "init" phase
Jakub/Rob -
Thanks for the feedback. I was finally able to ditch the ‘binddn’ and was able
to get SSL working upon upgrading the OpenSSL from the 5.5 base to the one
supplied in 5.7 base. The SSL is fully authenticating and with sudo access.
However, I’m riddled by the following item below.
Jeffrey Stormshak wrote:
> Jakub/Rob -
> Thanks for the feedback. I was finally able to ditch the ‘binddn’ and
> was able to get SSL working upon upgrading the OpenSSL from the 5.5 base
> to the one supplied in 5.7 base. The SSL is fully authenticating and
> with sudo access. However, I’m
On Wed, 2015-11-18 at 11:46 +0100, Domineaux Philippe wrote:
> Here is my environment :
>
> 1 Windows Domain
> Windows workstations
> Windows servers
> Multiple linux domains
> Linux workstations
> Linux servers
>
> Here is my goal :
>
> All users are centralized in the Active Directory.
>
Hi all,
I created some hbac rule on freeipa-server 4.1.4 on Fedora 22
# ipa hbacrule-show testuser
Rule name: testuser
Enabled: TRUE
Users: testuser
Hosts: fedora23-server.blabla.bla
Services: sshd
Hence, "
On Tue, 2015-11-17 at 21:36 -0500, Marc Boorshtein wrote:
> I'm putting together a java kerberos client and am having an issue
> getting a SGT form IPA. I get a TGT without issue, but when I submit
> the TGS-REQ I get the following errors in the ipa log:
>
> Nov 17 20:53:15 freeipa.rhelent.lan
On Mon, Nov 23, 2015 at 04:43:11PM +0100, Winfried de Heiden wrote:
>Hi all,
>
>One motivation: the customer demands like this...
Yes, but why? It doesn't make sense to me..
>Also: ignore Windows specific group info which is not important for the
>Linux domain
>Also: too
We actually tracked it down. The problem was the Authenticator was
missing the authenticatorkvno field per the RFC. Once we set that to
5 we got past this issue.
IPA 4.1 on CentOS7
Thanks
Marc Boorshtein
CTO Tremolo Security
marc.boorsht...@tremolosecurity.com
On Mon, Nov 23, 2015 at 10:38
On 20.11.2015 18:37, Karl Forner wrote:
Thanks Martin.
My expected numbers: users ~ 50 max, concurrent clients/sessions < 20,
hosts < 20.
I was thinking about a server with an old intel cpu, 4Gb RAM and smal
HDD or USB key-based storage + an ethernet port.
I have no idea if it is a common
On Mon, 2015-11-23 at 10:41 -0500, Marc Boorshtein wrote:
> We actually tracked it down. The problem was the Authenticator was
> missing the authenticatorkvno field per the RFC. Once we set that to
> 5 we got past this issue.
Ok, then we'll considered this solved, thanks for following up.
Hi all,
One motivation: the customer demands like this...
Also: ignore Windows specific group info which is not important
for the Linux domain
Also: too much groups!
If it's a sssd thing, this might be solved on the
On Mon, Nov 23, 2015 at 04:55:31PM +0100, Winfried de Heiden wrote:
>Hi all,
>
>I created some hbac rule on freeipa-server 4.1.4 on Fedora 22
>
># ipa hbacrule-show testuser
> Rule name: testuser
> Enabled: TRUE
> Users: testuser
> Hosts:
On Mon, Nov 23, 2015 at 05:16:26PM +0100, Jakub Hrozek wrote:
> On Mon, Nov 23, 2015 at 04:55:31PM +0100, Winfried de Heiden wrote:
> >Hi all,
> >
> >I created some hbac rule on freeipa-server 4.1.4 on Fedora 22
> >
> ># ipa hbacrule-show testuser
> > Rule name: testuser
> >
20 matches
Mail list logo
