Re: [Freeipa-users] Sudo privilege inheritance in FreeIPA (3.0.x branch)

Sorry for not defining the question. The question for this is: Are sudo rules supposed to be inherited in the same manner as HBAC rules? >From the case above, all my HBAC rules are working fine with indirect membership, but sudo only works with direct membership. I also saw the Tech preview SSSD

[Freeipa-users] [freeipa-users] Problem managing Autofs with FreeIPA

Hello, I am attempting to configure autofs to automount home directories from an NFS server. I'm following these instructions as this was the only contiguous "here's what you need to do" instructions as the FreeIPA and Fedora documentation seems to contradict itself, and there's no clear cut a.

[Freeipa-users] ca install fails upgrading to 4.2.0

Hi, I'm trying to create an ipa replica from ipa-server-3.0.0-47/pki-ca-9.0.3-45 to ipa-server-4.2.0-15/pki-ca-10.2.5-6 and cannot get the install to complete. The CS is configured as a sub to an external CA. I keep getting the same error when running the replica-install. Digging into pki-ca's

Re: [Freeipa-users] SSSD Crash Causing Inaccessibility

On (29/01/16 14:08), Jeff Hallyburton wrote: >Lukas, > >Installed versions of sssd: > ># rpm -qa | grep -i sssd > >sssd-common-1.13.0-40.el7_2.1.x86_64 > >sssd-ipa-1.13.0-40.el7_2.1.x86_64 > >sssd-1.13.0-40.el7_2.1.x86_64 > >sssd-krb5-common-1.13.0-40.el7_2.1.x86_64 >

Re: [Freeipa-users] [SSSD-users] Re: heads-up: new code to fetch sudo rules from an IPA server coming to Fedora and RHEL-6

On Sun, Jan 31, 2016 at 09:58:40PM +0100, Michael Ströder wrote: > Jakub Hrozek wrote: > > the sssd's code that fetches sudo rules from the IPA server got an > > overhaul recently. The search would no longer be performed against the > > compat tree, but against IPA's native LDAP tree. This would

[Freeipa-users] Sudo privilege inheritance in FreeIPA (3.0.x branch)

I am trying to implement FreeIPA in a larger environment. Due to the complexity of the environment I've been constructing a user group structure such that i have groups at the following levels: project --> project_at_site --> project_site_vendor HBAC rules are defined at the lowest level (vendor

Re: [Freeipa-users] [SSSD-users] heads-up: new code to fetch sudo rules from an IPA server coming to Fedora and RHEL-6

Jakub Hrozek wrote: > the sssd's code that fetches sudo rules from the IPA server got an > overhaul recently. The search would no longer be performed against the > compat tree, but against IPA's native LDAP tree. This would have the > advantage that environments that don't use the slapi-nis'

Re: [Freeipa-users] [Centos7.2 Freeipa 4.2] browser : your session has expired

On 01/31/2016 09:49 AM, wodel youchi wrote: Hi, I miss explained myself apparently, here it is: I open a session with login/password, I do some work, I left it for a while, the session disconnects which is normal. I come back, I try to authenticate with login/password it keeps telling me :