On Thu, 10 Mar 2016, Darren Poulson wrote:
Hi,
So, after I got the ipa-adtrust-install working, I tried to create a trust
between our freeipa cluster, and a new AD machine.
It seemed to run ok, and gave an output, but in the ui under trusts, there
is nothing.
[root@freeipa1-01 httpd]# ipa
As an admin, I want to get a notification when a user's password is rest,
or when they update their password, so that I can disable an user who does
not change their password a certain amount of time after it was reset.
Basically, the goal is to have a way to implement a policy like "if we
reset
Hi,
So, after I got the ipa-adtrust-install working, I tried to create a trust
between our freeipa cluster, and a new AD machine.
It seemed to run ok, and gave an output, but in the ui under trusts, there
is nothing.
[root@freeipa1-01 httpd]# ipa trust-add --type=ad ad.genops --admin
Hi,
I am trying to deploy sudo rules in FreeIPA 4.2 on Centos 7.2. I have
created 2 sudo rules, one with sudo options=!authenticate (NOPASSWD) and
the other sudo options=authenticate (PASSWD) (which I assume requires the
user to key in the password to run).
The NOPASSWD works but the one with
Thanks,
Adding with ldapmodify seems to have done the trick. Can run
ipa-adtrust-install at least. Now having other issues, but that’s for a
different thread. :)
Cheers,
Darren.
On 3/9/16, 3:17 PM, "Sumit Bose" wrote:
>On Wed, Mar 09, 2016 at 02:21:31PM +, Darren
Ash Alam wrote:
> Hello
>
> I am looking for some advice on how to make my existing clients join a
> new ipa cluster. We have an existing cluster (3.0) and after several
> attempts at upgrading we decided to just build fresh cluster (4.2) We
> now want the clients join the new cluster. It seems
Bob Hinton wrote:
> Hi,
>
> I've been trying to add a password policy for an existing user group
> called "services" in IPA version 4.2.0.
>
> ipa pwpolicy-add services
> ipa: ERROR: entry with name "services" already exists
>
> ipa pwpolicy-show services
> ipa: ERROR: services: password policy
On 03/09/2016 05:51 PM, Andrew E. Bruno wrote:
On Wed, Mar 09, 2016 at 05:21:50PM +0100, Ludwig Krispenz wrote:
On 03/09/2016 04:46 PM, Andrew E. Bruno wrote:
On Wed, Mar 09, 2016 at 10:37:05AM -0500, Andrew E. Bruno wrote:
On Wed, Mar 09, 2016 at 04:13:28PM +0100, Ludwig Krispenz wrote:
if
On Wed, Mar 09, 2016 at 05:21:50PM +0100, Ludwig Krispenz wrote:
>
> On 03/09/2016 04:46 PM, Andrew E. Bruno wrote:
> >On Wed, Mar 09, 2016 at 10:37:05AM -0500, Andrew E. Bruno wrote:
> >>On Wed, Mar 09, 2016 at 04:13:28PM +0100, Ludwig Krispenz wrote:
> >>>if the process hangs, could you get a
Hi
Somehow i picked the wrong cookbook when i provisioned my first (and
only) replica and it lacks CA aso, as pointed out in a recent thread,
creates a single point of failure. Not ready to set up more 2 replicas
yet and am still in testing. Is it possible to replicate the master's
CA to
On Wed, Mar 09, 2016 at 04:13:28PM +0100, Ludwig Krispenz wrote:
>
> On 03/09/2016 03:46 PM, Andrew E. Bruno wrote:
> >Hello,
> >
> >We had a replica fail today with:
> >
> >[09/Mar/2016:09:39:59 -0500] NSMMReplicationPlugin - changelog program -
> >_cl5NewDBFile: PR_DeleteSemaphore:
>
A really good point however I'm fortunate enough that the only items
authentication are applications. I agree with you also that it's a bit of
a Pandoras box; I've decided that it's best to leave the systems in default
state and use a tool like PWM for this self service component.
On Wed, Mar 9,
On Wed, Mar 09, 2016 at 02:21:31PM +, Darren Poulson wrote:
> Hi,
>
> Here’s what I get. The initial default range as created by freeipa and
> contains all our users, and a second one that I created for system
> accounts.
The 'ipa idrange' utility does various checks to prevent that idranges
On 03/09/2016 03:46 PM, Andrew E. Bruno wrote:
Hello,
We had a replica fail today with:
[09/Mar/2016:09:39:59 -0500] NSMMReplicationPlugin - changelog program -
_cl5NewDBFile: PR_DeleteSemaphore:
/var/lib/dirsrv/slapd-CBLS-CCR-BUFFALO-EDU/cldb/e909b405-2cb811e5-ac0b8f7e-e0b1a377.sema;
NSPR
On 03/07/2016 10:03 PM, Thomas Raehalme wrote:
> Hi!
>
> I have setup certificates for Puppet as described here:
> http://www.freeipa.org/page/Using_IPA's_CA_for_Puppet
>
> Unfortunately SELinux is giving me hard time when invoking "ipa-getcert
> request" to generate the private/public key for
Hello,
We had a replica fail today with:
[09/Mar/2016:09:39:59 -0500] NSMMReplicationPlugin - changelog program -
_cl5NewDBFile: PR_DeleteSemaphore:
/var/lib/dirsrv/slapd-CBLS-CCR-BUFFALO-EDU/cldb/e909b405-2cb811e5-ac0b8f7e-e0b1a377.sema;
NSPR error - -5943
dirsrv just hangs here. Doesn't
Hi,
Here’s what I get. The initial default range as created by freeipa and
contains all our users, and a second one that I created for system
accounts.
[root@freeipa1-01 ~]# ipa idrange-find
2 ranges matched
Range name: BUR.US.GENOPS_id_range
First Posix ID
On Wed, Mar 09, 2016 at 01:31:00PM +, Darren Poulson wrote:
> Hi,
>
> I’d tried that, but get this:
>
> [root@freeipa1-01 ~]# ipa idrange-mod _id_range --rid-base=1000
> ipa: ERROR: This command can not be used to change ID allocation for local
> IPA domain. Run `ipa help idrange` for more
Hi,
I’d tried that, but get this:
[root@freeipa1-01 ~]# ipa idrange-mod _id_range --rid-base=1000
ipa: ERROR: This command can not be used to change ID allocation for local
IPA domain. Run `ipa help idrange` for more information
Thanks,
Darren.
On 3/9/16, 9:45 AM,
To follow up on this. I think the issue is resolved.
We have 8 IPA servers. And the primary server on which this error was
occurring had 7 replication agreements! Ended up changing the replication
agreements so that 2 servers had 4 agreements (3 + 1 amongst themselves)
and all others with 2
On Wed, Mar 09, 2016 at 01:29:14AM +, Darren Poulson wrote:
> Hi,
>
> We¹re currently trying to set up an AD domain (great fun for a bunch of
> linux admins not) so that we can get authentication working with various
> bits of hardware that only support AD. We want this domain to trust our
>
On 8.3.2016 15:29, Matt Wells wrote:
> For my use case it is. Essentially the system will be application auth for
> separate groups that have no need to know of one another, almost a
> multi-tenant mode. I wanted to expose a 'self service' url. I've found a
> community ipa portal for password
22 matches
Mail list logo