On 25.08.2016 19:44, Rob Crittenden wrote:
Rene Trippen wrote:
Hi,
I`ve got an IPA with a broken CA infrastructure (don`t know what
happened, but new clients cannot be registered)
It is even not possible to setup a new replica.
It may be fairly straightforward to getting the CA back up. How i
Our environment has multiple FreeIPA servers and associated SRV records.
During client install, I can’t determine how each installation chooses the
value to be placed in the ipa_server property of sssd.conf.
Can Free IPA clients be configured to prefer an ldap server on its own subnet?
On a d
"Master P." writes:
> Is it possible to authenticate a user with only OTP and ssh-pubkeys?
Yes, but you need some tool managing OTP without password/PIN, which
FreeIPA doesn't seem to support. I use privacyidea to manage my OTP
tokens and have a working configuration.
> So far I have successfu
On 29.08.2016 10:34, Timo Aaltonen wrote:
> On 21.04.2016 22:01, Timo Aaltonen wrote:
>>
>> ps. Debian unstable will have 4.3.1 once the package has gone through
>> the NEW queue because the packaging got split in certain ways
>
> No it did not, because the ftpmaster rejected the upload since it s
Hello,
Is it possible to authenticate a user with only OTP and ssh-pubkeys?
So far I have successfully configured FreeIPA to use Two factor
authentication (password + OTP). I had to change the sshd_config to
achieve this by modifying the AuthenticationMethods to be:
AuthenticationMethods public
FreeIPAers,
We wanted to make it easy to add self service capabilities to FreeIPA:
* Self service password resets
* User self registration
* Workflow based access requests (and approvals)
* Reporting
We'd appreciate any thoughts or feedback:
https://www.tremolosecurity.com/open-source-identity-m
Alexander Bokovoy wrote:
On Tue, 30 Aug 2016, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Tue, 30 Aug 2016, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Tue, 30 Aug 2016, Deepak Dimri wrote:
Ok i got it now. Let me try this with role + privilege having
three set
of permissions 1)
Cory,
Thanks for the update and link. And a big thanks to everyone else for their
time looking at this. I also was able to install the referenced .deb and
now sudo works as expected.
Jeff
On Tue, Aug 30, 2016 at 12:46 PM, Cory Francis Myers <
c...@trinitymobilenetworks.com> wrote:
> Pavel Břez
On Tue, 30 Aug 2016, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Tue, 30 Aug 2016, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Tue, 30 Aug 2016, Deepak Dimri wrote:
Ok i got it now. Let me try this with role + privilege having three set
of permissions 1) memberOf hostgroup to mana
Alexander Bokovoy wrote:
On Tue, 30 Aug 2016, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Tue, 30 Aug 2016, Deepak Dimri wrote:
Ok i got it now. Let me try this with role + privilege having three set
of permissions 1) memberOf hostgroup to manage the permissions to the
hosts 2) permissio
On Tue, 30 Aug 2016, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Tue, 30 Aug 2016, Deepak Dimri wrote:
Ok i got it now. Let me try this with role + privilege having three set
of permissions 1) memberOf hostgroup to manage the permissions to the
hosts 2) permission on cn=hostgroup to manag
Alexander Bokovoy wrote:
On Tue, 30 Aug 2016, Deepak Dimri wrote:
Ok i got it now. Let me try this with role + privilege having three set
of permissions 1) memberOf hostgroup to manage the permissions to the
hosts 2) permission on cn=hostgroup to manage the hosts membership with
in the given gro
On Tue, 30 Aug 2016, Deepak Dimri wrote:
Ok i got it now. Let me try this with role + privilege having three set
of permissions 1) memberOf hostgroup to manage the permissions to the
hosts 2) permission on cn=hostgroup to manage the hosts membership with
in the given group 3) permission for "memb
Ok i got it now. Let me try this with role + privilege having three set of
permissions 1) memberOf hostgroup to manage the permissions to the hosts 2)
permission on cn=hostgroup to manage the hosts membership with in the given
group 3) permission for "member attribute" to allow add/delation of h
Pavel Březina | Tue, 30 Aug 2016 02:59:55 -0700:
> unfortunately sudo 1.8.16 introduced a bug in sssd plugin. 1.8.16
> contains a new option called netgroup_tuple, which tells whether a
> full netgroup tuply is check or only the host/user part in host/user
> check. However, the patch didn't make th
Pavel Březina | Tue, 30 Aug 2016 02:59:55 -0700:
> unfortunately sudo 1.8.16 introduced a bug in sssd plugin. 1.8.16
> contains a new option called netgroup_tuple, which tells whether a
> full netgroup tuply is check or only the host/user part in host/user
> check. However, the patch didn't make th
On Tue, 30 Aug 2016, Deepak Dimri wrote:
Hi Alexander,
Since i do not want myadmin1 to be able to add or remove the host from
other xyzhostgroups into myhostgroup membership. Is it possible that
myadmin1 only sees objects i specifically given the permissions to and
not any other hosts outside
Hi All,
Im having an issue getting a command to run properly, and the issue seems
to be with Freeipa sudo permissions. Specifically 'sudo su - app_user -c
""' prompts for a password when run.
However if I 'sudo su - app_user' and then run the '' as app_user,
it works fine.
example:
```
$ ssh r..
Let me try summarize it!
I want xyzadmin of xyzhostgroup be able to mange all the hosts with in the
xyzhostgroup - which means he should be able to delete/ add/ modify the hosts
under xyzhostgroup . This is what i currently have in the role :
myhostgroup-role (role)--> myadmin1 (admin user)-
typo correction below!
From: deepak_di...@hotmail.com
To: aboko...@redhat.com
CC: freeipa-users@redhat.com
Subject: RE: [Freeipa-users] Permission not working as expected
Date: Tue, 30 Aug 2016 09:04:36 -0400
Hi Alexander,
i did try adding the "member" effective attribute in GUI and also from
On Tue, 30 Aug 2016, Deepak Dimri wrote:
Hi Alexander,
i did try adding the "member" effective attribute in GUI and also from
the command prompt But the error is not going away when i try to delete
the host from my taphostgroup. for me it only works if i have
(&(cn=taphostgroup)(objectclass=ipaob
Hi Alexander,
i did try adding the "member" effective attribute in GUI and also from the
command prompt But the error is not going away when i try to delete the host
from my taphostgroup. for me it only works if i have
(&(cn=taphostgroup)(objectclass=ipaobject)) in the --filter, BUT then the i a
Hello,
I am having a problem introducing IPA to an organization because
FreeIPA uses User Principal Name and the organization has scripts that
will break as they expect the short username.
I had initially used trust but have since un-enrolled it from AD as I
realized I couldn't use short name wit
On Tue, 30 Aug 2016, Deepak Dimri wrote:
I did try the exact steps from the blog but alas still it did not work.
getting same error :(
I don't give rights to write to 'member' attribute in the blog. You have
to adopt to your situation, obviously.
--
/ Alexander Bokovoy
--
Manage your subscri
I did try the exact steps from the blog but alas still it did not work.
getting same error :(
p-172-31-29-153.us-west-2.compute.internal: Insufficient access: Insufficient
'write' privilege to the 'member' attribute of entry
'cn=my-hostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=co
Hi,
We use IPA to authenticate users for other systems e.g. Rundeck via
LDAP. We have a CNAME for the cluster of IPA masters and could use this
for authentication, but the connection would then be unencrypted. We
therefore use LDAPS, but this currently forces us to a single server in
the cluster s
On Tue, 30 Aug 2016, Deepak Dimri wrote:
Hi Alexander,
Thanks for the reply
i tried exact steps below but it still not working. the admin user
added to new role and privilege we have created is getting an error
when trying to add or remove host of myhostgroup.
ip-172-31-29-153.us-west-2.compute
Hi Alexander,
Thanks for the reply
i tried exact steps below but it still not working. the admin user added to
new role and privilege we have created is getting an error when trying to add
or remove host of myhostgroup.
ip-172-31-29-153.us-west-2.compute.internal: Insufficient access: Insuff
On 08/26/2016 02:15 PM, Jeff Goddard wrote:
Pavel,
I appreciate that you're busy and thank you for taking time to look at
this. Here is the output:
[root@id-management-1 ~]# ipa sudorule-show
Rule name: all
Rule name: All
Description: Full sudo access for Developer group in office environ
On Tue, 30 Aug 2016, Alexander Bokovoy wrote:
On Tue, 30 Aug 2016, Alexander Bokovoy wrote:
On Mon, 29 Aug 2016, Deepak Dimri wrote:
Hi All,
I have created below permission for my "testhostgroup" with the
expectation that this permission will only allow write permission to
the members of "testh
dear all
I'd like to ask you if it's possible to allow windows boxes
and are not members of domain to access samba shares?
I see regular domain\users + password do no work.
I'd have to do it even if it is not recommend and loosens up
security. I realize it should be all AD and trusts but for
31 matches
Mail list logo