On 2016-11-24 16:27, Adam Bishop wrote:
> I'm writing a bit of code using ipalib directly, I'm a little stuck on
> authentication though.
>
> It works fine if grab a Kerberos ticket with kinit then run the code
> interactively, but I'd like to run this as a daemon which makes maintaining a
> ti
On 2016-06-28 09:08, Mitra Dehghan wrote:
>
> Hello,
>
> I want to know how can I give directory permissions on a client to a
> domain user in FreeIPA.
>
>
> I'm using "runasuser" feature in sudo policy to give my domain users
> permission to run local services on client.
>
> Here is an examp
On 2016-04-29 18:17, Bret Wortman wrote:
> I'll put the results inline here, since they're short.
>
> [root@zsipa log]# ls -laZ /etc/httpd/
> drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 .
> drwxr-xr-x. root root system_u:object_r:etc_t:s0 ..
> drwxr-xr-x. root root system_u:obj
On 2016-04-29 16:51, Bret Wortman wrote:
> It is contacting the correct machine. I tried again by IP with the same
> results.
>
> /etc/httpd/conf.d/ipa-pki-proxy.conf is dated May 20 2014.
>
> Web UI won't load. CLI won't respond either. Commands just hang.
>
> # netstat -ln | grep 443
> tcp6
On 2016-04-29 16:08, Petr Vobornik wrote:
> On 04/29/2016 02:53 PM, Bret Wortman wrote:
>> Despite "ipactl status" indicating that all processes were running after
>> step 1, step 2 produces "Unable to establish SSL connection."
>>
>> Full terminal session is at http://pastebin.com/ZuNBHPy0
>
> Hm
On 2016-01-29 13:03, Roderick Johnstone wrote:
> On 29/01/16 10:31, Christian Heimes wrote:
>> On 2016-01-28 19:56, Roderick Johnstone wrote:
>>> On 28/01/16 13:39, Christian Heimes wrote:
>>>> On 2016-01-28 13:51, Roderick Johnstone wrote:
>>>>> Hi
On 2016-01-28 19:56, Roderick Johnstone wrote:
> On 28/01/16 13:39, Christian Heimes wrote:
>> On 2016-01-28 13:51, Roderick Johnstone wrote:
>>> Hi
>>>
>>> My netapp filer is happily doing ldap over ssl lookups for account
>>> information to my RHEL 6.
On 2016-01-28 13:51, Roderick Johnstone wrote:
> Hi
>
> My netapp filer is happily doing ldap over ssl lookups for account
> information to my RHEL 6.7 testing ipa server
> (ipa-server-3.0.0-47.el6_7.1.x86_64).
>
> However, when I switch the filer to use my RHEL 7.2 ipa server
> (ipa-server-4.2.0
On 2016-01-28 13:32, Terry John wrote:
> I'm really confused now. After the problem where my feeipa server would not
> start and I had to use the backup I'm trying to do things in small steps.
>
> Listening to everything that has been said (thanks) I edited
> slapd-/dse.ldif slapd-PKI-IPA/dse.ld
On 2016-01-25 08:17, Winfried de Heiden wrote:
> Great,
>
> Changing
>
> /etc/ipa/kdcproxy/kdcproxy.conf
> [global]
> configs = mit
> use_dns = false
>
> to
>
> # cat /etc/ipa/kdcproxy/kdcproxy.conf
> [global]
> configs = mit
> use_dns = true
>
> along with adding the windows realm to krb5.con
On 2016-01-22 11:57, Alexander Bokovoy wrote:
> - Original Message -
>> Hi all,
>>
>> I configured an IPA client using de FreeIPA 4.2 KDC Proxy something like
>> this:
>>
>> ~
>> dns_lookup_realm = false
>> dns_lookup_kdc = false
>> ~
>> [realms]
>> LINUX.EXAMPLE.COM = {
>> pkinit_anchors =
On 2016-01-22 11:25, Winfried de Heiden wrote:
> Now, is it possible to use the IPA-server as a proxy for the trusted
> Windows Domain? How...?
I haven't tried yet it but it should be possible. MS-KKDCP requests are
prefixed with the requested realm name. You have to configure the
mapping from rea
7;s ldap client and Apache Directory Studio. It may not work with
other clients, especially older clients or clients in FIPS mode.
Christian
# Harden TLS/SSL configuration of 389-DS
#
# Christian Heimes
#
# $ sudo ipa-ldap-updater slapd_ssl.uldif
# $ sudo ipactl restart
dn: cn=encryption,cn=c
On 2016-01-21 17:54, Terry John wrote:
>>> I've been trying to tidy the security on my FreeIPA and this is
>>> causing me some problems. I'm using OpenVAS vulnerability scanner and
>>> it is coming up with this issue
>>>
>>> EXPORT_RSA cipher suites supported by the remote server:
>>> TLSv1.0: TLS_
On 2016-01-21 15:51, Martin Kosek wrote:
> On 01/21/2016 03:31 PM, Terry John wrote:
>> I've been trying to tidy the security on my FreeIPA and this is causing me
>> some problems. I'm using OpenVAS vulnerability scanner and it is coming up
>> with this issue
>>
>> EXPORT_RSA cipher suites suppor
On 2015-11-30 17:48, Martin Basti wrote:
> If I did read logs right, there was ipa-server-installed, CA
> uninstallation failed and now IPA server install is failing because new
> CA cannot be installed due the old instance of CA.
Martin, you are right. Daniel didn't mention reinstallation in his
On 2015-11-30 16:27, Rob Crittenden wrote:
> Christian Heimes wrote:
>> On 2015-11-30 12:51, Martin Basti wrote:
>>>
>>>
>>> On 28.11.2015 00:14, Rob Crittenden wrote:
>>>> Martin Štefany wrote:
>>>>> Hello,
>>>>>
On 2015-11-30 12:51, Martin Basti wrote:
>
>
> On 28.11.2015 00:14, Rob Crittenden wrote:
>> Martin Štefany wrote:
>>> Hello,
>>>
>>> I remember experiencing this, but I'm not sure of solution. I think it's
>>> related to apache (httpd) and his group.
>>>
>>> My notes for IPA installation on Cent
18 matches
Mail list logo
