From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Chris Card
Sent: Friday, January 02, 2015 8:45 AM
To: Brendan Kearney
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] ipa / sudoers on centos 6.3 client
> Subject: Re: [Freeipa-users] ipa / s
s a tty to run sudo.
So I tried by creating a sudo rule that has options '!requiretty !authenticate'
but it still complains that I need a tty. Is there a FreeIPA method that I am
lacking?
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png@01CF86FE
Hi - reply at bottom
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Monday, January 05, 2015 4:33 AM
To: Craig White; freeipa-users@redhat.com; Pavel Brezina
Subject: Re: [Freeipa-users] sudo !requiretty !authenticate
On 01/02/2015 07:47 PM, Craig White wrote
Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Craig White
Sent: Tuesday, January 06, 2015 10:17 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] sudo !requiretty !authenticate
-Original Message-
From: Lukas S
:45 AM, Pavel Březina wrote:
> On 01/07/2015 06:32 PM, Craig White wrote:
>> Still struggling with this...
>>
>> $ sudo /sbin/service pe-puppet restart
>> [sudo] password for rundeck:
>> Stopping puppet:
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Thursday, January 08, 2015 9:33 AM
To: Craig White; Martin Kosek; Pavel Březina; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] sudo !requiretty !authenticate
Craig White wrote:
> -Original Mess
> That '(root) ALL' rule doesn't come from /etc/sudoers as I thought because
> nsswitch.conf presently only uses sss for sudoers. I still don't see where it
> actually comes from though...
What groups is rundeck a member of?
-
Bingo!
Thanks Pavel/Rob
Turns out that I had long forgotten tha
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dale Macartney
Sent: Sunday, January 11, 2015 2:16 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] Group Policy-like features in FreeIPA
Morning folks
I am currently working on a little pet proj
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Mike
Sent: Tuesday, January 13, 2015 6:52 AM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] DNS updates from dhcpd refused
Hi - FreeIPA newbie here trying to enable ddns
with a cluestick?
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png@01CF86FE.42D51630]
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-
-Original Message-
From: Alexander Bokovoy [mailto:aboko...@redhat.com]
Sent: Tuesday, January 27, 2015 2:09 PM
To: Craig White
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Sign certificates with subjectAltName
On Tue, 27 Jan 2015, Craig White wrote:
>$ rpm -q ipa-ser
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Roberto Cornacchia
Sent: Tuesday, February 03, 2015 5:20 AM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] basic question on DNS configuration
Hi guys,
I can't wait to get freeIPA installed in ou
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Günther J. Niederwimmer
Sent: Monday, February 23, 2015 9:30 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Centos 7 No permission to /home/..
Hello,
Am Montag,
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Guertin, David S.
Sent: Friday, March 06, 2015 1:04 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] Can't add AD user group to IPA group
I'm on my second attempt trying to set up an IPA server
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Andrew Holway
Sent: Wednesday, March 18, 2015 9:40 AM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] SSSD in redundant configuration
Hello,
Im wondering how we should be handing SSSD for redundan
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Craig White
Sent: Wednesday, April 08, 2015 4:53 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] granular sudo commands
rpm -q sssd
sssd-1.11.6-30.el6_6.4.x86_64
rpm -q ipa-client
ipa-client
usr/sbin\:/usr/bin, !requiretty
User test2.user may run the following commands on this host:
(ALL) sudo su - tomcat, sudo su - weblogic
How should the actual command be entered? I have tried...
Su - weblogic (ignore autocapitilization)
/bin/su - weblogic
Sudo su - weblogic
Sudo /bin/su - weblogic
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Christopher Lamb
Sent: Tuesday, April 28, 2015 10:58 PM
To: Simo Sorce
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] FreeIPA WebUI Logout logs back in
HI Simo, Dmit
Might want to search the 'compat' tree
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Janelle
Sent: Tuesday, June 16, 2015 6:55 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Migration error?
Good morning,
Just a quick note. I hope that all my que
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Harald Dunkel
Sent: Wednesday, June 24, 2015 12:07 AM
To: freeipa-users
Subject: [Freeipa-users] hesitate to deploy freeipa
Hi folks,
I have a general problem with freeipa: It
t a lot further - salt to taste (and watch the line wraps)...
#!/bin/sh
#
# Script to automate adding users
#
# Updated 12/16/2014
# Craig White
#
CMD1='/usr/bin/ipa user-add'
CMD2='/usr/bin/ipa group-add-member'
TEE='/usr/bin/tee -a'
LOG='/tmp/ipa_users_add.txt&
L.enableCRLUpdates=true
Also, when I set up the second new IPA master, do I also make it a CA?
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png@01CF86FE.42D51630]
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
--
Manage your subscription
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Friday, September 11, 2015 8:46 AM
To: Rob Crittenden; Craig White; freeipa-users@redhat.com; Jan Cholasta; Jan
Cholasta
Subject: Re: [Freeipa-users] Migrating from iDM/FreeIPA RHEL 6.5 to 7.1 - CA
Server Master
On
t had ipa in them.
Is it just me?
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png@01CF86FE.42D51630]
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/ma
master
ipa4.stt.local: master
Obviously connection to ipa1 failed because in previous step, I had to shut it
down on ipa1 (ipactl stop)
What's the trick to get rid of an old, discontinued 'master' ?
Craig White
--
Manage your subscription for the Freeipa-users mailing list:
https://
-Original Message-
From: Petr Vobornik [mailto:pvobo...@redhat.com]
Sent: Thursday, September 17, 2015 4:59 AM
To: Martin Kosek; Craig White; freeipa-users@redhat.com; Jan Cholasta
Subject: Re: [Freeipa-users] last step in retiring old RHEL 6 (IPA 3.0.0)
servers
On 09/17/2015 01:15 PM
-Original Message-
From: Petr Vobornik [mailto:pvobo...@redhat.com]
Sent: Friday, September 18, 2015 1:44 AM
To: Craig White; Martin Kosek; freeipa-users@redhat.com; Jan Cholasta
Subject: Re: [Freeipa-users] last step in retiring old RHEL 6 (IPA 3.0.0)
servers
On 09/17/2015 06:19 PM
servers in FreeIPA
but also in Active Directory. Is it possible to have Active Directory use the
reverse DNS servers on iDM/FreeIPA?
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png@01CF86FE.42D51630]
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Petr Spacek
Sent: Tuesday, October 13, 2015 11:57 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] shared ip space for iDM and AD
On 14.10.2015 00:41, Craig White
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Petr Spacek
Sent: Tuesday, October 13, 2015 11:57 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] shared ip space for iDM and AD
On 14.10.2015 00:41, Craig White
You can enable it at any time...
authconfig --enablemkhomedir --update
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users
I would have thought that changes go from replica to master and not just master
to replica.
Is there something I have to do to make the changes bi-directional?
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png@01CF86FE.42D51630]
SkyTouch Technology 4225 E
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Craig White
Sent: Friday, October 24, 2014 4:02 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] multi-master replication
I would have thought that changes go from replica to master and not just
, Craig White wrote:
From: freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.com>
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Craig White
Sent: Friday, October 24, 2014 4:02 PM
To: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>
Subject: [Freeipa-
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Monday, October 27, 2014 9:26 AM
To: Craig White; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] multi-master replication
On 10/27/2014 10:12 AM, Craig White wrote:
From: freeipa-users-boun...@redhat.com<mailto:freeipa-users-b
Maybe fixed - seems to be replicating now...
https://bugzilla.redhat.com/show_bug.cgi?id=953653
Why don't they incorporate that into the released RHEL version?
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Craig White
Sent: Monday, Octob
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dmitri Pal
Sent: Monday, October 27, 2014 11:22 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] multi-master replication
On 10/27/2014 01:41 PM, Craig White wrote:
Maybe fixed - seems to be
sport endpoint is not connected)
[27/Oct/2014:17:46:05 +] slapi_ldap_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: error -1 (Can't contact LDAP server)
[27/Oct/2014:17:46:17 +] slapd_ldap_sasl_interactive_bind - Error: could
not perform interactive bi
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
Sent: Monday, October 27, 2014 1:39 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] multi-master replication
On 10/27/2014 12:41 PM, Craig White wrote:
From: freeipa-users
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png@01CF86FE.42D51630]
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
Sent: Monday
in' not to work on the master server now
when I know I tested it when I first set it up and it worked? I have done
little more than import users and groups from OpenLDAP and configure HBAC, sudo
stuff in the IPA web UI.
Craig White
System Administrator
O 623-201-8179 M 602-377-975
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dmitri Pal
Sent: Monday, October 27, 2014 5:32 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] getent passwd / group
On 10/27/2014 07:38 PM, Craig White wrote:
RHEL 6.5 - new install
ipa
From: Dmitri Pal [mailto:d...@redhat.com]
Sent: Tuesday, October 28, 2014 10:04 AM
To: Craig White; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] getent passwd / group
On 10/28/2014 12:11 PM, Craig White wrote:
From: freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Craig White
Sent: Tuesday, October 28, 2014 1:28 PM
To: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] getent passwd / group [SOLVED]
From: Dmitri Pal [mailto:d...@redhat.com
RHEL 6.5 - new install
ipa-server-3.0.0-42.el6.x86_64
389-ds-base-1.2.11.15-47.el6.x86_64
Is it safe to install the 389 DS and admin console packages and use them?
I think it would be useful to use for things like editing ACI's, etc.
Craig White
System Administrator
O 623-201-8179 M 60
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
Sent: Tuesday, October 28, 2014 3:02 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] 389 DS & admin consoles
On 10/28/2014 02:45 PM, Craig White wrote:
RHEL 6.5 - new ins
From: Dmitri Pal [mailto:d...@redhat.com]
Sent: Tuesday, October 28, 2014 5:10 PM
To: Craig White; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] getent passwd / group [SOLVED]
On 10/28/2014 04:41 PM, Craig White wrote:
From: freeipa-users-boun...@redhat.com<mailto:freeipa-users-b
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Tuesday, October 28, 2014 5:34 PM
To: Craig White; d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] getent passwd / group [SOLVED]
Craig White wrote:
> *From:*Dmitri Pal [mailt
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Michael Mercier
Sent: Friday, October
:
(ALL) ALL
$ sudo -l
[sudo] password for craig.white:
Sorry, user craig.white may not run sudo on 599330-stash001.
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png@01CF86FE.42D51630]
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
--
Manage you
| 951 B 00:00
Warning: No matches found for: /usr/lib64/libsss_sudo.so
No Matches found
Blockage identified, solution being searched
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png@01CF86FE.42D51630]
SkyTouch Technology 4225 E. Windrose Dr
-Original Message-
From: Lukas Slebodnik [mailto:lsleb...@redhat.com]
Sent: Thursday, November 06, 2014 9:34 AM
To: Craig White
Cc: t...@tetrioncapital.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] unable to sudo
On (06/11/14 15:42), Craig White wrote:
>As Bob pointed out
White wrote:
> -Original Message-
> From: Lukas Slebodnik [mailto:lsleb...@redhat.com]
> Sent: Thursday, November 06, 2014 9:34 AM
> To: Craig White
> Cc: t...@tetrioncapital.com; freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] unable to sudo
>
> On (06/1
but
that isn't working either
(&(objectclass=posixGroup)(!(objectclass=mepManagedEntry)))
How can I get rid of the these private groups?
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png@01CF86FE.42D51630]
SkyTouch Technology 4225 E. Windrose Dr. P
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Monday, November 10, 2014 3:14 PM
To: Craig White; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] getting rid of private groups
Craig White wrote:
> Trying to learn to live without private gro
Janelle, this may not be that useful but I found it worthwhile to resort to…
–skip-conncheck
When setting up the replica – pretty much for the same reason.
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png@01CF86FE.42D51630]
SkyTouch Technology 4225 E
with it safely but is
there any supportable way to rename the box, and join it again?
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png@01CF86FE.42D51630]
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
--
Manage your subscription for the
27; listed in sssd.conf? Restart SSSD if I touch the file
with puppet? Anything else I should know?
I obviously will manage /etc/nsswitch.conf and possibly
/etc/pam.d/system-auth-ac if anyone has been down this road with things to
watch for.
Craig White
System Administrator
O 623-201-8179
, Craig White wrote:
> Starting to look at managing IPA requisites from Puppet - especially because
> I have seen SSSD silently quit.
Are there any errors in either the sssd logs or the syslog?
Haven't checked yet - it's only happened a few times. One of the things that I
can
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Herb Burnswell
Sent: Tuesday, December 16, 2014 12:32 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] ldapsearch queries for audit
All,
We are running the following versions on RHEL 6.6:
ipa-s
I would not recommend that path with FreeIPA.
This is clearly the way to go with FreeIPA
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/sudo.html
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
62 matches
Mail list logo
