in /var/lib/sss.
It still checks for both $HOME/.ssh/known_hosts $HOME/.ssh/known_hosts,
either way. (that's controlled by a different option.)
Should IPA / SSSD be adding back in the default value, until such time as it's
fixed in the upstream?
Matthew Barr
Technical Architect
E: mb
on certain servers.
That, plus the ability to change and set your password without ever logging
into a system will allow us to really use IPA effectively.(We have users
that don't use linux, and are in IPA only for LDAP Kerberos auth against web
apps.)
Matthew
Matthew Barr
Technical
How about fixing up all the replication relationships, if you're looking at
this from a (old) master w/ multiple replica's?
Matthew
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
I need to add a few users that can authenticate with IPA (LDAP, in some
cases, kerberos in others), but can't SSH into hosts.
I'm guessing the best option is to use some sort of group restriction on
the SSH /host side, vs anything else in IPA?
Thanks!
On Jan 24, 2013, at 6:53 PM, Dmitri Pal d...@redhat.com wrote:
Yes you can set it again. This is how we envisioned the feature to be used.
If it does not work it is a bug.
ipa-server-2.2.0-16.el6.x86_64, Centos 6.3
[mbarr@ipa ~]$ ipa host-mod wiki01.ayisnap.com --password=foo
ipa: ERROR:
import the users their passwords.I suspect we can just
do a clean build in the new site, and just do a migrate of the users via the
ldap method.
Thoughts? I don't anticipate moving any hardware that's enrolled from site to
site, so certs the like shouldn't be a factor.
Matthew Barr
On Jan 22, 2013, at 5:15 PM, Dmitri Pal d...@redhat.com wrote:
Which exactly LDAP method?
ldif dump and load? This would not work well unless you also manage to move
certs and kerberos master key over which is really hard.
I was assuming the ipa migrate-ds.
Thoughts? I don't
(Cannot resolve network address for KDC in realm
.COM)
As an aside, we're not having issues starting dirsrv, KDC, or the other IPA
services, just named.Named's failure then causes everything else to shut
down, though..
Matthew Barr
Technical Architect
E: mb...@snap-interactive.com
AIM
* We're using IPA for DNS as well as the kerberos LDAP services.
Is it installed with forwarders to some other DNS server? Is that server
alive and running? It is reachable?
If not you might want to add host name and IP of the IPA server into the
/etc/hosts
Yep, that was the ticket.
tables, but I can't tell enough
about the structure to delete it from IPA, and then we can just re-add it.
Anyone have any suggestions on what to do to clean this up?
Matthew Barr
Technical Architect
E: mb...@snap-interactive.com
AIM: matthewbarr1
c: (646) 727-0535
I suspect it's only exiting in some of the LDAP tables, but I can't tell
enough about the structure to delete it from IPA, and then we can just
re-add it.
Anyone have any suggestions on what to do to clean this up?
rpm -q 389-ds-base
ldapsearch -xLLL -D cn=directory manager -W
On Oct 11, 2012, at 3:50 PM, Steven Jones steven.jo...@vuw.ac.nz wrote:
HI,
Looks like I have this at present as well.
The advice off RH support is to run an ldapdelete but Im waiting on the
complete syntax off them and why its happened.
Meantime I have 2 machines in this state, no
12 matches
Mail list logo
