[Freeipa-users] Re: Here we go again, configuring Proxmox/Debian Stretch 9.3 as a FreeIPA client

2018-01-18 Thread Andrew Radygin via FreeIPA-users
Hi Alex! I've set up on Debian 8 ipa-client recently. And here is my notes on this process, maybe it would be helpfull. 1. Enable sid repo 2. Install freeipa-client and python-sss packages 3. Update python-six to 1.10+ 4. Restart dbus service 5. ipa-client-install command In the end - I've got co

[Freeipa-users] Here we go again, configuring Proxmox/Debian Stretch 9.3 as a FreeIPA client

2018-01-18 Thread Alex Corcoles via FreeIPA-users
Hi, Now that I have my FreeIPA server working in my setup, I'd like to configure my Proxmox server as an IPA client; both for UNIX users and its web/API. As you might be aware, ipa-client-install is only in sid, and it seems to be problematic. I'm posting everything I'm doing to keep this documen

[Freeipa-users] Re: Login failed due to unknow reason on the WebUI on new FreeIPA 4.5 installation

2018-01-18 Thread Rob Crittenden via FreeIPA-users
Alexandre Pitre wrote: > chmod 644 /etc/ipa/ca.crt > chmod 660 /var/run/ipa/ccaches/admin\@IPA.DOMAIN.COM > > Fixed the issue. > > The installation was done with a 027 umask. Should I be worried that > something else may have incorrect permissions ? Not entirely sure. We

[Freeipa-users] Re: Login failed due to unknow reason on the WebUI on new FreeIPA 4.5 installation

2018-01-18 Thread Alexandre Pitre via FreeIPA-users
chmod 644 /etc/ipa/ca.crt chmod 660 /var/run/ipa/ccaches/admin\@IPA.DOMAIN.COM Fixed the issue. The installation was done with a 027 umask. Should I be worried that something else may have incorrect permissions ? Thanks for your help everyone Alex On Thu, Jan 18, 2018 at 11:22 AM, Rob Crittende

[Freeipa-users] Re: Login failed due to unknow reason on the WebUI on new FreeIPA 4.5 installation

2018-01-18 Thread Rob Crittenden via FreeIPA-users
Alexandre Pitre via FreeIPA-users wrote: > Hi, > > I recently deployed a new FreeIPA domain running on CentOS 7.4 and > FreeIPA 4.5 > > The installation went without hiccups but the WebUI isn't working as > expected. Logging in with admin failed with this error: > > Login failed due to an unknow

[Freeipa-users] Re: Certificates renewing with the wrong Subject

2018-01-18 Thread Rob Crittenden via FreeIPA-users
Roderick Johnstone via FreeIPA-users wrote: > On 16/01/2018 12:14, Roderick Johnstone via FreeIPA-users wrote: > Hi Rob > > This is all on my first master server. > > I put the clock back to when the certificates that O restore form backup > are all valid. > > I restored the databases in /etc/ht

[Freeipa-users] Re: hardening question

2018-01-18 Thread Rob Crittenden via FreeIPA-users
Natxo Asenjo via FreeIPA-users wrote: > hi, > > in chapter 36 > (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/pdf/linux_domain_identity_authentication_and_policy_guide/Red_Hat_Enterprise_Linux-7-Linux_Domain_Identity_Authentication_and_Policy_Guide-en-US.pdf >

[Freeipa-users] hardening question

2018-01-18 Thread Natxo Asenjo via FreeIPA-users
hi, in chapter 36 (https://access.redhat.com/documentation/en-us/red_hat_ enterprise_linux/7/pdf/linux_domain_identity_authentication_and_policy_ guide/Red_Hat_Enterprise_Linux-7-Linux_Domain_Identity_ Authentication_and_Policy_Guide-en-US.pdf) we have instructions on disabling anonymous binds. C

[Freeipa-users] Re: Contribute How-To: LDAP Authentication for Isilon OneFS using FreeIPA

2018-01-18 Thread Rob Crittenden via FreeIPA-users
Aravindh Sampathkumar via FreeIPA-users wrote: > Hello all. > > I'm a new user having recently deployed a FreeIPA server to supply > authentication for a small scale cluster. One of the first things I did > was to make our storage system (Isilon cluster running OneFS) use > FreeIPA as a authentica

[Freeipa-users] Contribute How-To: LDAP Authentication for Isilon OneFS using FreeIPA

2018-01-18 Thread Aravindh Sampathkumar via FreeIPA-users
Hello all. I'm a new user having recently deployed a FreeIPA server to supply authentication for a small scale cluster. One of the first things I did was to make our storage system (Isilon cluster running OneFS) use FreeIPA as a authentication provider via LDAP. Though straightforward, I wish this

[Freeipa-users] Re: Certificates renewing with the wrong Subject

2018-01-18 Thread Roderick Johnstone via FreeIPA-users
On 16/01/2018 12:14, Roderick Johnstone via FreeIPA-users wrote: On 15/01/2018 20:07, Rob Crittenden via FreeIPA-users wrote: Roderick Johnstone via FreeIPA-users wrote: On 15/01/2018 16:06, Rob Crittenden via FreeIPA-users wrote: Roderick Johnstone via FreeIPA-users wrote: Hi Our freeipa ce

[Freeipa-users] Re: how to avoid ntpd?

2018-01-18 Thread Lukas Slebodnik via FreeIPA-users
On (17/01/18 15:15), Harald Dunkel via FreeIPA-users wrote: >On 01/15/2018 09:04 PM, Rob Crittenden via FreeIPA-users wrote: >> >> That's fine but it doesn't address the original problem: he doesn't want >> anything managing the clock on his system at all: >> >> "some ipa servers in my environmen