Several colleagues are reporting that CredentialDelegation in tools like
PuTTY, MobaXTerm, XShell ar not working any more under Windows 11.
Are you aware of any changes here? Does Windows 11 require special
settings here?
Cheers
Ronald
--
___
FreeIP
On 09.07.25 13:54, Alexander Bokovoy wrote:
On Срд, 09 ліп 2025, Ronald Wimmer via FreeIPA-users wrote:
Currently, we operate three separate IPA instances across different
domains, each separated by firewalls. Since we require a unified user
and group base across all of them, managing this
Currently, we operate three separate IPA instances across different
domains, each separated by firewalls. Since we require a unified user
and group base across all of them, managing this setup has become quite
cumbersome.
Would it be feasible to consolidate everything into a single IPA
instan
On 08.07.25 16:48, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
Is it a good way to go this route:
https://access.redhat.com/solutions/885383
= creating a password policy with minlife=0 and maxlife=0
Or is there a better way to achieve this?
That way works
Is it a good way to go this route:
https://access.redhat.com/solutions/885383
= creating a password policy with minlife=0 and maxlife=0
Or is there a better way to achieve this?
Cheers,
Ronald
--
___
FreeIPA-users mailing list -- freeipa-users@lists.
On 23.06.25 09:49, Diogène Mutombo via FreeIPA-users wrote:
Dear FreeIPA users,
I’m encountering an issue when cloning a virtual machine that is a FreeIPA
client.
After cloning, I change both the IP address and the system hostname of the new
VM. However, I noticed that the system can still au
On 10.04.25 00:15, Ronald Wimmer via FreeIPA-users wrote:
On 09.04.25 23:22, Larkin, Patrick wrote:
> Are you using Automount?
No.
> Also, do you have lots of groups?
No.
> And are these identities part of an AD trust or completely internal
to IPA/IDM?
IPA only.
I am aware of
On 09.04.25 09:41, Ronald Wimmer via FreeIPA-users wrote:
On 14.02.25 10:35, Kroon PC, Peter wrote:
- You can authenticate to kerberos using a certificate
If this is true I could use pubkey auth for SSH and an user cert for
Kerberos, right? This idea does not sound too bad...
So how to
We are on the way to switching from AD to IPA users. We observed that
the first SSH login of an IPA user to a server takes almost 30 seconds.
Every consecutive SSH login went blazingly fast (2 seconds at max).
Initially we suspected the cache on that server. But neither that
server's SSSD cach
On 09.04.25 23:22, Larkin, Patrick wrote:
> Are you using Automount?
No.
> Also, do you have lots of groups?
No.
> And are these identities part of an AD trust or completely internal
to IPA/IDM?
IPA only.
I am aware of problems coming from large AD user bases. But we are
talking about around 2
On 09.04.25 17:02, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 09.04.25 09:12, Ronald Wimmer via FreeIPA-users wrote:
Every IPA host is shown either as enrolled or not in the WebGUI. Where
does this come from? Simply setting the enrolledBy attribute seems to
be not enough
On 09.04.25 09:12, Ronald Wimmer via FreeIPA-users wrote:
Every IPA host is shown either as enrolled or not in the WebGUI. Where
does this come from? Simply setting the enrolledBy attribute seems to be
not enough...
I have to find a way to determine if a host went out of life. At first I
On 14.02.25 10:35, Kroon PC, Peter wrote:
- You can authenticate to kerberos using a certificate
If this is true I could use pubkey auth for SSH and an user cert for
Kerberos, right? This idea does not sound too bad...
Cheers,
Ron
--
___
FreeIPA-us
Every IPA host is shown either as enrolled or not in the WebGUI. Where
does this come from? Simply setting the enrolledBy attribute seems to be
not enough...
I have to find a way to determine if a host went out of life. At first I
thought I could check if the host has an enrolledBy attribute a
Is there a way to ensure that an IPA host certificate can only be used
on a specific device? Like one can do it with a TPM module?
What other approaches would be feasible?
Cheers,
Ronald
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorah
The growing number of PCs, Notebooks, VMs, Raspberries and so on makes
me want an IPA installation at home too. Anyone using IPA @home?
If yes, how do you run it? (dedicated machine, VM, Container?) What
about DNS?
I do not quite like that IPA wont let me use a single label domain like
"lan"
We have a trust between the ipa domain (ipa.mydomain.at) and some AD
domain (windows.mydomain.at).
A user 'userxy' exists in both domains.
use...@windows.mydomain.at is not mapped into IPA as described in
https://access.redhat.com/solutions/1506103
ipadomainresolutionorder is set to
windows
Why is this function placed on the users and hosts page and not on the
user group/host group pages?
Cheers,
Ronald
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedor
On 20.02.25 10:38, Ronald Wimmer via FreeIPA-users wrote:
On 20.02.25 02:38, Rob Crittenden wrote:
Ronald Wimmer wrote:
On 19.02.25 19:37, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 19.02.25 16:40, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA
On 20.02.25 02:38, Rob Crittenden wrote:
Ronald Wimmer wrote:
On 19.02.25 19:37, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 19.02.25 16:40, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 19.02.25 15:54, Rob Crittenden via FreeIPA
On 19.02.25 16:40, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 19.02.25 15:54, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer wrote:
On 19.02.25 13:48, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer wrote:
On 13.02.25 17:42, Rob
Is the dogtag instance IPA uses comparable to RH Certificate Sytem
(https://access.redhat.com/products/red-hat-certificate-system )? Could
IPA's dogtag act as a fully fledged CA for other purposes?
Cheers,
Ronald
--
___
FreeIPA-users mailing list -- f
On 19.02.25 15:54, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer wrote:
On 19.02.25 13:48, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer wrote:
On 13.02.25 17:42, Rob Crittenden wrote:
Ronald Wimmer wrote:
On 12.02.25 19:15, Rob Crittenden wrote:
More specifics would help.
On 14.02.25 18:42, Jochen Kellner via FreeIPA-users wrote:
"Kroon PC, Peter via FreeIPA-users"
writes:
I hope this helps, and please let me know if you figure out something smarter ;)
Peter
I do call ssh with "-K", so it authenticates with Kerberos instead of
password/ssh-keys:
-K
On 13.02.25 17:42, Rob Crittenden wrote:
Ronald Wimmer wrote:
On 12.02.25 19:15, Rob Crittenden wrote:
More specifics would help. How did it not work as expected? What is the
full ACI you came up with?
The idea is that this is granted to all authenticated users EXCEPT those
in the, in your c
On 12.02.25 19:15, Rob Crittenden wrote:
More specifics would help. How did it not work as expected? What is the
full ACI you came up with?
The idea is that this is granted to all authenticated users EXCEPT those
in the, in your case, iam-managed-users and admins groups.
We did not user RBAC mu
I am aware of two cases here. The first one is that I do already have a
TGT that I can delegate to the target host and some magic fetches the
right NFS ticket for me. The second one is that I connect to the target
host and enter a password and SSSD fetches a TGT and NFS ticket for me.
Both cas
c=at)))
but it did not work as expected. Do I have to explicitly assign this
particular permission to a users group? (I thought that every users in
IPA has this particular perm by default?)
Cheers
Ron
On 12.02.25 16:02, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.25 14:34, Rob Crittenden
On 12.02.25 14:34, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 21.01.25 11:54, Ronald Wimmer via FreeIPA-users wrote:
On 14.01.25 13:06, Ronald Wimmer via FreeIPA-users wrote:
What would be the best way to do this?
Remove
"System: Change User
pas
On 21.01.25 11:54, Ronald Wimmer via FreeIPA-users wrote:
On 14.01.25 13:06, Ronald Wimmer via FreeIPA-users wrote:
What would be the best way to do this?
Remove
"System: Change User
password" permissions?
The plan I had in my mind was to add a usergroup and remove this exact
Let's say we have a host somewhatsap.mydomain.at that is member of a
hostgroup saphosts that has an HBAC rule saphhosts-ssh assigned.
The host somwhatsap.mydomain.at has another HBAC rule
(saphosts-ssh-somecountry) directly assigned.
The user we wanted to grant access to somewhatsap.mydomain.
On 28.01.25 13:33, Alexander Bokovoy wrote:
On Аўт, 28 сту 2025, Ronald Wimmer via FreeIPA-users wrote:
In an enterprise environment like ours NetApp provides NFS shares. The
last time we tried to stitch IPA and NetApp together failed because
NetApp's admin software is tailored to Wi
In an enterprise environment like ours NetApp provides NFS shares. The
last time we tried to stitch IPA and NetApp together failed because
NetApp's admin software is tailored to Windows environments.
Is there any recent experience in this matter? Or should we file a
feature request for RedHat
On 21.01.25 13:58, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
Some time ago I read an excellent blog post about this topic. But
unfortunately I cannot find it anymore...
Anyone knows what I am talking about? Any input on that matter is highly
appreciated
On 14.01.25 13:06, Ronald Wimmer via FreeIPA-users wrote:
What would be the best way to do this?
Remove
"System: Change User
password" permissions?
Right?
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubs
On 14.01.25 10:21, Ronald Wimmer via FreeIPA-users wrote:
On 11.01.25 15:29, Alexander Bokovoy via FreeIPA-users wrote:
On Чцв, 09 сту 2025, Ronald Wimmer via FreeIPA-users wrote:
On 09.01.25 13:17, Alexander Bokovoy via FreeIPA-users wrote:
On Чцв, 09 сту 2025, Ronald Wimmer wrote:
So. Let
Some time ago I read an excellent blog post about this topic. But
unfortunately I cannot find it anymore...
Anyone knows what I am talking about? Any input on that matter is highly
appreciated!
Cheers,
Ronald
--
___
FreeIPA-users mailing list -- fre
ARM runners are here: Linux arm64 hosted runners now available for free in
public repositories (Public Preview) - GitHub Changelog
https://github.blog/changelog/2025-01-16-linux-arm64-hosted-runners-now-available-for-free-in-public-repositories-public-preview/--
_
On 15.01.25 13:10, Ronald Wimmer via FreeIPA-users wrote:
I have started reading about this here
https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.html
Is it possible to use Keycloak as an IdP and let only the IPA servers
"talk" to Keycloak leaving IPA
I have started reading about this here
https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.html
Is it possible to use Keycloak as an IdP and let only the IPA servers
"talk" to Keycloak leaving IPA server and client communication as it is?
Cheers,
Ronald
--
__
What would be the best way to do this?
Cheers,
Ronald
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraprojec
On 11.01.25 15:29, Alexander Bokovoy via FreeIPA-users wrote:
On Чцв, 09 сту 2025, Ronald Wimmer via FreeIPA-users wrote:
On 09.01.25 13:17, Alexander Bokovoy via FreeIPA-users wrote:
On Чцв, 09 сту 2025, Ronald Wimmer wrote:
So. Let me summarize this information for me personally. If we
On 09.01.25 13:17, Alexander Bokovoy via FreeIPA-users wrote:
On Чцв, 09 сту 2025, Ronald Wimmer wrote:
So. Let me summarize this information for me personally. If we
create a new user in the staging area via LDAP with a clear-text
password it is impossible that the user can login using IPA's W
On 09.01.25 13:01, Alexander Bokovoy wrote:
On Чцв, 09 сту 2025, Ronald Wimmer wrote:
On 09.01.25 12:49, Alexander Bokovoy wrote:
On Чцв, 09 сту 2025, Ronald Wimmer wrote:
On 09.01.25 02:23, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 1/8/25 20:59, Rob
On 09.01.25 12:49, Alexander Bokovoy wrote:
On Чцв, 09 сту 2025, Ronald Wimmer wrote:
On 09.01.25 02:23, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 1/8/25 20:59, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 2/13/24
On 09.01.25 02:23, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 1/8/25 20:59, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 2/13/24 18:54, Christian Heimes via FreeIPA-users wrote:
On 13/02/2024 18.03, Ronald Wimmer via
On 1/8/25 20:59, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 2/13/24 18:54, Christian Heimes via FreeIPA-users wrote:
On 13/02/2024 18.03, Ronald Wimmer via FreeIPA-users wrote:
On 13.02.24 17:47, Rob Crittenden wrote:
I don't think it's p
On 2/13/24 18:54, Christian Heimes via FreeIPA-users wrote:
On 13/02/2024 18.03, Ronald Wimmer via FreeIPA-users wrote:
On 13.02.24 17:47, Rob Crittenden wrote:
I don't think it's possible to speculate without knowing your process.
This requires the cleartext password so assuming
I've read
https://github.com/freeipa/freeipa-container/issues/596#issuecomment-1988656395
for example. I am wondering if there is any progress here?
We are experimenting with K3s clusters on Raspberry Pis (5). It would be
great if FreeIPA could run inside a pod on that hardware...
--
___
I was looking for the ansible equivalent of ipalibs host_find to
retrieve a list of all enrolled IPA machines. But unfortunately I did
not find something that suits my needs... Am I missing something here?
Why do I need that? I need to fetch additional information for all
IPA-enrolled machines
On 13.02.24 18:54, Christian Heimes via FreeIPA-users wrote:
On 13/02/2024 18.03, Ronald Wimmer via FreeIPA-users wrote:
On 13.02.24 17:47, Rob Crittenden wrote:
I don't think it's possible to speculate without knowing your process.
This requires the cleartext password so assuming
On 04.09.24 20:06, Rob Crittenden wrote:
Ronald Wimmer wrote:
On 03.09.24 17:04, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer wrote:
On 20.08.24 17:56, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 14.08.24 10:50, Florence Blanc-Renaud wrote:
Hi,
On Tue, Aug 13
On 03.09.24 17:04, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer wrote:
On 20.08.24 17:56, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 14.08.24 10:50, Florence Blanc-Renaud wrote:
Hi,
On Tue, Aug 13, 2024 at 1:15 PM Ronald Wimmer via FreeIPA-users
mailto:freeipa
On 20.08.24 17:56, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 14.08.24 10:50, Florence Blanc-Renaud wrote:
Hi,
On Tue, Aug 13, 2024 at 1:15 PM Ronald Wimmer via FreeIPA-users
mailto:freeipa-
us...@lists.fedorahosted.org>> wrote:
On 13.08.24 11:35, Ronald
On 28.08.24 14:44, patrik uytterhoeven via FreeIPA-users wrote:
Hi Thx for the quick feedback
but in our case it's not needed to have same users on freeipa and AD
in fact the AD is only used for the windows servers
DNS is managed externally and there is no DHCP server everything is with fixed
I
On 28.08.24 11:25, Ronald Wimmer via FreeIPA-users wrote:
On 20.08.24 17:56, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 14.08.24 10:50, Florence Blanc-Renaud wrote:
Hi,
On Tue, Aug 13, 2024 at 1:15 PM Ronald Wimmer via FreeIPA-users
mailto:freeipa-
us
On 20.08.24 17:56, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 14.08.24 10:50, Florence Blanc-Renaud wrote:
Hi,
On Tue, Aug 13, 2024 at 1:15 PM Ronald Wimmer via FreeIPA-users
mailto:freeipa-
us...@lists.fedorahosted.org>> wrote:
On 13.08.24 11:35, Ronald
On 14.08.24 10:50, Florence Blanc-Renaud wrote:
Hi,
On Tue, Aug 13, 2024 at 1:15 PM Ronald Wimmer via FreeIPA-users
mailto:freeipa-
us...@lists.fedorahosted.org>> wrote:
On 13.08.24 11:35, Ronald Wimmer via FreeIPA-users wrote:
>
>
> On 13.08.24 11:17, Ro
On 13.08.24 11:35, Ronald Wimmer via FreeIPA-users wrote:
On 13.08.24 11:17, Ronald Wimmer via FreeIPA-users wrote:
On 13.08.24 10:20, Ronald Wimmer via FreeIPA-users wrote:
As I do not now anything about LDAP users and permissions I would
like to ask for advice in this matter.
I need
On 13.08.24 11:17, Ronald Wimmer via FreeIPA-users wrote:
On 13.08.24 10:20, Ronald Wimmer via FreeIPA-users wrote:
As I do not now anything about LDAP users and permissions I would like
to ask for advice in this matter.
I need an LDAP user that is capable of creating users in the staging
On 13.08.24 10:20, Ronald Wimmer via FreeIPA-users wrote:
As I do not now anything about LDAP users and permissions I would like
to ask for advice in this matter.
I need an LDAP user that is capable of creating users in the staging
area as well as modifying or deleting existing users.
I
As I do not now anything about LDAP users and permissions I would like
to ask for advice in this matter.
I need an LDAP user that is capable of creating users in the staging
area as well as modifying or deleting existing users.
I am aware of how to create a system user
(https://www.freeipa.o
On 05.08.24 15:55, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
I was thinking about using ipalib in a container but a look at
https://packages.debian.org/bookworm/python3-ipalib revealed a
dependency to systemd - and I do not really need systemd in the
I was thinking about using ipalib in a container but a look at
https://packages.debian.org/bookworm/python3-ipalib revealed a
dependency to systemd - and I do not really need systemd in the
container. Just wanted to do some IPA scripting tasks in a container.
What are your thoughts?
Cheers,
R
On 30.07.24 11:15, Ronald Wimmer via FreeIPA-users wrote:
Group merging works like expected as described by Alexander several
years ago in
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/WR7JQOMWCEXNABNSZGFF2FYN6ENEHEIB/?sort=date
My question is if it
Group merging works like expected as described by Alexander several
years ago in
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/WR7JQOMWCEXNABNSZGFF2FYN6ENEHEIB/?sort=date
My question is if it is possible to specify the ipa user in /etc/groups
without
On 19.06.24 10:32, Alexander Bokovoy via FreeIPA-users wrote:
On Срд, 19 чэр 2024, Ronald Wimmer via FreeIPA-users wrote:
On 17.06.24 19:53, Rob Crittenden wrote:
Ronald Wimmer wrote:
On 13.06.24 14:30, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 13.02.24 21:04, Ronald
Is there a way for preventing AD domain-local groups from being mapped
into IPA? From time to time colleagues try to use AD groups with scope
'domain local'. Personally, I do not see a use case for these groups
mapped into IPA...
Cheers,
Ronald
--
__
On 17.06.24 19:53, Rob Crittenden wrote:
Ronald Wimmer wrote:
On 13.06.24 14:30, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 13.02.24 21:04, Ronald Wimmer via FreeIPA-users wrote:
On 13.02.24 18:54, Christian Heimes via FreeIPA-users wrote:
On 13/02/2024 18.03, Ronald
On 13.06.24 14:30, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 13.02.24 21:04, Ronald Wimmer via FreeIPA-users wrote:
On 13.02.24 18:54, Christian Heimes via FreeIPA-users wrote:
On 13/02/2024 18.03, Ronald Wimmer via FreeIPA-users wrote:
On 13.02.24 17:47, Rob Crittenden
On 13.02.24 21:04, Ronald Wimmer via FreeIPA-users wrote:
On 13.02.24 18:54, Christian Heimes via FreeIPA-users wrote:
On 13/02/2024 18.03, Ronald Wimmer via FreeIPA-users wrote:
On 13.02.24 17:47, Rob Crittenden wrote:
I don't think it's possible to speculate without knowing yo
On 13.02.24 18:54, Christian Heimes via FreeIPA-users wrote:
On 13/02/2024 18.03, Ronald Wimmer via FreeIPA-users wrote:
On 13.02.24 17:47, Rob Crittenden wrote:
I don't think it's possible to speculate without knowing your process.
This requires the cleartext password so assuming
On 13.02.24 17:47, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 13.02.24 07:54, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 23:02, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 20:47, Alexander Bokovoy via FreeIPA-users
On 13.02.24 07:54, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 23:02, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 20:47, Alexander Bokovoy via FreeIPA-users wrote:
On Пан, 12 лют 2024, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 15
On 12.02.24 23:02, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 20:47, Alexander Bokovoy via FreeIPA-users wrote:
On Пан, 12 лют 2024, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 15:54, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 14
On 12.02.24 20:47, Alexander Bokovoy via FreeIPA-users wrote:
On Пан, 12 лют 2024, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 15:54, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 14:15, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 13.32, Ronald Wimmer via FreeIPA-users
On 12.02.24 14:36, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 14.15, Christian Heimes wrote:
While writing the lines above another question came up in my mind:
Is there a way to forbid password modification for IPA users so that
users are forced to do that in an external sytem?
Y
On 12.02.24 15:54, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 14:15, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 13.32, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 13:23, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 12.47, Ronald Wimmer via FreeIPA-users
On 12.02.24 14:15, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 13.32, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 13:23, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 12.47, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 12:38, Christian via FreeIPA-users
On 12.02.24 13:23, Christian Heimes via FreeIPA-users wrote:
On 12/02/2024 12.47, Ronald Wimmer via FreeIPA-users wrote:
On 12.02.24 12:38, Christian via FreeIPA-users wrote:
On 11/02/2024 22.40, Ronald Wimmer via FreeIPA-users wrote:
Remark: If I set a new password for this particular user
On 12.02.24 12:38, Christian via FreeIPA-users wrote:
On 11/02/2024 22.40, Ronald Wimmer via FreeIPA-users wrote:
Remark: If I set a new password for this particular user after the
user has been activated, it works.
We are still facing this particular problem and do not have any clue
why the
On 02.02.24 09:48, Ronald Wimmer via FreeIPA-users wrote:
On 25.01.24 19:52, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 25.01.24 15:27, Ronald Wimmer via FreeIPA-users wrote:
On 08.01.24 17:58, Alexander Bokovoy wrote:
On Пан, 08 сту 2024, Ronald Wimmer
On 25.01.24 19:52, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 25.01.24 15:27, Ronald Wimmer via FreeIPA-users wrote:
On 08.01.24 17:58, Alexander Bokovoy wrote:
On Пан, 08 сту 2024, Ronald Wimmer wrote:
On 02.01.24 17:57, Ronald Wimmer via FreeIPA-users
On 01.02.24 19:29, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
Is it possible? If yes what needs to be done?
Set nsaccountlock to TRUE/FALSE. This is an operational attribute so
when searching for it you have to specify it as an attribute you want to
see with ldapsearch
Is it possible? If yes what needs to be done?
Cheers,
Ronald
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedor
On 25.01.24 15:27, Ronald Wimmer via FreeIPA-users wrote:
On 08.01.24 17:58, Alexander Bokovoy wrote:
On Пан, 08 сту 2024, Ronald Wimmer wrote:
On 02.01.24 17:57, Ronald Wimmer via FreeIPA-users wrote:
On 02.01.24 16:27, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On
On 08.01.24 17:58, Alexander Bokovoy wrote:
On Пан, 08 сту 2024, Ronald Wimmer wrote:
On 02.01.24 17:57, Ronald Wimmer via FreeIPA-users wrote:
On 02.01.24 16:27, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 14.12.23 14:42, Alexander Bokovoy wrote:
On Чцв, 14 сне 2023
On 24.01.24 15:35, Finn Fysj via FreeIPA-users wrote:
Currently our installation of FreeIPA is done on root ('/').
Is it possible to install FreeIPA on different disk & mount path wihtout
causing too much issues?
FreeIPA consists of several components (389DS, Apache, Dogtag, Samba,
DNS, ...).
On 08.01.24 17:58, Alexander Bokovoy wrote:
On Пан, 08 сту 2024, Ronald Wimmer wrote:
On 02.01.24 17:57, Ronald Wimmer via FreeIPA-users wrote:
On 02.01.24 16:27, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 14.12.23 14:42, Alexander Bokovoy wrote:
On Чцв, 14 сне 2023
On 08.01.24 17:14, Rob Crittenden wrote:
Ronald Wimmer wrote:
On 02.01.24 17:57, Ronald Wimmer via FreeIPA-users wrote:
On 02.01.24 16:27, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 14.12.23 14:42, Alexander Bokovoy wrote:
On Чцв, 14 сне 2023, Ronald Wimmer via
On 02.01.24 16:27, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 14.12.23 14:42, Alexander Bokovoy wrote:
On Чцв, 14 сне 2023, Ronald Wimmer via FreeIPA-users wrote:
In our company we do have an IAM tool for user management. We need to
create IPA users via this particular
On 19.12.23 09:23, Ronald Wimmer via FreeIPA-users wrote:
On 14.12.23 14:42, Alexander Bokovoy wrote:
On Чцв, 14 сне 2023, Ronald Wimmer via FreeIPA-users wrote:
In our company we do have an IAM tool for user management. We need to
create IPA users via this particular tool. I am aware of all
On 14.12.23 14:42, Alexander Bokovoy wrote:
On Чцв, 14 сне 2023, Ronald Wimmer via FreeIPA-users wrote:
In our company we do have an IAM tool for user management. We need to
create IPA users via this particular tool. I am aware of all IPA
commands or API calls to create/modify or delete a
On 14.12.23 23:31, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
On 14.12.23 14:42, Alexander Bokovoy via FreeIPA-users wrote:
On Чцв, 14 сне 2023, Ronald Wimmer via FreeIPA-users wrote:
In our company we do have an IAM tool for user management. We need to
On 14.12.23 14:42, Alexander Bokovoy via FreeIPA-users wrote:
On Чцв, 14 сне 2023, Ronald Wimmer via FreeIPA-users wrote:
In our company we do have an IAM tool for user management. We need to
create IPA users via this particular tool. I am aware of all IPA
commands or API calls to create
On 14.12.23 14:42, Alexander Bokovoy wrote:
On Чцв, 14 сне 2023, Ronald Wimmer via FreeIPA-users wrote:
In our company we do have an IAM tool for user management. We need to
create IPA users via this particular tool. I am aware of all IPA
commands or API calls to create/modify or delete a user
In our company we do have an IAM tool for user management. We need to
create IPA users via this particular tool. I am aware of all IPA
commands or API calls to create/modify or delete a user.
As the tool does not support FreeIPA yet they asked if there is a way to
manage users by using LDAP on
On 12.10.23 13:22, Ronald Wimmer via FreeIPA-users wrote:
On 12.10.23 13:06, Ulf Volmer via FreeIPA-users wrote:
On 12.10.23 09:57, Ronald Wimmer via FreeIPA-users wrote:
We do have two users with the same name. One exists locally. The
other one comes from IPA.
The problem is that the sudo
On 12.10.23 13:06, Ulf Volmer via FreeIPA-users wrote:
On 12.10.23 09:57, Ronald Wimmer via FreeIPA-users wrote:
We do have two users with the same name. One exists locally. The other
one comes from IPA.
The problem is that the sudo rules also show up for the local user.
I know you do not
We do have two users with the same name. One exists locally. The other
one comes from IPA.
The problem is that the sudo rules also show up for the local user.
I know you do not officially support AIX... but would there probably be
a solution apart from naming these two users differently?
Che
1 - 100 of 513 matches
Mail list logo
