Using IPA to provide automount maps for NFSv4 home directories

Since the invention of NFSv4, automount NFS home directories is secure. Since the invention of IPA, its easier to set up and maintain. This article guides you trough the steps needed to set it up. The procedures have been tested on RHEL7.1 for the IPA servers, RHEL6.6 and 7.1 as clients but should work on Fedora and CentOS. Unfortunately it seems not to work (yet) for Debian Sid and Ununtu. [Update] Works in Ubuntu 14.04[/Update] Assumptions Your Domain is example.com ….Read More

hostapd can not find the wlan interface but interface is ready

Have you ever got an error when using hostapd complaining a network interface not be found but its actually there and ready? You probably have a space at the end of the line “interface”. Hostapd does not work when having a space in that line (and probably in other lines as well) in /etc/hostapd/hostapd.conf. ap:/etc/hostapd# cat -vet hostapd.conf|grep ^interface interface=wlp0s29f7u7 $ ap:/etc/hostapd# This shows that there is a space at the lines end. Remove it and it will work as ….Read More

Upgrading RHN Satellite 5.6 to 5.7

This post guides you trough the upgrade procedure for a Satellite 5.6 using the embedded database on RHEL6-x86_64. Further it guides you to setup of Kerberos authentication of Satellite users with IPA. Recently Redhat released Satellite Server 5.7. Despite Satellite 5.x will be outphased in the next few years, there are plenty of new features. The most significant new features are: Upgraded PostgreSQL to 9.2 Authentication via IPA/SSSD/Kerberos IPMI support Renewed WebUI Readonly API users And finally… drum roll…. formal ….Read More

Using OTP Tokens and 2FA with FreeIPA 4.0

On 2014-07-08 FreeIPA 4.0 was released. One of the most interesting new features is the support of two factor authentication (2FA). I was curious about how to set it up and get it running. Unfortunately the documentation does not tell much about the OTP setup. What is OTP and 2FA? An overview OTP stands for One Time Password and 2FA for two factor authentication. OTP is available since long time, in the beginning usually as a list of passwords printed ….Read More

Providing SRV and TXT records for Kerberos and LDAP with dnsmasq

What if you have an application such as OVirt/RHEV-M that relies on DNS services records and you dont have the possibility to add them to the DNS servers because the DNS admins do not like to do its job? Fake them! DNSMasq is your friend 🙂 Install dnsmasq on the server in question and configure /etc/resolv.conf to query first dnsmask on localhost. yum -y install dnsmasq chkconfig dnsmasq on Assuming your subdomain is called example.com and your ldap and kerberos ….Read More

Upgrading RHN Satellite 5.5 to 5.6

Redhat released version 5.6 of the Redhat Satellite. Time to have a closer look to it and how to upgrade from version 5.5. New features Finally PostgreSQL support is mature enough for Enterprise usage. No need of a closed source data base anymore. This also brings a lot of new capabilities such as online backups which before was only available using an external Oracle Database which needs the availability of a DBA. PostgreSQL also brings some performance benefits over the ….Read More

Intercepting proxies and spacewalk-repo-sync

More and more companies are using intercepting proxies to scan for malware. Those malware scanners can be problematic due to added latency. If you using spacewalk-repo-sync to synchronize external yum repositories to your custom software channels and experience the famous message [Errno 256] No more mirrors to try in your log files, then you need to configure spacewalk-repo-sync. Unfortunately the documentation for that is a bit hidden in the man page. You need to create a directory and create a ….Read More

Centrally manage sudoers rules with IPA Part I – Preparation

One of the features of IPA is its facility to centrally manage sudoers rules. This rules can be based on user, group memberships etc. and be constrained to one or more servers. One of the benefits you get is: You are able to define stricter sudoers rules without annoying the users. At the end your systems are more secure and more convenient for the users. Lets start. Preparation Unfortunately, sudoers via LDAP does not just work out of the box, ….Read More