Updating Fedora to version 23 – how to workaround some issues

After upgrading two machines from Fedora 22 to 23 I stumbled upon some severe issues. Most of them are easy to solve. This weekend I’ve found some time to upgrade my headless router and one of my workstations. Unfortunately is did not went that smooth like the past few upgrades. No initrd created and grub config lacks initrd reference This seems to be connected to the Plymouth issue as described here: Common F23 bugs. On my headless machine I only ….Read More

2FA with (Free) IPA. The good, the bad and the ugly

Two factor authentication (2FA) is more and more emerging which is good to enhance security. Since the release of IPA4 it comes with 2FA included. Over time I made a lot of experiments and experience I wanted to share with you. Its is easy to set up and maintain as long as you use it only for system authentication. If you are using such things as webmail, it fails. This post shows you the capabilities as they are of today. ….Read More

Migrating legacy servers to FreeIPA authentication using ID-views

ID-Views are a new feature of FreeIPA4 which allows you to map UID/GID user/group names to another. This is a very handy solution when migrating legacy servers. There are legacy servers in the field with a lot of history. They have been migrated from one operating system to another since the last decade(s). It is unfortunately also not uncommon on those legacy servers to find software with hardcoded UID/GID and/or user/group names. Along with an unknown number of scripts installed ….Read More

Using IPA to provide automount maps for NFSv4 home directories

Since the invention of NFSv4, automount NFS home directories is secure. Since the invention of IPA, its easier to set up and maintain. This article guides you trough the steps needed to set it up. The procedures have been tested on RHEL7.1 for the IPA servers, RHEL6.6 and 7.1 as clients but should work on Fedora and CentOS. Unfortunately it seems not to work (yet) for Debian Sid and Ununtu. [Update] Works in Ubuntu 14.04[/Update] Assumptions Your Domain is example.com ….Read More

hostapd can not find the wlan interface but interface is ready

Have you ever got an error when using hostapd complaining a network interface not be found but its actually there and ready? You probably have a space at the end of the line “interface”. Hostapd does not work when having a space in that line (and probably in other lines as well) in /etc/hostapd/hostapd.conf. ap:/etc/hostapd# cat -vet hostapd.conf|grep ^interface interface=wlp0s29f7u7 $ ap:/etc/hostapd# This shows that there is a space at the lines end. Remove it and it will work as ….Read More

Upgrading RHN Satellite 5.6 to 5.7

This post guides you trough the upgrade procedure for a Satellite 5.6 using the embedded database on RHEL6-x86_64. Further it guides you to setup of Kerberos authentication of Satellite users with IPA. Recently Redhat released Satellite Server 5.7. Despite Satellite 5.x will be outphased in the next few years, there are plenty of new features. The most significant new features are: Upgraded PostgreSQL to 9.2 Authentication via IPA/SSSD/Kerberos IPMI support Renewed WebUI Readonly API users And finally… drum roll…. formal ….Read More

Using OTP Tokens and 2FA with FreeIPA 4.0

On 2014-07-08 FreeIPA 4.0 was released. One of the most interesting new features is the support of two factor authentication (2FA). I was curious about how to set it up and get it running. Unfortunately the documentation does not tell much about the OTP setup. What is OTP and 2FA? An overview OTP stands for One Time Password and 2FA for two factor authentication. OTP is available since long time, in the beginning usually as a list of passwords printed ….Read More

Providing SRV and TXT records for Kerberos and LDAP with dnsmasq

What if you have an application such as OVirt/RHEV-M that relies on DNS services records and you dont have the possibility to add them to the DNS servers because the DNS admins do not like to do its job? Fake them! DNSMasq is your friend 🙂 Install dnsmasq on the server in question and configure /etc/resolv.conf to query first dnsmask on localhost. yum -y install dnsmasq chkconfig dnsmasq on Assuming your subdomain is called example.com and your ldap and kerberos ….Read More