On Sun, Jan 24, 2016 at 08:03:09PM +0100, Rob Verduijn wrote:
> Hi,
>
> H microsoft removes the UI, but leaves the schema extension.
> Does not really make sense, but after some googling this does seem to
> be the case.
>
> Your comment made me check google with some different keywords and I
On 2016-01-25 08:17, Winfried de Heiden wrote:
> Great,
>
> Changing
>
> /etc/ipa/kdcproxy/kdcproxy.conf
> [global]
> configs = mit
> use_dns = false
>
> to
>
> # cat /etc/ipa/kdcproxy/kdcproxy.conf
> [global]
> configs = mit
> use_dns = true
>
> along with adding the windows realm to krb5.con
On 22.1.2016 16:22, Visakh MV wrote:
> Hi team,
>
> We have plan to integrate windows ad and openshift origin with freeipa. We
> have doubt about that DNS working between those. And also needs
> configuration details of replication between those. If guys you provide any
> kind of information for a
Maybe the difference was that I used a fresh demo installation from
windows 2012r2 server.
I only added the ad-controller, dns and ntp functionality for testing.
(and all the patches...which literaly takes a day to complete on a
system with 4 cores and 4G ram)
I also found out that dnsseq is not d
Hi
I have setup a multi-master IPA and it seems to be working fine.
The clients ( laptops and servers ) are not using the DNS of IPA.
I was wondering, while configuring ipa-client, which server do I reference
to when it asks the ipa-server hostname ?
Both the master server has different hostnam
"RHEL 6.x libkrb5 has no support for KDC proxy"
Too bad, I was afraid for that
Winny
Op 25-01-16 om 08:36 schreef Alexander
Bokovoy:
HEL 6.x libkrb5 has no support for KDC proxy
--
Manage your subscription for
OK clear, many thanks!
Winny
Op 25-01-16 om 09:45 schreef Christian
Heimes:
On 2016-01-25 08:17, Winfried de Heiden wrote:
Great,
Changing
/etc/ipa/kdcproxy/kdcproxy.conf
[global]
configs = mit
use_dns = false
to
# cat /etc/
On 25.1.2016 10:47, Zeal Vora wrote:
> Hi
>
> I have setup a multi-master IPA and it seems to be working fine.
>
> The clients ( laptops and servers ) are not using the DNS of IPA.
>
> I was wondering, while configuring ipa-client, which server do I reference
> to when it asks the ipa-server hos
Thanks Petr.
So if the domain is example.com, in DNS, what would be the IP associated
with it ?
As there are 2 master servers, each of them will have different IP address.
On Mon, Jan 25, 2016 at 4:34 PM, Petr Spacek wrote:
> On 25.1.2016 10:47, Zeal Vora wrote:
> > Hi
> >
> > I have setup a m
Hello !
I recently installed a replica (master2) in addition of my master (master1)
with IPA 3.0.0-47 on RHEL6.6.
I don't know from when exactly, but the dirsrv (and the whole ipa service)
on master1 crashes regularly with the following logs.
###
[22/Jan/2016:15:38:20 +0100] - 389-Directory/1.2.1
Hi all,
When you have an ipa 4.2 server with an one way trust to the ad.
What steps are needed to install a second ipa master that also has a
one way trust to the ad ?
Rob Verduijn
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-us
On Mon, 25 Jan 2016, Rob Verduijn wrote:
Hi all,
When you have an ipa 4.2 server with an one way trust to the ad.
What steps are needed to install a second ipa master that also has a
one way trust to the ad ?
Depends on what you want to achieve.
If you want second IPA master to be able to reso
On 25.1.2016 12:08, Zeal Vora wrote:
> Thanks Petr.
>
> So if the domain is example.com, in DNS, what would be the IP associated
> with it ?
>
> As there are 2 master servers, each of them will have different IP address.
Please see following text about DNS SRV records:
https://en.wikipedia.org/w
Since the first option has less impact, that one sounds the most interesting.
However, does this also remain functional when the first ipa server is
taken offline ?
Rob Verduijn
2016-01-25 12:41 GMT+01:00 Alexander Bokovoy :
> On Mon, 25 Jan 2016, Rob Verduijn wrote:
>>
>> Hi all,
>>
>> When you
On 25/01/16 12:08, Zeal Vora wrote:
Thanks Petr.
So if the domain is example.com, in DNS, what would be the IP associated
with it ?
As there are 2 master servers, each of them will have different IP address.
On Mon, Jan 25, 2016 at 4:34 PM, Petr Spacek wrote:
On 25.1.2016 10:47, Zeal Vora w
could you get a core dump from the crash:
http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes
Ludwig
On 01/25/2016 12:08 PM, bahan w wrote:
Hello !
I recently installed a replica (master2) in addition of my master
(master1) with IPA 3.0.0-47 on RHEL6.6.
I don't know from when exa
On Mon, 25 Jan 2016, Rob Verduijn wrote:
Since the first option has less impact, that one sounds the most interesting.
However, does this also remain functional when the first ipa server is
taken offline ?
Yes. What this option enables is to allow IPA master to become 'trust
agent' which means S
On 01/23/2016 11:08 PM, Günther J. Niederwimmer wrote:
Hello,
I have installed freeIPA from a CentOS 7.2 with a replica Server, but I have
on all two masters a Error.
NSMMReplicationPlugin - replication keep alive entry already exists
This is not an error, unfortunately the message is logged
On 01/23/2016 11:08 PM, Günther J. Niederwimmer wrote:
Hello,
I have installed freeIPA from a CentOS 7.2 with a replica Server, but I have
on all two masters a Error.
NSMMReplicationPlugin - replication keep alive entry already exists
This Error i have all two Hours?
Have any a Idea what I c
On 01/25/2016 01:34 PM, thierry bordaz wrote:
> On 01/23/2016 11:08 PM, Günther J. Niederwimmer wrote:
>> Hello,
>>
>> I have installed freeIPA from a CentOS 7.2 with a replica Server, but I have
>> on all two masters a Error.
>>
>> NSMMReplicationPlugin - replication keep alive entry > 3,dc=gjn,dc
On 01/25/2016 01:43 PM, Martin Kosek wrote:
On 01/25/2016 01:34 PM, thierry bordaz wrote:
On 01/23/2016 11:08 PM, Günther J. Niederwimmer wrote:
Hello,
I have installed freeIPA from a CentOS 7.2 with a replica Server, but I have
on all two masters a Error.
NSMMReplicationPlugin - replication
Thank you,
I found root cause why "System: Read Replication Agreements" ACI is not
on replica.
https://fedorahosted.org/freeipa/ticket/5631
I have to figure out why this permission is added on centos7.2, because
IMO this bug is there from 4.0.
On 24.01.2016 03:22, Nathan Peters wrote:
I
Cool
Thanx
Rob Verduijn
2016-01-25 12:59 GMT+01:00 Alexander Bokovoy :
> On Mon, 25 Jan 2016, Rob Verduijn wrote:
>>
>> Since the first option has less impact, that one sounds the most
>> interesting.
>> However, does this also remain functional when the first ipa server is
>> taken offline ?
>
>
Hello All,
Installation Notes:
- ipa-server-4.2.0-15.el7.centos.3.x86_64
- ipa-server-trust-ad-4.2.0-15.el7.centos.3.x86_64
Configured it as a non-dns server install with a trust to server.dev, but after
I established the trust and rebooted the machine. It's looking for
krbt
Hello,
I have a trust established between Windows Active Directory and IPA.
From the IPA server I can get details about AD users but not from a
server configured as an IPA client.
[root@ipa_server ~]# getent passwd ad_user@ad_domain
ad_user@ad_domain:*:1869402973:1869402973:ADUser
Name:/home/ad_d
On Mon, Jan 25, 2016 at 10:15:42AM -0700, Cameron Christensen wrote:
> Hello,
>
> I have a trust established between Windows Active Directory and IPA.
> From the IPA server I can get details about AD users but not from a
> server configured as an IPA client.
>
> [root@ipa_server ~]# getent passwd
Thanks Alexander. Is there a place where there are example pam stacks
that work with active directory and hbac?
___
Warren Birnbaum : Infrastructure Services
Web Automation Engineer
Europe CDT Techn. Operations
Nike Inc. : Mobile +31 6 23902697
On 1/22/16, 2:44 PM, "Alexand
My system-auth-ac files looks like:
authrequired pam_env.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite pam_succeed_if.so uid >= 1000 quiet_success
authsufficientpam_sss.so use_first_pass
authrequired pam_deny.so
acco
On Mon, 25 Jan 2016, Birnbaum, Warren (ETW) wrote:
Thanks Alexander. Is there a place where there are example pam stacks
that work with active directory and hbac?
Defaults in RHEL/Fedora should be enough:
- install RHEL/Fedora,
- apply ipa-client-install,
then you get proper setup. That's what
OK. I have done this and am using the pam stack that is the result of
what you here describe.
A few threads back you mentioned that this could be a reason why my hbac
are not restricting access. I have no hbac rules currently and any active
directory user can access any host. Is there something
On Mon, 25 Jan 2016, Birnbaum, Warren (ETW) wrote:
OK. I have done this and am using the pam stack that is the result of
what you here describe.
A few threads back you mentioned that this could be a reason why my hbac
are not restricting access. I have no hbac rules currently and any active
di
31 matches
Mail list logo