[Freeipa-users] freeipa-client-install error
Hi i install freeipa server base on a windows DNS server. i mean there was a windows DNS Server and while i was installing freeipa i set resolve.conf and hosts base on this windows DNS. then i installed a freeipa-client on my client server. base on instructions i changed client's resolve.conf to free-ipa IP. (mean i set DNS of my client to free-ipa-server IP) when i did freeipa-client-install it show an error: "Failed to verify that ipa-server.shs.dc is an IPA server. this may mean that the remote server is not up or reachabe due to network settings." in ipaclient-install files: "search DNS for SRV record of _ldap._tcp.shs.dc DNS record not found: timeout." of course i opened all ports in firewall and im sure the server is up. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: build of 4.6.6 on centos
lejeczek via FreeIPA-users wrote: > hi guys > > would you know if above version should build on Centos 7.6? > > Or maybe it's officially not supported, as ./configure says: > > > > checking supported IPA platform... configure: error: IPA platform centos > is not supported I'd suggest you look at the centos srpm for tips on how they build but you at least need to add this to configure: --with-ipaplatform=rhel rob ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] build of 4.6.6 on centos
hi guys would you know if above version should build on Centos 7.6? Or maybe it's officially not supported, as ./configure says: checking supported IPA platform... configure: error: IPA platform centos is not supported many thanks, L. pEpkey.asc Description: application/pgp-keys ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: Create kerberos keytab
On ti, 13 elo 2019, Boyd Ako via FreeIPA-users wrote: On to, 01 elo 2019, Boyd Ako via FreeIPA-users wrote: Are you retrieving existing key or the key does not exist yet? Created the host and the service. Not entirely sure about creating a key. What does 'ipa service-show NFS/...' show? [root@ipa binary]# ipa service-show nfs/abyss.neverland.ddns.me Principal name: NFS/abyss.neverland.ddns...@neverland.ddns.me Principal alias: NFS/abyss.neverland.ddns...@neverland.ddns.me Keytab: False Managed by: abyss.neverland.ddns.me Hosts allowed to retrieve keytab: ipa.neverland.ddns.me Does it have 'Keytab: True' in the output? Apparently no... How do I change it to true? By running ipa-getkeytab. Please read the documentation for ipa-getkeytab and note the difference in behavior when '-r' is passed. In short, if you haven't yet created a key (Keytab: False) you should not use '-r' option. If you have already generated the key (Keytab: True) and you want to retrieve it for other server (typically for clustered environment), you must use '-r' option, after setting up who is allowed to retrieve the keytab. BTW, for NFS your service principal has to be nfs/..., not NFS/ This is described in the man page for rpc.gssd, section "Machine credentials". Well the Web UI seems to have made them with caps. It does not. The code for Web UI has the following (editable) list of pre-filled values: name: 'service', label: '@i18n:objects.service.service', options: [ 'cifs', 'DNS', 'ftp', 'HTTP', 'imap', 'ldap', 'libvirt', 'nfs', 'smtp', 'qpidd' ], editable: true, and in the code of Web UI I don't see the service value normalized either way. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: Create kerberos keytab
> On to, 01 elo 2019, Boyd Ako via FreeIPA-users wrote: > Are you retrieving existing key or the key does not exist yet? Created the host and the service. Not entirely sure about creating a key. > What does 'ipa service-show NFS/...' show? [root@ipa binary]# ipa service-show nfs/abyss.neverland.ddns.me Principal name: NFS/abyss.neverland.ddns...@neverland.ddns.me Principal alias: NFS/abyss.neverland.ddns...@neverland.ddns.me Keytab: False Managed by: abyss.neverland.ddns.me Hosts allowed to retrieve keytab: ipa.neverland.ddns.me > Does it have 'Keytab: True' in the output? Apparently no... How do I change it to true? > BTW, for NFS your service principal has to be nfs/..., not NFS/ > This is described in the man page for rpc.gssd, section "Machine > credentials". Well the Web UI seems to have made them with caps. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org