Re: [Freeipa-users] (no subject)
William Muriithi wrote: > Hello Rob, > > Thanks > >>> After reading the above map page, I was hoping the below command would >>> list keys on one of the projects map. It doesn't work though. >>> >>> automount --dumpmaps map autofs map tercel >>> >>> The info page isn't also any better. I wonder if someone can explain >>> the use of these keys by an example. Would be very grateful >>> >>> " " >> >> You don't include "map" in the name of the thing. I think you want: >> >> automount --dumpmaps sss auto.projects >> > Thanks, this indeed is working. Thanks for clarifying the man page. > Its however not listing any keys on map created as child to master > using the flag below. > --parentmap=auto.master > > This seem like a bug. Could this be a corner case that was missed? Hard to say without seeing your maps and keys. You could run `ipa automountlocation-tofiles default` to see what IPA thinks things look like. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Kerberos realm for different domain
On la, 10 joulu 2016, William Muriithi wrote: Stephen Can you have a domain that belongs to a Kerberos realm with a completely different domain? For example, could example.com belong to the ANOTHERDOMAIN.COM realm as long as we control DNS for both and have all the necessary SRV and TXT records to locate it and krb5.conf is configured properly? This will indeed work. Its however highly discouraged by FreeIPA. No, it is not. For example, if you do go this way, you will never be able to establish trust relationship with Active directory as Active directory will not accept this setup. This is not true at all. Also, you will be on untested territory. I don't think may people use this setup, so the code may not be well exercised in such a setup. On the positive side, you could help FreeIPA project flash out any bug that such a setup may expose. No, this is very well charted territory. Read a number of threads we had just last week and before, last few months. In short, the situation Stephen asks an advice on is a very normal case. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Kerberos realm for different domain
Stephen > > Can you have a domain that belongs to a Kerberos realm with a completely > different domain? For example, could example.com belong to the > ANOTHERDOMAIN.COM realm as long as we control DNS for both and have all the > necessary SRV and TXT records to locate it and krb5.conf is configured > properly? This will indeed work. Its however highly discouraged by FreeIPA. For example, if you do go this way, you will never be able to establish trust relationship with Active directory as Active directory will not accept this setup. Also, you will be on untested territory. I don't think may people use this setup, so the code may not be well exercised in such a setup. On the positive side, you could help FreeIPA project flash out any bug that such a setup may expose. Regards, William -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] (no subject)
Hello Rob, Thanks >> After reading the above map page, I was hoping the below command would >> list keys on one of the projects map. It doesn't work though. >> >> automount --dumpmaps map autofs map tercel >> >> The info page isn't also any better. I wonder if someone can explain >> the use of these keys by an example. Would be very grateful >> >> " " > > You don't include "map" in the name of the thing. I think you want: > > automount --dumpmaps sss auto.projects > Thanks, this indeed is working. Thanks for clarifying the man page. Its however not listing any keys on map created as child to master using the flag below. --parentmap=auto.master This seem like a bug. Could this be a corner case that was missed? Thanks again Regards, William > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
