And OK, remembered this too ☺
The clocks of all servers in a Kerberos domain must be tightly sync'd and
under control of a local master clock. That's because of the timestamps in
the Kerberos tickets. Authentication fails without it. And again as with
name resolution, that config must be complete
Let me add this if I may Kent, esp for others who might go there. When you
first configure the linux server into an LDAP/AD or LDAP domain, you MUST
complete the "final production" name resolution/resolver/DNS config BEFORE
joining the domain. If you don't but later move it into that domain, it
On Mon, Feb 22, 2021, 1:47 PM Kent West wrote:
>
>
> On Mon, Feb 22, 2021 at 1:37 PM Kent West wrote:
>
>>
>>
>> On Mon, Feb 22, 2021 at 7:52 AM Nicholas Geovanis
>> wrote:
>>
>>> On Sun, Feb 21, 2021, 5:09 PM Kent West wrote:
>>>
>>> Brand new Debian box (tried Buster, then when that didn;'
On Mon, Feb 22, 2021 at 1:37 PM Kent West wrote:
>
>
> On Mon, Feb 22, 2021 at 7:52 AM Nicholas Geovanis
> wrote:
>
>> On Sun, Feb 21, 2021, 5:09 PM Kent West wrote:
>>
>> Brand new Debian box (tried Buster, then when that didn;' work, upgraded
>> tp unstable - meh, it's a test box to get
On Mon, Feb 22, 2021 at 7:52 AM Nicholas Geovanis
wrote:
> On Sun, Feb 21, 2021, 5:09 PM Kent West wrote:
>
> Brand new Debian box (tried Buster, then when that didn;' work, upgraded
> tp unstable - meh, it's a test box to get things sorted out before
> production use).
>
> Minimal setup
On Sun, Feb 21, 2021, 5:09 PM Kent West wrote:
Brand new Debian box (tried Buster, then when that didn;' work, upgraded tp
unstable - meh, it's a test box to get things sorted out before production
use).
Minimal setup (unchecked everything in TaskSel step during install; later
used TaskSel to
On Sun, Feb 21, 2021 at 8:42 PM Kent West wrote:
>
>
> On Sun, Feb 21, 2021 at 6:10 PM Tibz Loufok wrote:
>
>> Hi,
>>
>> I suppose realmd configured sssd.
>>
>
> Yes.
>
> You may need to authorize your users to login. (By using AD gpo or
>> managing it locally).
>>
>> The parameter is
On Sun, Feb 21, 2021 at 6:10 PM Tibz Loufok wrote:
> Hi,
>
> I suppose realmd configured sssd.
>
Yes.
You may need to authorize your users to login. (By using AD gpo or managing
> it locally).
>
> The parameter is access_provider.
> But you can also use realm command to allow locally some AD
Brand new Debian box (tried Buster, then when that didn;' work, upgraded tp
unstable - meh, it's a test box to get things sorted out before production
use).
Minimal setup (unchecked everything in TaskSel step during install; later
used TaskSel to add X11/Mate).
su'd to root
apt install'd
9 matches
Mail list logo
