So i enrolled with the below settings and didn't make and changes with regards
to the KRB5KDC.Conf or add a Cname record and can authenticate with my AD user
account and obtain a ticket to this client. I thought i wouldn't be able to
without these settings changed. Am i missing something with re
On ke, 28 huhti 2021, Dominik Vogt via FreeIPA-users wrote:
On Wed, Apr 28, 2021 at 02:57:08PM +0300, Alexander Bokovoy via FreeIPA-users
wrote:
On ke, 28 huhti 2021, Dominik Vogt via FreeIPA-users wrote:
> So there is no way to prevent that someone issues administrative
> ipa command from any
On Wed, Apr 28, 2021 at 02:57:08PM +0300, Alexander Bokovoy via FreeIPA-users
wrote:
> On ke, 28 huhti 2021, Dominik Vogt via FreeIPA-users wrote:
> > So there is no way to prevent that someone issues administrative
> > ipa command from any host, except by keeping the password secret?
>
> Correct,
On ke, 28 huhti 2021, Dominik Vogt via FreeIPA-users wrote:
On Wed, Apr 28, 2021 at 01:10:08PM +0300, Alexander Bokovoy via FreeIPA-users
wrote:
On ke, 28 huhti 2021, Dominik Vogt via FreeIPA-users wrote:
> What is the correct way to disable "kinit admin" on all ipa
> clients? In our setup, be
On Wed, Apr 28, 2021 at 01:10:08PM +0300, Alexander Bokovoy via FreeIPA-users
wrote:
> On ke, 28 huhti 2021, Dominik Vogt via FreeIPA-users wrote:
> > What is the correct way to disable "kinit admin" on all ipa
> > clients? In our setup, becoming admin should only possible on the
> > ipa server.
On Wed, Apr 28, 2021 at 01:18:20PM +0300, Alexander Bokovoy via FreeIPA-users
wrote:
> On ke, 28 huhti 2021, Dominik Vogt via FreeIPA-users wrote:
> > On Wed, Apr 28, 2021 at 12:59:36PM +0300, Alexander Bokovoy via
> > FreeIPA-users wrote:
> > > Dynamic DNS updates are controlled by the propertie
On ke, 28 huhti 2021, Dominik Vogt via FreeIPA-users wrote:
On Wed, Apr 28, 2021 at 12:59:36PM +0300, Alexander Bokovoy via FreeIPA-users
wrote:
On ke, 28 huhti 2021, Dominik Vogt via FreeIPA-users wrote:
> We install a freeipa-server with a constant set of clients that
> never changes, and ins
On ke, 28 huhti 2021, Dominik Vogt via FreeIPA-users wrote:
What is the correct way to disable "kinit admin" on all ipa
clients? In our setup, becoming admin should only possible on the
ipa server. (Everything is done by scripts runn through ssh;
nobody ever logs in to the server directly.)
K
On Wed, Apr 28, 2021 at 12:59:36PM +0300, Alexander Bokovoy via FreeIPA-users
wrote:
> On ke, 28 huhti 2021, Dominik Vogt via FreeIPA-users wrote:
> > We install a freeipa-server with a constant set of clients that
> > never changes, and install the DNS server with ipa-server-install.
> > Dynamic
On ke, 28 huhti 2021, Dominik Vogt via FreeIPA-users wrote:
We install a freeipa-server with a constant set of clients that
never changes, and install the DNS server with ipa-server-install.
Dynamic DNS updates are automatically enabled.
I'm not sure what the best way is to get rid of the dynami
What is the correct way to disable "kinit admin" on all ipa
clients? In our setup, becoming admin should only possible on the
ipa server. (Everything is done by scripts runn through ssh;
nobody ever logs in to the server directly.)
Ciao
Dominik ^_^ ^_^
--
Dominik Vogt
___
We install a freeipa-server with a constant set of clients that
never changes, and install the DNS server with ipa-server-install.
Dynamic DNS updates are automatically enabled.
I'm not sure what the best way is to get rid of the dynamic update
capabilities completely. During installation ipa-dns
Thank you Rob.
Here is a quick write up, how we solved the issue.
Apparently this can happen if you have replication enabled - more than one
server for FreeIPA. My colleague removed the second server from the topology
and deleted the user on it, then he deleted the user on the first server and
Hi,
the following blog post describes your situation and may help understand
the issues with linux hosts enrolled to IPA while their domain name belongs
to AD:
https://www.redhat.com/en/blog/i-really-cant-rename-my-hosts
Hope this clarifies,
flo
On Wed, Apr 28, 2021 at 7:49 AM Ash Ryder via FreeI
14 matches
Mail list logo
