I have configured trust between AD and IPA and Linux machines are member of
IPA domain.
When I log into any of the Linux machine and type "w" it does not list the
user AD user with which I just logged in.
Is this a expected behaviour or am I missing something?
--
Warm Regards
Supratik
On Tue, Aug 15, 2017 at 10:23:25PM +, Bhavin Vaidya via FreeIPA-users wrote:
> Hello,
>
>
> We have Kerberos authentication failing on our replica server as well as
> client. We are also not able to add any more client or replica server.
>
>
> Master FreeIPA server ds01:/etc/krb5.keytab,
Hello All,
I was wondering if anyone has written a health check script for FreeIPA?
How do you all check replication (and IPA server health)?
I did some digging and know that I can run this command to check
replication:
ldapsearch -D "cn=directory manager" -W -b "o=ipaca"
Thank you!
On Wed, Aug 16, 2017 at 10:30 AM, Ludwig Krispenz via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
>
> On 08/16/2017 03:46 PM, Anthony Clark via FreeIPA-users wrote:
>
> Hello All,
>
> I was wondering if anyone has written a health check script for FreeIPA?
>
> don't
Hi Fraser,
Thanks for the reply.
However I have both my IPA CA and third party CA, where IPA CA is self
signed and third party CA Signed by DigiCert. So if my SSL certificate is
going to expire next month, all that I need to do is to execute 'certutil
-A" alone?
I have installed FreeIPA Server
On Thu, Aug 17, 2017 at 01:14:00PM +0800, Alka Murali via FreeIPA-users wrote:
> Hi Fraser,
>
> Thanks for the reply.
>
> However I have both my IPA CA and third party CA, where IPA CA is self
> signed and third party CA Signed by DigiCert. So if my SSL certificate is
> going to expire next
uninstalling and reinstalling ipa-client cleared the problem., but the root
cause was that the ad domain was a sub domain to the ipa domain. All fixed
now.
Thanks for the help.
On Mon, Aug 14, 2017 at 3:13 PM, Jakub Hrozek via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> On
We switch our domains to ad.example.com and ipa.example.com and at least
with preliminary testing this seems to resolve the problem. It was very
misleading that Fedora 25 and 26 worked fine either way. Oh well.
Thanks for the help.
On Tue, Aug 15, 2017 at 3:18 AM, Alexander Bokovoy