[Freeipa-users] Re: FreeIPA-users Digest, Vol 7, Issue 22

> > I think the better reference in the documentation is > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-legacy > > If there is a trust to an AD forest and 'ipa-adtrust-install > --enable-compat' was called. there will be a special

[Freeipa-users] Re: Expired passwords and generating an OTP token

Hi the list. .I'd consider createing a permission with permission-add, but there is no token object type. [hicksaw@hpch2fa02 ~]$ ipa permission-add mangage-otptoken --right=all --bindtype=permission --type=token ipa: ERROR: invalid 'type': "token" is not an object type Even though

[Freeipa-users] Re: Expired passwords and generating an OTP token

Hello the List, This turned out to be a workflow issue, we still have a problem but this first use case works. In the case of a user with an invalid password (none or expired) with no OTP token they can reset their password and ask IPA to create an OTP token for them. 1. Helpdesk

[Freeipa-users] Re: adding puppet to FreeIPA

Excellent, Thank you for the help. On Tuesday, November 21, 2017 3:01 PM, Rob Crittenden via FreeIPA-users wrote: Andrew Meyer via FreeIPA-users wrote: > Ok now I am trying to add puppet to my FreeIPA environment.  Following > the instructions >

[Freeipa-users] DNS fails to reply the ipa zone records

Bind seems to work fine. When queried about a record it logs the answer fine (even for external domains). However it fails to answer any ipa local zone request. e.g. resolve it own host query: -- 8< -- 21-Nov-2017 13:52:06.419 client: debug 3:

[Freeipa-users] Re: Autentification in application with freeipa

Николай Савельев via FreeIPA-users wrote: > Hi. > I asked about Owncloud, Zimbra, etc autentification in freeipa with AD trust. > I was offered to use SAML. > But I dont undestand SAML. It very dificult for me. > I only want use LDAP for autentification as in this artikle >

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

Hoi, Anyone out there with experience of whether or not adding a replica of more recent version (4.4.4 and 389 dir 1.3.7.5-1 up from 4.4.3 with 389 dir 1.3.5.15-2) would impact the existing servers in terms of schema or similar? I'm still trying to find a safe way to upgrade safely without going

[Freeipa-users] Re: Unexpected ipa usa behaviour

On Tue, Nov 21, 2017 at 09:05:29AM +0100, Ronald Wimmer via FreeIPA-users wrote: > Hi, > > in IPA I defined a user called isomeuser. This username does definitely not > exist on the AD side. > > When I log in as root to an IPA client and issue the su command, I am > isomeuser@ad.domain. If I do

[Freeipa-users] Re: Invalid ticket for NFS4 mount

On Tue, Nov 21, 2017 at 08:36:16AM +0100, Ray via FreeIPA-users wrote: > Hi, > > yesterday I noticed a strange issue on a Centos 7 client running > ipa-client-4.5.0-21.el7.centos.2.2.x86_64: > > My daughter tried to log in to the machine and was kicked out again after > GNOME failed to load