[Freeipa-users] Re: Access issues with SSH/IPA

On Thu, Jun 15, 2017 at 04:28:13AM -, john.bowman--- via FreeIPA-users wrote: > After upping the log levels on sssd on one of the failing servers I saw this > in one of the sssd log files: > > from sssd_pamd.log: > > (Wed Jun 14 23:16:05 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): >

[Freeipa-users] Re: Certificate renewals with external CA

On Fri, 9 Jun 2017, I wrote: In short, that didn't go particularly well at all, which in some ways brings me back to the original as-yet-unanswered deployment question: Is trying to do this with an external CA worth the pain? Three attempts at this question, and zero answers... Can I at lea

[Freeipa-users] Re: Access issues with SSH/IPA

After upping the log levels on sssd on one of the failing servers I saw this in one of the sssd log files: from sssd_pamd.log: (Wed Jun 14 23:16:05 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/domain.tld/jbowman] (Wed Jun 14 23:16:05 2017) [sssd[pam]]

[Freeipa-users] Re: Query about the configuration on the High Availability of the FreeIPA

I have done a simple verification without the option "--server" with embedded DNS, it works. Thanks to all On Mon, Jun 12, 2017 at 7:00 PM, Arpit Tolani wrote: > Hello > > I am sorry, I am not sure but if your client hostname is within > correct domain, I think you dont need to give domain & re

[Freeipa-users] Re: FreeIPA - Active Directory integration and domain names

Well, technically, I don't think IPA needs DNS entries simply for synchronization, so you could technically give it the same domain suffix. However, if you plan on using it for the purpose of clients to connect, it will need to be on its own domain.  The reason it is highly suggested for d

[Freeipa-users] Re: FreeIPA - Active Directory integration and domain names

Yes Sent via carrier pigeons Original message From: bogusmaster--- via FreeIPA-users Date: 6/14/17 6:06 AM (GMT-05:00) To: freeipa-us...@redhat.com Cc: bogusmas...@o2.pl Subject: [Freeipa-users] FreeIPA - Active Directory integration and domain names Hi, I have

[Freeipa-users] Access issues with SSH/IPA

So yesterday we upgrade our older IPA 3.x servers (RHEL 6.8) to the latest and greatest (RHEL 6.9) and it seemed to be working as expected. Came in the next day and older IPA 4.2 server (RHEL 7.2) was having issues so thought it would be a good time patch it up to the latest (IPA 4.4 and RHEL 7.3

[Freeipa-users] Re: How to Setup FreeIPA Services for Mac OS X 10.12

We run almost the exact same setup...Which is sufficient, but not as great as it could be (Basically the password changing issues you've noted). We've also noticed that a single bad login attempt gets counted multiple times on the IPA server, so you can get locked accounts quicker than expected

[Freeipa-users] Re: IPA Compat + ID Views + AIX 7.1

Is there a way for the compat view to respond to both fully qualified and short uids? IBM seems to require that for trust to work Verzonden vanaf mijn Samsung-apparaat Oorspronkelijk bericht Van: "Hummelink, Wouter" Datum: 22-05-17 15:46 (GMT+01:00) Aan: freeipa-users@list

[Freeipa-users] How to Setup FreeIPA Services for Mac OS X 10.12

Hello All, I have recently submitted a How/To for FreeIPA. I'd very much appreciate any feedback or editing on it- I don't want to link to it without a review. Thanks! -- *Jason Sherrill* Deeplocal Inc.

[Freeipa-users] FreeIPA - Active Directory integration and domain names

Hi, I have a question regarding establishing one-way trust between FreeIPA and Active Directory. In the documentation it is stated that to use a cross-forest trust it is required for FreeIPA to have a different domain than that of Active Directory. Does it also apply to the synchronization sc

[Freeipa-users] Re: Hoping it is something simple - CA install error?

On Wed, Jun 14, 2017 at 08:27:09AM -0500, Kat via FreeIPA-users wrote: >Hi all, > >Having a problem with a new server install on RHEL 7 - > >Done configuring directory server (dirsrv). >Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 >seconds > [1/31]: creating certifica

[Freeipa-users] Hoping it is something simple - CA install error?

Hi all, Having a problem with a new server install on RHEL 7 - Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds [1/31]: creating certificate server user [2/31]: configuring certificate server instance ipa.ipaserv