[Freeipa-users] Re: AddTrust CA expiration

2020-06-04 Thread Peter Lewis via FreeIPA-users
Also, sorry for the followup, but I forgot to mention. All services and communication seem to be working with the exception of the following: 1. The joining new servers to IPA as the downloads the bundle for path A still and puts in in /etc/ipa/ca.crt which will then fail on the API calls

[Freeipa-users] AddTrust CA expiration

2020-06-04 Thread Peter Lewis via FreeIPA-users
On May 30, 2020, the AddTrust CA expired as a CA. I'll get to the IPA issue after a bit of background in case everyone is not familiar. The external certs we're using are from InCommon and were cross signed by AddTrust and when we originally got the certs, the trust A path was below:

[Freeipa-users] Re: IPA -> AD trust : can't ssh with an AD user

2020-06-04 Thread Christophe BERGER via FreeIPA-users
Florence, I didn't change anything and it now works :\ Anyway I'll follow your recommandation and use external groups and so on. Merci ! ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to

[Freeipa-users] Re: Add Windows host in Freeipa

2020-06-04 Thread Alexander Bokovoy via FreeIPA-users
On to, 04 kesä 2020, dmitriys via FreeIPA-users wrote: Good day! I tried add windows host in Freeipa and get 04:05:59.302019 IP (tos 0x0, ttl 123, id 27536, offset 0, flags [none], proto UDP (17), length 205) cyberark-psm.exemple.com.54676 > ldap.exemple.com.kerberos: [udp sum ok] v5

[Freeipa-users] Re: Add Windows host in Freeipa

2020-06-04 Thread Florence Blanc-Renaud via FreeIPA-users
On 6/4/20 10:07 AM, dmitriys via FreeIPA-users wrote: Good day! I tried add windows host in Freeipa and get Hi, can you provide a little more context? What do you mean by "add windows host in Freeipa", which command are you running and what is the output? It's difficult to understand from a

[Freeipa-users] Re: IPA -> AD trust : can't ssh with an AD user

2020-06-04 Thread Florence Blanc-Renaud via FreeIPA-users
Hi, in order to use AD users or groups in HBAC/sudo rules, you need to first create an external group (ipa group-add --external extgrp) that will contain your AD users/groups, then create a posix group (ipa group-add grp) and add the external group as member of the posix group (ipa

[Freeipa-users] IPA -> AD trust : can't ssh with an AD user

2020-06-04 Thread Christophe BERGER via FreeIPA-users
Good morning all, I created a lab with freeIPA and AD with a trust. - AD domain : test.lu - IPA domain : test2.lu I have installed a Oracle Linux 8.2 VM as the client. I created a freeIPA user group : tgo_admins There are 2 members : - ipalocaluser (local IPA account) - aduser (AD account)

[Freeipa-users] Add Windows host in Freeipa

2020-06-04 Thread dmitriys via FreeIPA-users
Good day! I tried add windows host in Freeipa and get 04:05:59.302019 IP (tos 0x0, ttl 123, id 27536, offset 0, flags [none], proto UDP (17), length 205) cyberark-psm.exemple.com.54676 > ldap.exemple.com.kerberos: [udp sum ok] v5 04:05:59.303073 IP (tos 0x0, ttl 64, id 24242, offset 0,