[Freeipa-users] Re: Root CA is changing in an AD Trust environment

On 6/24/20 2:01 PM, White, David via FreeIPA-users wrote: We have IdM / FreeIPA running on RHEL 7 boxes. This is a 6-node cluster that has an existing 1-way trust back to Active Directory. IdM is still acting as the CA for its own clients, and when we setup the trust, we used the following

[Freeipa-users] Re: Root CA is changing in an AD Trust environment

> Trust to Active Directory does not rely on any CA certificate or certificate > properties from Active Directory. Many Active Directory forests do not have > integrated CA at all. Thanks. That makes me feel a lot better about tonight. > However, if you have deployed IPA CA as a sub-CA of

[Freeipa-users] Re: Root CA is changing in an AD Trust environment

On ke, 24 kesä 2020, White, David via FreeIPA-users wrote: We have IdM / FreeIPA running on RHEL 7 boxes. This is a 6-node cluster that has an existing 1-way trust back to Active Directory. IdM is still acting as the CA for its own clients, and when we setup the trust, we used the following

[Freeipa-users] Re: Setting up a custom service

On ke, 24 kesä 2020, Dominik Vogt via FreeIPA-users wrote: For a test setup, we need to create a custom service running on a server and a custom application running on the client. The sample gss client/server from the Kerberos sources is used for demonstration. Setting this up with plain

[Freeipa-users] Root CA is changing in an AD Trust environment

We have IdM / FreeIPA running on RHEL 7 boxes. This is a 6-node cluster that has an existing 1-way trust back to Active Directory. IdM is still acting as the CA for its own clients, and when we setup the trust, we used the following command: ipa trust-add --type=ad example.com --admin

[Freeipa-users] Setting up a custom service

For a test setup, we need to create a custom service running on a server and a custom application running on the client. The sample gss client/server from the Kerberos sources is used for demonstration. Setting this up with plain Kerberos is easy: 1. Create the service principal with $

[Freeipa-users] Re: bad filter to find ad users

On Wed, Jun 24, 2020 at 11:40:45AM +0200, Nathanaël Blanchet via FreeIPA-users wrote: > Hello, > > I manage two independant AD domains, and I set up a trust with my > freeipa server (realm NAT.ABES.FR). > > The trust-add step is ok for both and trust are both seen as active > directory

[Freeipa-users] bad filter to find ad users

Hello, I manage two independant AD domains, and I set up a trust with my freeipa server (realm NAT.ABES.FR). The trust-add step is ok for both and trust are both seen as active directory trust: 2 trusts matched Realm name: ACME.local Domain NetBIOS name: ACME Domain