[Freeipa-users] Deployment considerations - domain name

Hello list, I’m managing the network for my hackerspace, and we’re moving to FreeIPA (from plain LDAP) to manage internal and external services. We have some services that are hosted on public, external machines (wiki, etc.) that members would authenticate to via Ipsilon OAuth2 that are under

[Freeipa-users] Re: Problems with KeyRetrieverClass when setting up replica with CA

> On 15 Jan 2018, at 03:42, Fraser Tweedale <ftwee...@redhat.com > <mailto:ftwee...@redhat.com>> wrote: > > On Sat, Jan 13, 2018 at 11:09:59AM +0100, Aljaž Srebrnič via FreeIPA-users > wrote: >> Hello! >> Yesterday I tried migrating a physical machine (ipa

[Freeipa-users] Re: Request for input on installing IPA onto ARM/SoC boards

> On 24 Jan 2018, at 15:17, Rob Crittenden > wrote: > > This is great feedback, thanks. > > You might be able to get away with an IPA client in this case. sssd will > cache credentials. This wouldn't cover the case where someone hasn't > used

[Freeipa-users] Problems with KeyRetrieverClass when setting up replica with CA

Hello! Yesterday I tried migrating a physical machine (ipa1) that was a FreeIPA CA CRL master in my VM cluster. I followed the guide at [1] to migrate che CRL master to another replica (ipa2) and uninstalled the replica ipa1. Then I set up a VM with the same hostname and IP address as the

[Freeipa-users] Re: FreeIPA in EC2

> On 7 Feb 2018, at 21:51, Andrew Meyer via FreeIPA-users > > wrote: > > We are trying to deploy FreeIPA in our environment, this will be a mix of > local servers and server to manage auth in EC2. We have a

[Freeipa-users] Re: IPA 4.5 with radius server

> On 8 Feb 2018, at 09:43, barry...@gmail.com wrote: > > any steps for IPA relate to keybros > or it is only can do in windows ad ? I’m not really sure what you’re asking. Kerberos is a fundamental service of the FreeIPA platform. -- Aljaž Srebrnič a.k.a g5pw My

[Freeipa-users] Re: IPA 4.5 with radius server

> On 6 Feb 2018, at 10:16, barrykfl--- via FreeIPA-users > > wrote: > > Hi : > > Anyone has exp to use freeipa 4.0 above as radius server ? e.g want wifi > use radius everyone carry ldap password. > How to

[Freeipa-users] Re: Request for input on installing IPA onto ARM/SoC boards

> On 23 Jan 2018, at 14:44, Rob Crittenden via FreeIPA-users > > wrote: > > But why? > > Is it because the hardware is so cheap? Is it better/easier/cheaper than > running it in a VM on an existing box? Is it

[Freeipa-users] Problem with dnskeysincd

Hello everyone! So, this probably originated with me experimenting with DNSSEC. Things didn’t really work out, so I disabled it following these instructions [1]. Now every couple of minutes I see in my logs ipa-dnskeysync-replica crash on both replicas: replica1: > ipa-dnskeysync-replica: