Hi list!
I'm having a problem where a, in this case, IMAP server (dovecot), configured
to do auth via GSSAPI,
doesn't authenticate clients coming from the NATed IP it has. Physically it
only has a private IP
attached (10.1.0.0/8) but it also has a NATed public IP from the internet. The
NAT is
Ok.. something else must be causing trouble because it works if I use the IPv4
public address, but
it doesn't work with the IPv6 one (even though I have communication with it).
Any ideas would be appreciated ;)
On Sun, 2022-08-14 at 15:12 +0100, Carlos Mogas da Silva via FreeIPA-users
wrote
On 2022-12-14 14:34, Alexander Bokovoy via FreeIPA-users wrote:
Thanks. I also asked for krb5 configuration: /etc/krb5.conf and files
included from it, I think they are in /etc/krb5.conf.d and
/var/lib/sss/pubconf/krb5.include.d
You can see a full list of the directories with
grep includedir
On 2022-12-14 14:19, Alexander Bokovoy via FreeIPA-users wrote:
Could you please share your Dovecot and krb5 configuration on that
Dovecot server?
It is hard to help without seeing anything.
Sure mate. This was what I could think of that was relevant. If there's
anything missing just ask.
On 2022-12-14 14:48, Alexander Bokovoy via FreeIPA-users wrote:
On ke, 14 joulu 2022, Carlos Mogas da Silva wrote:
# egrep -v "^\s*#|^$" /var/lib/sss/pubconf/krb5.include.d/*
/var/lib/sss/pubconf/krb5.include.d/domain_realm_int_r3pek_org:[domain_realm]
On Wed, 2022-12-14 at 17:02 +0200, Alexander Bokovoy via FreeIPA-users wrote:
>
> The external domain is r3pek.org, you mean. Just add
>
> _kerberos.r3pek.org TXT "INT.R3PEK.ORG"
>
> TXT record to your public domain. You also would need to add
> {smtp,imap}/mail01.r3pek.org as a principal
Hi list!
I'm migrating my server into a new REALM (INT.R3PEK.ORG) from an old one
(R3PEK.ORG). This is a completely new install and configuration, so no
leftovers exits.
The machine is correctly register into the REALM and users are able to
login without a problem.
Now, when I try to login
On 23/02/23 21:46, Rob Crittenden via FreeIPA-users wrote:
Carlos Mogas da Silva via FreeIPA-users wrote:
Hi list!
I'm trying to figure out a way to get certmonger to manage vhost
certificates using FreeIPA. I'm able to use it to generate and renew
certificates for the host itself (`host1
Hi list!
I'm trying to figure out a way to get certmonger to manage vhost certificates using FreeIPA. I'm able to use it to
generate and renew certificates for the host itself (`host1.example.com`), but what if I have several websites managed
on this same host (`webapp1.example.com` and
On 27/02/23 07:29, Alexander Bokovoy via FreeIPA-users wrote:
On la, 25 helmi 2023, Carlos Mogas da Silva via FreeIPA-users wrote:
Thanks for the pointer Alexander. I actually did search the list, but searched for
"vhost" :P
Anyway, I did as in the thread you mentioned, the only
Thanks Rob!
Just to make it clear (at least for me), do I need to add a Principal Alias to
the Host/Service with the new domain?
As in, HOST/host1.example@example.com needs to have an alias to
HTTP/webapp1.example@example.com?
You should not do that. Instead, create a host object in
11 matches
Mail list logo