Hi Alexander,
Indeed that did the trick: if I'm using the user@ipadomain I can now log in the
server.
Now the funny part: if I use an external domain (AD users), then I can use the
shortname... Huh...
Thanks!
___
FreeIPA-users mailing list -- freeipa
Hello IPA gurus,
I have a legacy client (Solaris) that I want to migrate to a IPA (RHEL IPA
4.6.5). Currently, it's being served by an ODSEE server for ldap.
So first I want to test if I can connect with a user in IPA, then I'll try with
an external (AD client). But I have the following issue:
Hi John,
Yes your previous setup is quite similar to what we have (and what we're
migrating away from): an LDAP server in Unix with accounts from AD that are
being synchronized.
Unfortunately our userbase is in AD (we have around 4000 users) and our *nix
userbase is also rather large (around 60
Hi Louis,
Yes, saw this in the archive and I understand the root cause, I just wanted to
know how some people work around this.
Currently I'm trying to build my own sssd 1.16 on rhel6 and see how far I can
go.
Thanks
___
FreeIPA-users mailing list -- fr
Hello all!
I'm migration our old LDAP infra to IPA 4.6.5 (rhel 7) with an external trust
to Windows. Previously, all users were their shortname because we replicated AD
users to LDAP.
Most users reside in AD, but we have *nix-only users in LDAP. Everything seems
fine for rhel7+ because sssd can
Sumit,
Ok, so on the server and the client I've set the use_fully_qualified_names to
True, restarted sssd and cleared the cache.
On the client I did id aduser@ad.domain - logs are here:
(Fri Oct 11 11:36:47 2019) [sssd[be[ipa.domain]]] [sbus_dispatch] (0x4000):
dbus conn: 0x55ded6099250
(Fri Oc
Hi Sumit,
I've tried all options:
use_fully_qualified_names = False on server and client, a matrix of true/false,
same issue...
Thanks for your help!
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
Hi, I setup an IPA realm (under rhel7) with an trust relationship to a Windows
domain. All users in AD have an idoverride to override uid and gid.
Originally, everything was working like expected: servers could resolve IPA and
external (trusted) users, I could create kerberos tickets, log-in via