Re: [Freeipa-users] Authenticating windows users

2017-03-23 Thread Loris Santamaria
pen anytime soon (sad face).  I'm open to -all- > ideas, even if it is a paid solution (not sure if centrify and the > likes can sync up to FreeIPA/IDM).  > > thanks > > > --  Loris Santamaria   linux user #70506   xmpp:lo...@lgs.com.ve Links Global Services, C.A.   

Re: [Freeipa-users] Assistance with Samba share intergration with IPA

2017-01-05 Thread Loris Santamaria
fy_ticket) > Dec 28 17:49:41 manganese smbd[30221]:   krb5_rd_req failed (Wrong > principal in request) Check that you're using the proper realm and workgroup in smb.conf, that the principal used by samba is cifs/@ Best regards -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.v

Re: [Freeipa-users] FreeIPA and Samba

2016-10-11 Thread Loris Santamaria
> > > > > > > > >   If I understand clearly, samba's client must be present in  > > > > > > > > > >   FreeIPA  AD.  > > > > > > > > > > > > > > >   Unfortunately, it does not work

Re: [Freeipa-users] FreeIPA and Samba

2016-10-06 Thread Loris Santamaria
ldap suffix >  ldap user suffix > > Does it work with IPA ? > > Thanks. > -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve --

Re: [Freeipa-users] How to migrate from freeipa distribution to separate components

2016-01-13 Thread Loris Santamaria
wouldn't be > > > > used by MIT Kerberos LDAP driver because it doesn't know about that > > > > data, and OpenLDAP server will not have the same behavior as expected by > > > > IPA clients (SSSD) for IPA-specific mode. > > > > > > Whate

Re: [Freeipa-users] Squid authentication in FreeIPA

2015-11-20 Thread Loris Santamaria
-- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www

Re: [Freeipa-users] FreeIPA and Windows

2015-11-10 Thread Loris Santamaria
So no, the keytab is not really used anywhere else and can be deleted. It is the act of generating (with a known password) it that needs to be done for every windows machine in the network. Please use strong, random and different passwords for each windows machine in the network. -- Loris Santama

Re: [Freeipa-users] FreeIPA and Windows

2015-11-10 Thread Loris Santamaria
 Any help here would be really appreciated, we are taking > this > system live over the weekend and would really love to have this part > fixed. > > Randy > > Randy Morgan > CSR > Department of Chemistry and Biochemistry > Brigham Young University > 801-422-4100 &

Re: [Freeipa-users] FreeIPA state - performace, commercial usage

2015-08-21 Thread Loris Santamaria
for that) and tones of documentation/examples for variety of versions, but for such complex thing probably not enough for commercial use. Can I ask you for your opinion ? Vasek -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http

Re: [Freeipa-users] FreeIPA user ID differs

2015-08-05 Thread Loris Santamaria
of the corrected one. Maybe someone can help me out to pinpoint the error and to fix it. Cheers, Markus-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Loris

Re: [Freeipa-users] bind-dyndb-ldap and ddns updates from dhcp

2014-12-31 Thread Loris Santamaria
. With the default ipa configuration a workstation can only set _its_ A, and SSHFP records. No less and no more. Best regards -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1

Re: [Freeipa-users] Woes adding a samba server to the ipa domain

2014-11-02 Thread Loris Santamaria
the same password in ipa-getkeytab and in the ksetup /setcomputerpassword commands -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve

Re: [Freeipa-users] Woes adding a samba server to the ipa domain

2014-10-29 Thread Loris Santamaria
El jue, 23-10-2014 a las 12:32 +0200, Sumit Bose escribió: On Tue, Oct 21, 2014 at 07:49:11AM -0430, Loris Santamaria wrote: El lun, 20-10-2014 a las 21:19 -0400, Dmitri Pal escribió: On 10/20/2014 09:15 AM, Loris Santamaria wrote: [...] Trying to join the server

Re: [Freeipa-users] Woes adding a samba server to the ipa domain

2014-10-29 Thread Loris Santamaria
libraries and you should be able to open a samba share with your kerberos credentials. Best regards -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve

Re: [Freeipa-users] Woes adding a samba server to the ipa domain

2014-10-29 Thread Loris Santamaria
El mié, 29-10-2014 a las 20:49 -0400, Dmitri Pal escribió: On 10/29/2014 05:01 PM, Loris Santamaria wrote: El mié, 29-10-2014 a las 21:40 +0100, John Obaterspok escribió: Hello, I've tried this as well. My IPA is not connected to an AD. My smb.conf looks almost the same

Re: [Freeipa-users] Woes adding a samba server to the ipa domain

2014-10-21 Thread Loris Santamaria
El lun, 20-10-2014 a las 21:19 -0400, Dmitri Pal escribió: On 10/20/2014 09:15 AM, Loris Santamaria wrote: [...] Trying to join the server to the domain (net rpc join -U domainadmin -S ipaserver) fails, and it causes a samba crash on the ipa server. Investigating the cause of the crash

[Freeipa-users] Woes adding a samba server to the ipa domain

2014-10-20 Thread Loris Santamaria
computers group object in ldap, but I cannot see what could be the problem. Perhaps someone more familiar with the ipasam code can spot it quickly. Best regards -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www.lgs.com.ve Tel

Re: [Freeipa-users] domain trust linux to AD server not finding user profiles

2014-10-08 Thread Loris Santamaria
assign privileges to this user. But this is a pretty corner case. It is a pretty common request when you configure a proxy server with authentication. You get the user's ticket but the user is not logged in on the system, so normal group membership via sssd won't work. Best regards -- Loris

[Freeipa-users] Compat tree and group membership in a trust environment

2014-09-23 Thread Loris Santamaria
) won't show if they are members of ipa groups. IPA version is 3.3.3-28.el7 on Centos 7, AD is Server 2008. Should I file a bug? -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10

[Freeipa-users] Squid negotiate auth and trust relationship

2014-09-23 Thread Loris Santamaria
the PAC and get authorization info from there, or have a way to query SSSD for complete group membership of a user even if he or she hasn't logged in on a server. How could SSSD/IPA could help to solve this fairly common need (querying user membership from an app)? -- Loris Santamaria linux

Re: [Freeipa-users] DNS SOA Records

2014-05-19 Thread Loris Santamaria
works. On Tue, May 13, 2014 at 1:38 PM, Loris Santamaria lo...@lgs.com.ve wrote: El mar, 13-05-2014 a las 10:57 -0400, Bob escribió: I have many dozens of TSIG keys declared in our current bind

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

2013-10-09 Thread Loris Santamaria
) --- On Tue, Oct 8, 2013 at 12:15 PM, Loris Santamaria lo...@lgs.com.ve wrote: El mar, 08-10-2013 a las 09:25 -0500, Zachary Musselman escribió: Hello Dmitri, We are currently

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

2013-10-08 Thread Loris Santamaria
, like Samba 4? There are no Samba integration changes made that I know of. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Loris

Re: [Freeipa-users] FreeIPA - Help ...

2013-05-24 Thread Loris Santamaria
Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve

Re: [Freeipa-users] nsupdate refused

2013-04-27 Thread Loris Santamaria
@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve

Re: [Freeipa-users] Realm distrubuted across data centers

2013-03-13 Thread Loris Santamaria
is, is there a 'best practices' approach to this scenario? -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve

Re: [Freeipa-users] Realm distrubuted across data centers

2013-03-13 Thread Loris Santamaria
El mié, 13-03-2013 a las 15:57 -0400, Simo Sorce escribió: On Wed, 2013-03-13 at 14:36 -0430, Loris Santamaria wrote: El mié, 13-03-2013 a las 14:44 +0100, Petr Spacek escribió: On 13.3.2013 14:28, Rob Crittenden wrote: Michael ORourke wrote: I think SRV records are only part

Re: [Freeipa-users] Postfix and FreeIPA in a secure setup

2013-03-08 Thread Loris Santamaria
/RESTRICTION_CLASS_README.html -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve If I'd asked my customers what they wanted

[Freeipa-users] User Administrator role from the web UI

2012-08-01 Thread Loris Santamaria
users, except for group membership, but I can't create or delete users and I cannot create or delete groups. Is this an expected limitation of the web UI, a bug or a misconfiguration? Where I could start debugging this? Thanks -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links

[Freeipa-users] Slowdowns in freeIPA 2.2.0

2012-07-13 Thread Loris Santamaria
. -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve If I'd asked my customers what they wanted

Re: [Freeipa-users] Jabber services for IPA

2012-02-09 Thread Loris Santamaria
sasl.gssapi.useSubjectCredsOnly = false xmpp.domain = mydomain.com xmpp.fqdn = jabberserver.mydomain.com 4) chown /etc/krb5-xmpp.keytab so your openfire service can access it. Hope this helps! -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http

Re: [Freeipa-users] DNS zone transfers

2011-06-23 Thread Loris Santamaria
El mar, 21-06-2011 a las 16:02 +0200, Adam Tkac escribió: On 06/21/2011 03:51 PM, Loris Santamaria wrote: El mar, 21-06-2011 a las 12:12 +0200, Adam Tkac escribió: On 06/16/2011 09:38 PM, Loris Santamaria wrote: El jue, 16-06-2011 a las 11:27 -0400, Simo Sorce escribió: On Thu, 2011-06-16

Re: [Freeipa-users] DNS zone transfers

2011-06-21 Thread Loris Santamaria
El mar, 21-06-2011 a las 12:12 +0200, Adam Tkac escribió: On 06/16/2011 09:38 PM, Loris Santamaria wrote: El jue, 16-06-2011 a las 11:27 -0400, Simo Sorce escribió: On Thu, 2011-06-16 at 10:31 -0430, Loris Santamaria wrote: Hi, I would like to use my freeIPA v2 server as my master name

[Freeipa-users] DNS zone transfers

2011-06-16 Thread Loris Santamaria
work also. Are zone transfer supported with bind-dyndb-ldap? Am I doing something wrong? Thanks -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve

Re: [Freeipa-users] DNS zone transfers

2011-06-16 Thread Loris Santamaria
El jue, 16-06-2011 a las 11:27 -0400, Simo Sorce escribió: On Thu, 2011-06-16 at 10:31 -0430, Loris Santamaria wrote: Hi, I would like to use my freeIPA v2 server as my master name server and have other normal (non ldap based) bind servers as caching / secondary name servers. Ideally

Re: [Freeipa-users] Roadmap to release 2.0 ?

2009-09-03 Thread Loris Santamaria
ASAP. Of course netgroup and DNS management are very desiderable features, and for our role as systems integrators a more hackable interface is definitely a plus. -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A.http://www.lgs.com.ve Tel: 0286