> -Original Message-
> > What I'm not quite clear on is the interaction between idmapd and ldap
> > (slides 15,16,18). Does idmapd want to see this "NFSv4RemoteUser"
> > schema on the LDAP server? Is this schema something that FreeIPA would
> > have to support for NFS to work with cross-r
> Would the idmap sss module we have on the list pending review help here?
My read of the design page suggests that the plugin is 66% of a solution. There
are three types of identities which need to be related:
* local machine accounts/identities (meaningful to the filesystem)
* security princi
Hi,
Probably there are better ways to solve this issue but the way that works for
me is to validate the trust from the AD side after a reboot of the IPA Server -
it always shows as offline for me too. On 2012 Server you can do this through
Active Directory Domains and Trusts - properties on you
Was trying to add an external ad group to IPA, it kept failing with unable
to connect to server.
Figured I'd reboot to clear things up. Oops.
Now wbinfo --online-status shows are AD as offline.
wbinfo -u shows blank
wbinfo -n 'DOMAIN\user' gives the following message:
failed to call wbcLookupN
Hi Fredy,
We have integrated our Mac Worstations (Mountain Lion and Maverick) with
FreeIPA with good success except for password change.
Does your method allows users to change their password through the OSX
interface for example when a new user is created and logs in for the first
time? For n
On Thu, 2014-06-26 at 23:21 +, Nordgren, Bryce L -FS wrote:
> > The second @ is not provided by kerberos, it is rpcimapd making false
> > assumptions, it does a getpwuid and gets back adt...@ad.example.org as
> > the username, to which it decides to slap on the local REALM name with an @
> > si
On Fri, 2014-06-27 at 00:10 +, Nordgren, Bryce L -FS wrote:
> Also:
> http://tools.ietf.org/html/draft-adamson-nfsv4-multi-domain-access-04
>
> Never became an RFC, but cites Simo's I-D on a Kerberos PAC.
>
> I like the CITI approach better (also approach 2 of section 6 in the
> above I-D). I
On Thu, Jun 26, 2014 at 09:04:41PM +, Johan Petersson wrote:
> Hi,
>
> First i wish to thank everybody that helped me out trying to solve this issue
> and i also wish to inform that NFS 4 does not work with AD users through an
> AD and IPA trust at the moment for RHEL 6 and 7.
>
> The rea
On Thu, Jun 26, 2014 at 06:42:37PM -0400, Simo Sorce wrote:
> On Thu, 2014-06-26 at 22:02 +, Nordgren, Bryce L -FS wrote:
> > > The reason is that rpcidmapd` does not parse fully-qualified usernames
> > > so"adt...@ad.example.org@IPA.EXAMPLE.ORG" does not work.
> >
> > If someone can educate m
