I do not know what OS you are using but if it is RHEL 6 or CentOS 6 you would
need to do the following:
In /etc/idmapd.conf:
Domain = your.domain
Add this to /etc/sysconfig/nfs
SECURE_NFS=yes
In /etc/exports:
/home/repo *(rw,sync,sec=krb5p)
Make sure that you use NTP for every
On 17.9.2014 18:41, Ron wrote:
I have created user groups and entered users.
When I view the groups under the User Groups heading, I see the group
members.
When I go to the Users heading, and click the User Groups
sub-heading, IPA does not show any groups (says no entries at bottom).
See
On 09/18/2014 06:12 AM, Dmitri Pal wrote:
On 09/17/2014 10:56 PM, Dan Mossor wrote:
Good day, folks.
I am curious what the suggested upgrade path is for FreeIPA. Currently, I am
running freeipa-server-3.3.5-1.fc20.x86_64 on a virtual Fedora 20 server and
am planning my upgrade to FreeIPA
Hi,
i'am using centos 6.5 and ipa-server 3.0.0, 37.el6 package.
I want to expose a ldap attribute in the Web UI and red the following
slides:
https://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
My problem ist that i cant find a plugin location path
On 18.9.2014 14:15, Andreas Ladanyi wrote:
Hi,
i'am using centos 6.5 and ipa-server 3.0.0, 37.el6 package.
I want to expose a ldap attribute in the Web UI and red the following
slides:
https://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
My problem ist that i cant find a
On 09/18/2014 02:03 AM, Johan Petersson wrote:
I do not know what OS you are using but if it is RHEL 6 or CentOS 6 you would
need to do the following:
In /etc/idmapd.conf:
Domain = your.domain
Add this to /etc/sysconfig/nfs
SECURE_NFS=yes
In /etc/exports:
/home/repo *(rw,sync,sec=krb5p)
Hi,
we are going to have a use case of diskless HPC clients that will use the
IPA for lookups, I was wondering if i can get rid of the state-fulness of
the client configuration as much as possible as it is more of a cattle than
pets use case. that is i do not need to know that the client is part
Walid A. Shaari wrote:
Hi,
we are going to have a use case of diskless HPC clients that will use
the IPA for lookups, I was wondering if i can get rid of the
state-fulness of the client configuration as much as possible as it is
more of a cattle than pets use case. that is i do not need to
On Thu, 18 Sep 2014 06:03:41 +
Johan Petersson johan.peters...@sscspace.com wrote:
ipa service-add nfs/your.server.name
Generate a key using ipa-getkeytab -s ipa.server -p
nfs/your.nfs.server -k /tmp/nfsserver.keytab # Do this on the nfs
server and you can add the key directly to
Great Rob, would that be still doable with RHEL5 and RHEL6 ipa 2, and 3
clients?
On 18 September 2014 17:43, Rob Crittenden rcrit...@redhat.com wrote:
Walid A. Shaari wrote:
Hi,
we are going to have a use case of diskless HPC clients that will use
the IPA for lookups, I was wondering if
On Thu, 18 Sep 2014 18:49:44 +0300
Walid A. Shaari walid.sha...@linux.com wrote:
Great Rob, would that be still doable with RHEL5 and RHEL6 ipa 2, and
3 clients?
The X509 certificate has always been provided as a commodity but never
required.
Keytabs are the only thing we require.
Simo.
--
Walid A. Shaari wrote:
Great Rob, would that be still doable with RHEL5 and RHEL6 ipa 2, and 3
clients?
Sure, the cert isn't used anyway but it isn't optional to have
certmonger try to get one.
If you really care you can run a command to tell certmonger to stop
tracking the cert though:
#
hi,
On Thu, Sep 18, 2014 at 4:43 PM, Rob Crittenden rcrit...@redhat.com wrote:
Yes, you don't need to obtain a machine certificate. In fact we have
stopped doing this upstream.
Do you mean ipa will not have a CA in the future? Or will it be optional?
Or am I misunderstanding this :-) ? I
On Thu, 18 Sep 2014, Natxo Asenjo wrote:
hi,
On Thu, Sep 18, 2014 at 4:43 PM, Rob Crittenden rcrit...@redhat.com wrote:
Yes, you don't need to obtain a machine certificate. In fact we have
stopped doing this upstream.
Do you mean ipa will not have a CA in the future? Or will it be
Natxo Asenjo wrote:
hi,
On Thu, Sep 18, 2014 at 4:43 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Yes, you don't need to obtain a machine certificate. In fact we have
stopped doing this upstream.
Do you mean ipa will not have a CA in the future?
On 09/18/2014 10:12 AM, Walid A. Shaari wrote:
Hi,
we are going to have a use case of diskless HPC clients that will use
the IPA for lookups, I was wondering if i can get rid of the
state-fulness of the client configuration as much as possible as it is
more of a cattle than pets use case.
hi,
On Thu, Sep 18, 2014 at 9:05 PM, Rob Crittenden rcrit...@redhat.com wrote:
Natxo Asenjo wrote:
hi,
On Thu, Sep 18, 2014 at 4:43 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Yes, you don't need to obtain a machine certificate. In fact we have
Natxo Asenjo wrote:
hi,
On Thu, Sep 18, 2014 at 9:05 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Natxo Asenjo wrote:
hi,
On Thu, Sep 18, 2014 at 4:43 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com
On Thu, Sep 18, 2014 at 10:51 PM, Rob Crittenden rcrit...@redhat.com
wrote:
Natxo Asenjo wrote:
ok. I was thinking on starting a pilot with dot1.x and hosts
certificates are usually used for this, so it would be nice to have a
cli switch during enrollment.
Ok, do you have a preference
19 matches
Mail list logo
