Hi,
first case: As per your direction, things are going well even if we are
facing some issues as well. even like once logged in to ipa-client machine
with ipa user with certain privilege after that while using terminal " TAB"
and " Arrow " keys have not working. due to the same we can not use th
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of pgb205
Sent: Wednesday, 20 July 2016 5:28 AM
To: Sumit Bose
Cc: Freeipa-users
Subject: Re: [Freeipa-users] Unable to ssh after establishing trust
well...I'm not sure what I changed, if anything, but I am
On 19 July 2016 at 16:40, Jakub Hrozek wrote:
> On Tue, Jul 19, 2016 at 11:26:02AM +1000, Lachlan Musicman wrote:
> > I think the thing that frustrates the most is that id u...@domain.com is
> > returning correct data on both but they can't loginand I can't even
> > show that this is the case
Great! That worked, and I was successfully renewed the certificates on the
IPA server and I was trying to create a IPA replica server and got an error,
[root@neit-lab ~]# ipa-replica-install --setup-ca --setup-dns
--no-forwarders --skip-conncheck
/var/lib/ipa/replica-info-neit-lab.teloip.net.gpg Di
Alexander,
regarding your comment about putting stanza on each client.In our case clients
are not on the same network as the Active Directory domain controller.My plan
was to have the Freeipa server as the bridge-head server
AD DC <-> FIPA server <-> Linux clients
as it sits on the network tha
Jeremy Utley wrote:
Hello all!
We're looking at replacing a lot of our currently self-signed internal
SSL certificates in our infrastructure with certificates generated by
the FreeIPA CA. However, I've run into something that I haven't been
able to find documented as of yet, and I'm hoping some
Hello all!
We're looking at replacing a lot of our currently self-signed internal SSL
certificates in our infrastructure with certificates generated by the
FreeIPA CA. However, I've run into something that I haven't been able to
find documented as of yet, and I'm hoping some of you can point me i
well...I'm not sure what I changed, if anything, but I am able to login with my
AD credentials. I have restarted ipa server and cleared sss_cache, so maybe
that helped.
A few other things still remain though:
right now im logging in as jsmith@ADDOMAIN.LOCALI would want it to be either
jsmith@ADD
Hello,
When adding the AD trust using 'ipa-ad-trust-posix' range type then IPA
will search AD for the ID space of existing POSIX attributes to
automatically create a suitable ID range inside IPA.
You can check the exact steps and attributes searched by looking at the
add_range function defin
Sorry, I typed things out instead of copy/paste
my etc hosts looks like:
search ad.local127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts::1 localhost
ip6-localhost ip6-loopbackff02::1 ip6-allnodesff02::2 ip6-allrouters
10.10.10.1 ipa_server.ipa.int
Hi,
We had to replace a failed replica "ipa003.mgmt.prod.local".
Unfortunately, deleting the old copy prior to creating the replacement
doesn't seem to have worked and we're getting lots of errors like :-
attrlist_replace - attr_replace (nsslapd-referral,
ldap://ipa003.mgmt.prod.local:389 ... fai
Linov Suresh wrote:
I have followed Redhat official documentation,
https://access.redhat.com/solutions/643753 for certificate renewal,
which says *add: usercertificate. (step 12)*
*
*
While on the other hand FreeIPA official documentaion
http://www.freeipa.org/page/IPA_2x_Certificate_Renewal , sa
Zeal Vora wrote:
Hi!
I was planning to have a user who will have access to the below set of
permissions :-
1. kinit
2. ipa host-add
3. ipa-host-add-managedby
4. ipa-getkeytab
I was wondering on what would be the minimum required permission for
this user? I was planning to use specific user
I have followed Redhat official documentation,
https://access.redhat.com/solutions/643753 for certificate renewal, which
says *add: usercertificate. (step 12)*
While on the other hand FreeIPA official documentaion
http://www.freeipa.org/page/IPA_2x_Certificate_Renewal , say to *add:
usercertificat
Hi,
I am still fighting with storing user's POSIX attributes in AD. Please can
anybody provide some simple reference settings of IPA-AD trust where users are
able to get uid from AD - not from IPA ID pool ?
I have tried to set values of attributes before and after creating trust, I
have trie
We have cloned and created another virtual server from the template.
Surprisingly this server certificates were also expired at the same time as
the previous, just lasted for a day.
This issue has something to do with the kerberos tickets?
I new to IPA and your help is highly appreciated.
On Mon,
I was in the exact same situation. Had to upgraded from FC21 (4.1.4) to
CentOS 7.2 (4.2.0). Upgrade went thru fine thanks to this thread :-)
For migrating the DNA ranges, I used this link
https://blog-rcritten.rhcloud.com/?p=50 Is this fine?
Thanks.
On 10 February 2016 at 15:02, Martin Kosek wr
Hi!
I was planning to have a user who will have access to the below set of
permissions :-
1. kinit
2. ipa host-add
3. ipa-host-add-managedby
4. ipa-getkeytab
I was wondering on what would be the minimum required permission for this
user? I was planning to use specific user other then the admi
On 18.7.2016 23:06, Brendan Kearney wrote:
> On 07/18/2016 06:12 AM, Petr Spacek wrote:
>> On 18.7.2016 03:25, Sullivan, Daniel [AAA] wrote:
>>> Would a DNS view (bind) work?
>>>
>>> http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch10_06.htm
>>>
>>> Also, depending on what you are using for NAT
On Mon, Jul 18, 2016 at 09:21:07PM +, pgb205 wrote:
> Sumit,
>
> I have set the names of all the Domain Controllers to be resolvable to the IP
> of the one reachable Domain Controller in /etc/hosts
>
> /etc/hosts:
> Reachable_IP_BOX 172.10.10.1
> DC1172.10.10.1
>
20 matches
Mail list logo