Re: [Freeipa-users] Mapping users from AD to IPA KDC

2016-12-02 Thread TomK
On 12/2/2016 8:43 AM, Sumit Bose wrote: On Fri, Dec 02, 2016 at 08:30:28AM -0500, TomK wrote: Hey All, I've successfully mapped the nixadmins to the external group nixadmins_external. However no users in that group make it over to Free IPA that I can see. ipa group-add-member

Re: [Freeipa-users] ACIerrors is httpd log

2016-12-02 Thread Rob Crittenden
Jim Richard wrote: > Hmm ya. So before I rebuilt anything I thought maybe it was my DNS > records but it looks like that’s not it. > > More background, I used to have sso-109 and sso-110, both CA’s. I > rebuilt sso-110 without CA. > > My DNS is external, BIND on another host. > > Using the

[Freeipa-users] New IPA Servers

2016-12-02 Thread Outback Dingo
Ok so trying to setup a replca to deploy 2 new freeipa servers on AWS... migrating from old servers going away, It was suggested to create a replica then promote it. this issue is the public ip for the new server is not the same as the servers IP on AWS... so which one do i use ??? --

Re: [Freeipa-users] ACIerrors is httpd log

2016-12-02 Thread Jim Richard
Hmm ya. So before I rebuilt anything I thought maybe it was my DNS records but it looks like that’s not it. More background, I used to have sso-109 and sso-110, both CA’s. I rebuilt sso-110 without CA. My DNS is external, BIND on another host. Using the following (at the end of the message)

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-02 Thread Rob Verduijn
2016-12-01 19:44 GMT+01:00 Rob Verduijn : > > > 2016-12-01 17:20 GMT+01:00 Rob Crittenden : > >> Rob Verduijn wrote: >> > >> > >> > 2016-12-01 15:41 GMT+01:00 Rob Crittenden > > >: >> > >> > Rob

Re: [Freeipa-users] Mapping users from AD to IPA KDC

2016-12-02 Thread Sumit Bose
On Fri, Dec 02, 2016 at 08:30:28AM -0500, TomK wrote: > Hey All, > > I've successfully mapped the nixadmins to the external group > nixadmins_external. However no users in that group make it over to Free IPA > that I can see. > > ipa group-add-member nixadmins_external --external "nixadmins" >

[Freeipa-users] Mapping users from AD to IPA KDC

2016-12-02 Thread TomK
Hey All, I've successfully mapped the nixadmins to the external group nixadmins_external. However no users in that group make it over to Free IPA that I can see. ipa group-add-member nixadmins_external --external "nixadmins" Windows AD users, 3 of them, are in the windows AD group

Re: [Freeipa-users] cannot access to freeipa client's linux share from windows

2016-12-02 Thread Fujisan
Ok so why is it still not working? Any suggestion? On Fri, Dec 2, 2016 at 11:20 AM, Alexander Bokovoy wrote: > On pe, 02 joulu 2016, Fujisan wrote: > >> I'm not sure my problem is linked to this 'dedicated keytab file' with >> FILE: before the path to keytab file. >> > Yes,

Re: [Freeipa-users] cannot access to freeipa client's linux share from windows

2016-12-02 Thread Alexander Bokovoy
On pe, 02 joulu 2016, Fujisan wrote: I'm not sure my problem is linked to this 'dedicated keytab file' with FILE: before the path to keytab file. Yes, it does. Your client log below reports that the server cannot communicate with you because _the_server_ is unable to read its keytab when

Re: [Freeipa-users] cannot access to freeipa client's linux share from windows

2016-12-02 Thread Fujisan
I'm not sure my problem is linked to this 'dedicated keytab file' with FILE: before the path to keytab file. # smbclient -d3 -L \\10.0.21.200 -U smith lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)

Re: [Freeipa-users] cannot access to freeipa client's linux share from windows

2016-12-02 Thread Alexander Bokovoy
On pe, 02 joulu 2016, Fujisan wrote: Alexander, I have now in my conf on server A and client B dedicated keytab file = /etc/samba/samba.keytab instead of dedicated keytab file = FILE:/etc/samba/samba.keytab But unfortunately, it did not solve the problem. It did solve for me. The

Re: [Freeipa-users] cannot access to freeipa client's linux share from windows

2016-12-02 Thread Fujisan
Alexander, I have now in my conf on server A and client B dedicated keytab file = /etc/samba/samba.keytab instead of dedicated keytab file = FILE:/etc/samba/samba.keytab But unfortunately, it did not solve the problem. On Fri, Dec 2, 2016 at 10:29 AM, Alexander Bokovoy

Re: [Freeipa-users] cannot access to freeipa client's linux share from windows

2016-12-02 Thread Alexander Bokovoy
On to, 01 joulu 2016, Fujisan wrote: Hello, I have upgraded a client and a freeipa server from Fedora 24 to 25 recently. And I *cannot* access linux shares located on the F25 freeipa client from a windows desktop. But I can access linux shares located on the F25 freeipa server from that windows