You are almost right, the box only needs to lookup users/groups from
another IPA server for environment admins. The "LDAP Only" on this IPA
server (and client) won't do anything on the whole network layer, only
some webapp is talking to it and use users don't have anything todo
with the network at
Matt . wrote:
> Nope, I provision my servers and they are added to my FreeIPA
> environment which auths my systeadmins. But on a server I provisioned
> I need to install FreeIPA as well, but without dns and ca, so it's
> doing ldap only actually.
>
> When I want to install FreeIPA server on this
Nope, I provision my servers and they are added to my FreeIPA
environment which auths my systeadmins. But on a server I provisioned
I need to install FreeIPA as well, but without dns and ca, so it's
doing ldap only actually.
When I want to install FreeIPA server on this IPA client it tells me
Matt . wrote:
> When I have a full ipa setup and I want to add a host to it that is
> installed or needs to be installed as IPA LDAP server only, is that
> possible ?
If you're asking if only 389-ds can be configured on an IPA server, no,
not using any IPA tools in any case.
> Of course the
When I have a full ipa setup and I want to add a host to it that is
installed or needs to be installed as IPA LDAP server only, is that
possible ?
Of course the ipa-server-install complains that the agent is already
configured on the host but there might be a way ? Or just copy the
config back
On Thu, 2017-04-06 at 22:18 +0200, Stijn De Weirdt wrote:
> hi rob,
>
> > > i'm a bit puzzled by the following: i want to retrieve a user
> > > keytab
> > > using ipa-getkeytab -r (since the keytab for the same user was
> > > already
> > > retrieved on another host).
> > >
> > > when doing so, i
On Thu, Apr 06, 2017 at 06:36:43PM +, spammewo...@cox.net wrote:
> I have created a two way trust between my IDM server and Active Directory.
> I have been able to successful get RHEL 7.3 IDM server and RHEL 7.3 IDM
> clients to allow Active Directory login using CAC smart cards into Gnome.
>
On Fri, Apr 07, 2017 at 09:46:45AM +0200, Ronald Wimmer wrote:
> On 2017-04-06 20:50, Sumit Bose wrote:
> > On Thu, Apr 06, 2017 at 01:55:02PM +0200, Ronald Wimmer wrote:
> > > On 2017-04-06 12:16, Sumit Bose wrote:
> > > > On Thu, Apr 06, 2017 at 12:58:32PM +0200, Ronald Wimmer wrote:
> > > >
On 2017-04-06 20:50, Sumit Bose wrote:
On Thu, Apr 06, 2017 at 01:55:02PM +0200, Ronald Wimmer wrote:
On 2017-04-06 12:16, Sumit Bose wrote:
On Thu, Apr 06, 2017 at 12:58:32PM +0200, Ronald Wimmer wrote:
[...]
AD trust:
mydomain.at (forest root)
xyz (subdomain -> where myuser resides)
BCC
On Thu, Apr 06, 2017 at 02:39:02PM -0400, Chris Dagdigian wrote:
>
> I see similar things in our environment where IPA is used as "glue" between
> AD Forests that have a 1-way trust relationship. We believe that the root
> cause has something to do with the 30+ domain controllers the IPA client
>
10 matches
Mail list logo
