[Freeipa-users] Easier management of trusted AD users from web UI

2017-05-14 Thread Patrick Hemmer
I'm exploring using AD trusts, and am trying to find a good way to get better management of trusted objects within FreeIPA. One example, I add an AD user to an external group, and then add that group to a POSIX group. When I want to view all the members of the POSIX group, I can only see the

Re: [Freeipa-users] Error trying to use trusted AD objects: trusted domain object not found

2017-05-14 Thread Patrick Hemmer
On 2017/5/14 04:19, Alexander Bokovoy wrote: > On su, 14 touko 2017, Patrick Hemmer wrote: >> I'm working on spinning up a FreeIPA server with an AD trust. I've >> followed the official guide >> (https://www.freeipa.org/page/Active_Directory_trust_setup), and >> every

[Freeipa-users] Error trying to use trusted AD objects: trusted domain object not found

2017-05-14 Thread Patrick Hemmer
I'm working on spinning up a FreeIPA server with an AD trust. I've followed the official guide (https://www.freeipa.org/page/Active_Directory_trust_setup), and everything works up to the point of trying to add external members to the group. Whenever I try I get: # ipa group-add-member

[Freeipa-users] Password history based on age, not count?

2017-05-03 Thread Patrick Hemmer
Would it be reasonable to request a feature for FreeIPA to enforce password history reuse based on age, instead of a count? Meaning configure FreeIPA to enforce that a password cannot be reused within the last 1 year? Then we could remove the minimum time between password changes, and not worry

[Freeipa-users] /var/kerberos/krb5kdc/principal missing

2014-04-08 Thread Patrick Hemmer
I'm having the exact same issue as http://www.redhat.com/archives/freeipa-users/2013-October/msg9.html I upgraded from RHEL-6.3 to RHEL-6.5, and now FreeIPA won't start due to kadmind not starting. The kadmind.log contains an extremely unhelpful: Apr 08 11:31:20 i-31f62969

Re: [Freeipa-users] /var/kerberos/krb5kdc/principal missing

2014-04-08 Thread Patrick Hemmer
: *Rob Crittenden rcrit...@redhat.com *Sent: * 2014-04-08 13:33:53 E *To: *Patrick Hemmer free...@stormcloud9.net, freeipa-users@redhat.com *Subject: *Re: [Freeipa-users] /var/kerberos/krb5kdc/principal missing Patrick Hemmer wrote: Figured it out. Somehow during the upgrade process

Re: [Freeipa-users] error setting up replication client

2013-03-21 Thread Patrick Hemmer
, Patrick Hemmer wrote: I'm trying to set up an ipa replica, and each time I try the install process fails at the same point. When I look in the ipareplica-install.log I see a 302 redirection which seems to be causing the issue. Any ideas why this is happening (or if something else is the issue

[Freeipa-users] error setting up replication client

2013-03-20 Thread Patrick Hemmer
I'm trying to set up an ipa replica, and each time I try the install process fails at the same point. When I look in the ipareplica-install.log I see a 302 redirection which seems to be causing the issue. Any ideas why this is happening (or if something else is the issue)? Thanks -Patrick