On 08/12/2012 12:05 PM, Simo Sorce wrote:
- Original Message -
On 08/08/2012 08:07 PM, Simo Sorce wrote:
On Wed, 2012-08-08 at 19:59 +0200, Petr Spacek wrote:
On 08/08/2012 07:27 PM, Rob Ogilvie wrote:
On Wed, Aug 8, 2012 at 9:06 AM, Petr Spacek pspa...@redhat.com
wrote:
Best way
On Tue, Aug 7, 2012 at 7:03 PM, KodaK sako...@gmail.com wrote:
It's hard to tell with the obfuscation, but is your DOMAIN the same as
the one handled by the domain controller vm-mapsdc2?
Indeed, it is
You can only have one Kerberos realm named DOMAIN.
How do they know about each other?
On 08/08/2012 05:42 PM, Rob Ogilvie wrote:
On Tue, Aug 7, 2012 at 7:03 PM, KodaK sako...@gmail.com wrote:
It's hard to tell with the obfuscation, but is your DOMAIN the same as
the one handled by the domain controller vm-mapsdc2?
Indeed, it is
You can only have one Kerberos realm named
On Wed, Aug 8, 2012 at 11:06 AM, Petr Spacek pspa...@redhat.com wrote:
Best way is to create subdomain UNIX.MYCOMPANY.COM and fill it with proper
SRV records (or let IPA to manage it).
Absolutely, this is the best way.
You can configure each all servers and client statically with
Rob, you may want to read through this whole FAQ, but this one covers
what I'm talking about:
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#realms
--
The government is going to read our mail anyway, might as well make it
tough for them. GPG Public key ID: B6A1A7C6
On Wed, Aug 8, 2012 at 9:06 AM, Petr Spacek pspa...@redhat.com wrote:
Best way is to create subdomain UNIX.MYCOMPANY.COM and fill it with proper
SRV records (or let IPA to manage it).
Ugh, I hope this doesn't end up pushing us back to NIS.
If I can get our infrastructure guys to buy off on
On 08/08/2012 07:27 PM, Rob Ogilvie wrote:
On Wed, Aug 8, 2012 at 9:06 AM, Petr Spacek pspa...@redhat.com wrote:
Best way is to create subdomain UNIX.MYCOMPANY.COM and fill it with proper
SRV records (or let IPA to manage it).
Ugh, I hope this doesn't end up pushing us back to NIS.
If I can
On Wed, 2012-08-08 at 19:59 +0200, Petr Spacek wrote:
On 08/08/2012 07:27 PM, Rob Ogilvie wrote:
On Wed, Aug 8, 2012 at 9:06 AM, Petr Spacek pspa...@redhat.com wrote:
Best way is to create subdomain UNIX.MYCOMPANY.COM and fill it with proper
SRV records (or let IPA to manage it).
Ugh, I
So here's my plan, then... let me know if it seems like it'll make sense?
-I'm going to uninstall everything IPA from the IPA server
(ovm-auth.mycompany.com) after I unregister the client machines.
-I'm going to set up the IPA server with a new realm;
UNIX.MYCOMPANY.COM (do I need to have our
On Wed, 2012-08-08 at 11:23 -0700, Rob Ogilvie wrote:
So here's my plan, then... let me know if it seems like it'll make sense?
-I'm going to uninstall everything IPA from the IPA server
(ovm-auth.mycompany.com) after I unregister the client machines.
-I'm going to set up the IPA server
On Wed, Aug 8, 2012 at 11:52 AM, Simo Sorce s...@redhat.com wrote:
On Wed, 2012-08-08 at 11:23 -0700, Rob Ogilvie wrote:
-I'm going to set up the IPA server with a new realm;
UNIX.MYCOMPANY.COM (do I need to have our DNS folks put an SRV record
up there for that? If so, what?)
If your
On Wed, 2012-08-08 at 12:16 -0700, Rob Ogilvie wrote:
On Wed, Aug 8, 2012 at 11:52 AM, Simo Sorce s...@redhat.com wrote:
On Wed, 2012-08-08 at 11:23 -0700, Rob Ogilvie wrote:
-I'm going to set up the IPA server with a new realm;
UNIX.MYCOMPANY.COM (do I need to have our DNS folks put an
On Wed, Aug 8, 2012 at 2:16 PM, Rob Ogilvie r...@axpr.net wrote:
On Wed, Aug 8, 2012 at 11:52 AM, Simo Sorce s...@redhat.com wrote:
On Wed, 2012-08-08 at 11:23 -0700, Rob Ogilvie wrote:
-I'm going to set up the IPA server with a new realm;
UNIX.MYCOMPANY.COM (do I need to have our DNS folks
On Wed, Aug 8, 2012 at 12:31 PM, Simo Sorce s...@redhat.com wrote:
Unlike AD we do not force all client to be positioned in the same DNS
zone, however if you have clients not belonging to the same DNS domain
you may have to change the krb5.conf file on all members of the realm to
add
Good Afternoon,
I'm testing FreeIPA for a proof-of-concept replacement of NIS on OEL 6.3
(RHEL 6.3). I followed the guide to set up the FreeIPA server, and it
seems to be working great on the IPA server itself. I can ssh in as admin,
type my password, and I'm in.
I then have been struggling
On Tue, 2012-08-07 at 13:00 -0700, Rob Ogilvie wrote:
Good Afternoon,
I'm testing FreeIPA for a proof-of-concept replacement of NIS on OEL
6.3 (RHEL 6.3). I followed the guide to set up the FreeIPA server,
and it seems to be working great on the IPA server itself. I can ssh
in as admin,
On Tue, Aug 7, 2012 at 1:24 PM, Simo Sorce s...@redhat.com wrote:
Kerberos depends on proper name resolution. If a hostname cannot be
resolved you cannot acquire tickets for it.
So if your host ovm-c19-db does not have a DNS entry (either using IPA's
DNS server or an external DNS server) you
On Tue, 2012-08-07 at 13:35 -0700, Rob Ogilvie wrote:
On Tue, Aug 7, 2012 at 1:24 PM, Simo Sorce s...@redhat.com wrote:
Kerberos depends on proper name resolution. If a hostname cannot be
resolved you cannot acquire tickets for it.
So if your host ovm-c19-db does not have a DNS entry
On Tue, Aug 7, 2012 at 1:59 PM, Simo Sorce s...@redhat.com wrote:
Does klist -kt /etc/krb5.keytab return entries with the right hostname ?
It lists four entries, each with the correct FQDN:
[root@ovm-c19-db ~]# klist -kt /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Timestamp
I just found this additional log file entries on my IPA server. The
vm-mapsdc2 is one of the domain controllers/DNS servers not associated
with IPA other than being one of our authoritative DNS servers. Is
something misconfigured in IPA on the server side?
Aug 07 14:01:02 ovm-auth.domain
On Tue, Aug 7, 2012 at 4:48 PM, Rob Ogilvie r...@axpr.net wrote:
I just found this additional log file entries on my IPA server. The
vm-mapsdc2 is one of the domain controllers/DNS servers not associated
with IPA other than being one of our authoritative DNS servers. Is
something
21 matches
Mail list logo