On mån, 2012-06-18 at 10:49 -0400, Brian Wheeler wrote:
Is there any way to integrate FreeIPA into an environment such as ours
or am I going to have to continue with my homegrown way of doing things?
I wonder if the (very) new IPA AD trust feature could solve at least
some of your problems.
On 06/18/2012 11:58 AM, Darran Lofthouse wrote:
Just experienced some weird behaviour on my Fedora 17 installation,
just wanted to check if this was expected.
I have the default config that requires a user to change their
password the first time they run kinit.
However I created a user and
On Mon, Jun 18, 2012 at 7:24 PM, Rob Crittenden rcrit...@redhat.com wrote
If you could provide an ldif for one of the groups to be migrated we can
tell you.
dn: cn=management-team,ou=groups,dc=domain,dc=com
objectClass: posixGroup
cn: management-team
gidNumber: 10004
description: Management
On Mon, Jun 11, 2012 at 2:11 PM, Maciej Sawicki
maciej.sawi...@polidea.pl wrote:
Hi,
I (almost) managed to migrate groups from my previous server. That is
groups names migrated perfectly, unfortunately when I login to web
panel all groups are empty.
I used following command:
ipa migrate-ds
Hi all,
As mentioned on IRC today I've finished my write up of using Apache
with SNI and kerberos authentication with an IPA backend
I'd be interested in any feedback:
http://freeipa.org/page/Apache_SNI_With_Kerberos
Kind regards,
James
___
I will look into that. I've got nearly a year before I have to do my
machine migrations, so one would assume that this feature would
stabilize by the time I get around to doing an actual implementation.
I'll play with it and see if I can make it work. Although, the
instructions do mention
Maciej Sawicki wrote:
On Mon, Jun 11, 2012 at 2:11 PM, Maciej Sawicki
maciej.sawi...@polidea.pl wrote:
Hi,
I (almost) managed to migrate groups from my previous server. That is
groups names migrated perfectly, unfortunately when I login to web
panel all groups are empty.
I used following
george he wrote:
Hello all,
While waiting for more suggestions on my thread is not an IPA v2
Server, I tried to install ipa server on other machines running fc16
and fc15.
When server is on fc16, I get the same error as when it's on fc17, wget
failed: No route to host.
when server is on fc15,
On tis, 2012-06-19 at 13:26 +0100, James Hogarth wrote:
I wonder if the (very) new IPA AD trust feature could solve at least
some of your problems. Have a look at
http://freeipa.org/page/IPAv3_testing_AD_trust for some info on how this
can be tested.
The initial documentation looks
Hello Rob,
Can it be that the httpd service is not running properly?
On all servers, I can only run wget on the server itself successfully...
At least on fc15, the client was able to contact the server, but the connection
was refused.
maybe the configuration part of httpd?
On other machines in
On Tue, 2012-06-19 at 13:26 +0100, James Hogarth wrote:
I wonder if the (very) new IPA AD trust feature could solve at least
some of your problems. Have a look at
http://freeipa.org/page/IPAv3_testing_AD_trust for some info on how this
can be tested.
The initial documentation looks
On Tue, 2012-06-19 at 09:14 -0400, Brian Wheeler wrote:
I will look into that. I've got nearly a year before I have to do my
machine migrations, so one would assume that this feature would
stabilize by the time I get around to doing an actual implementation.
I'll play with it and see if I
Well, at the moment we only set up a two way trust
but the windows admins would certainly be able to delete the outgoing
trust right after it is created, it should cause trouble for win users
that want to access ipa hosts.
We may take an RFE about creating only a one way trust, but it won't
george he wrote:
Hello Rob,
Can it be that the httpd service is not running properly?
On all servers, I can only run wget on the server itself successfully...
At least on fc15, the client was able to contact the server, but the
connection was refused.
maybe the configuration part of httpd?
On
Hello Rob,
netstat |grep 443 returned nothing, but lsof -i :80 (or :443) returned things
like this:
httpd 4206 apache 5u IPv6 846355 TCP *:http (LISTEN)
is the IPv6 here a problem?
Thanks,
George
From: Rob Crittenden rcrit...@redhat.com
To:
OOps, forgot to reply to list last time.
On 06/19/2012 10:42 AM, Simo Sorce wrote:
On Tue, 2012-06-19 at 09:14 -0400, Brian Wheeler wrote:
I will look into that. I've got nearly a year before I have to do my
machine migrations, so one would assume that this feature would
stabilize by the time
On Tue, Jun 19, 2012 at 2:54 AM, Dmitri Pal d...@redhat.com wrote:
On 06/18/2012 11:58 AM, Darran Lofthouse wrote:
Just experienced some weird behaviour on my Fedora 17 installation,
just wanted to check if this was expected.
I have the default config that requires a user to change their
On Fri, Jun 15, 2012 at 6:09 AM, Simo Sorce s...@redhat.com wrote:
On Fri, 2012-06-15 at 00:10 -0700, Stephen Ingram wrote:
Is it possible for accounts in cn=etc,cn=sysaccounts to have kerberos
principals or must you use the cn=accounts,cn=users container? I'm
thinking this for
On Tue, 2012-06-19 at 09:28 -0700, Stephen Ingram wrote:
On Fri, Jun 15, 2012 at 6:09 AM, Simo Sorce s...@redhat.com wrote:
On Fri, 2012-06-15 at 00:10 -0700, Stephen Ingram wrote:
Is it possible for accounts in cn=etc,cn=sysaccounts to have kerberos
principals or must you use the
On Tue, 2012-06-19 at 13:04 +0100, James Hogarth wrote:
Hi all,
As mentioned on IRC today I've finished my write up of using Apache
with SNI and kerberos authentication with an IPA backend
I'd be interested in any feedback:
http://freeipa.org/page/Apache_SNI_With_Kerberos
Very nice
On Tue, Jun 19, 2012 at 6:54 PM, Simo Sorce s...@redhat.com wrote:
Yes with IPA you can use service principals to initiate context w/o
problems. That's why I suggested you use a service principal.
AD has a limitation that you must use an actual user to initiate a
context, that may be where
On Tue, Jun 19, 2012 at 2:04 PM, James Hogarth james.hoga...@gmail.comwrote:
Hi all,
As mentioned on IRC today I've finished my write up of using Apache
with SNI and kerberos authentication with an IPA backend
I'd be interested in any feedback:
On Tue, Jun 19, 2012 at 9:55 AM, Simo Sorce s...@redhat.com wrote:
On Tue, 2012-06-19 at 09:15 -0700, Stephen Ingram wrote:
On Tue, Jun 19, 2012 at 2:54 AM, Dmitri Pal d...@redhat.com wrote:
On 06/18/2012 11:58 AM, Darran Lofthouse wrote:
Just experienced some weird behaviour on my Fedora 17
Simo Sorce wrote:
On Tue, 2012-06-19 at 13:04 +0100, James Hogarth wrote:
Hi all,
As mentioned on IRC today I've finished my write up of using Apache
with SNI and kerberos authentication with an IPA backend
I'd be interested in any feedback:
Hi,
Does a users kerberos tickets become invalid after a restart of the KDC
who granted the tickets?
Regards,
Siggi
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On 06/19/2012 05:37 PM, Sigbjorn Lie wrote:
Hi,
Does a users kerberos tickets become invalid after a restart of the
KDC who granted the tickets?
Should not.
Regards,
Siggi
___
Freeipa-users mailing list
Freeipa-users@redhat.com
My IPA servers are say ipa1 and 2.ipa.example.com
I have existing linux servers that I would rather not change the FQDN on, say
server1.example.com Do I actually have to make the client
server1.ipa.example.com or can I leave it as is at server1.example.com? Would
that give any IPA problems?
27 matches
Mail list logo