On Tue, Aug 7, 2012 at 7:03 PM, KodaK sako...@gmail.com wrote:
It's hard to tell with the obfuscation, but is your DOMAIN the same as
the one handled by the domain controller vm-mapsdc2?
Indeed, it is
You can only have one Kerberos realm named DOMAIN.
How do they know about each other?
On 08/08/2012 05:42 PM, Rob Ogilvie wrote:
On Tue, Aug 7, 2012 at 7:03 PM, KodaK sako...@gmail.com wrote:
It's hard to tell with the obfuscation, but is your DOMAIN the same as
the one handled by the domain controller vm-mapsdc2?
Indeed, it is
You can only have one Kerberos realm named
On Wed, Aug 8, 2012 at 11:06 AM, Petr Spacek pspa...@redhat.com wrote:
Best way is to create subdomain UNIX.MYCOMPANY.COM and fill it with proper
SRV records (or let IPA to manage it).
Absolutely, this is the best way.
You can configure each all servers and client statically with
Rob, you may want to read through this whole FAQ, but this one covers
what I'm talking about:
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#realms
--
The government is going to read our mail anyway, might as well make it
tough for them. GPG Public key ID: B6A1A7C6
On Wed, Aug 8, 2012 at 9:06 AM, Petr Spacek pspa...@redhat.com wrote:
Best way is to create subdomain UNIX.MYCOMPANY.COM and fill it with proper
SRV records (or let IPA to manage it).
Ugh, I hope this doesn't end up pushing us back to NIS.
If I can get our infrastructure guys to buy off on
On 08/08/2012 07:27 PM, Rob Ogilvie wrote:
On Wed, Aug 8, 2012 at 9:06 AM, Petr Spacek pspa...@redhat.com wrote:
Best way is to create subdomain UNIX.MYCOMPANY.COM and fill it with proper
SRV records (or let IPA to manage it).
Ugh, I hope this doesn't end up pushing us back to NIS.
If I can
On Wed, 2012-08-08 at 19:59 +0200, Petr Spacek wrote:
On 08/08/2012 07:27 PM, Rob Ogilvie wrote:
On Wed, Aug 8, 2012 at 9:06 AM, Petr Spacek pspa...@redhat.com wrote:
Best way is to create subdomain UNIX.MYCOMPANY.COM and fill it with proper
SRV records (or let IPA to manage it).
Ugh, I
So here's my plan, then... let me know if it seems like it'll make sense?
-I'm going to uninstall everything IPA from the IPA server
(ovm-auth.mycompany.com) after I unregister the client machines.
-I'm going to set up the IPA server with a new realm;
UNIX.MYCOMPANY.COM (do I need to have our
An interesting problem has popped up and I am not sure where the issue
lies. Users logging in are presented with cannot find name for user ID
etc. etc. for all groups they are a member of
id returns nothing but the numbers, and a getent passwd username
returns nothing, when running as the user.
On Wed, 2012-08-08 at 11:23 -0700, Rob Ogilvie wrote:
So here's my plan, then... let me know if it seems like it'll make sense?
-I'm going to uninstall everything IPA from the IPA server
(ovm-auth.mycompany.com) after I unregister the client machines.
-I'm going to set up the IPA server
On Wed, Aug 8, 2012 at 11:52 AM, Simo Sorce s...@redhat.com wrote:
On Wed, 2012-08-08 at 11:23 -0700, Rob Ogilvie wrote:
-I'm going to set up the IPA server with a new realm;
UNIX.MYCOMPANY.COM (do I need to have our DNS folks put an SRV record
up there for that? If so, what?)
If your
On Wed, 2012-08-08 at 12:16 -0700, Rob Ogilvie wrote:
On Wed, Aug 8, 2012 at 11:52 AM, Simo Sorce s...@redhat.com wrote:
On Wed, 2012-08-08 at 11:23 -0700, Rob Ogilvie wrote:
-I'm going to set up the IPA server with a new realm;
UNIX.MYCOMPANY.COM (do I need to have our DNS folks put an
On Wed, Aug 8, 2012 at 2:16 PM, Rob Ogilvie r...@axpr.net wrote:
On Wed, Aug 8, 2012 at 11:52 AM, Simo Sorce s...@redhat.com wrote:
On Wed, 2012-08-08 at 11:23 -0700, Rob Ogilvie wrote:
-I'm going to set up the IPA server with a new realm;
UNIX.MYCOMPANY.COM (do I need to have our DNS folks
Is there any way to completely reinitialize the Dogtag instance atomically?
My PKI-IPA directory looks like this:
ldapsearch -x -h localhost -p 7389 -D cn=directory manager -W -b 'o=ipaca'
'objectClass=*'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base o=ipaca with scope subtree
We had a rather severe issue last night on our primary IPA server(ver
2.2.0), but the replica is still happily plugging along, which very
nice. My question is, there is very, very little I can do with the
'master'. From what I've read, there ins't any replicaton, and I just
want to verify
On Wed, Aug 8, 2012 at 12:31 PM, Simo Sorce s...@redhat.com wrote:
Unlike AD we do not force all client to be positioned in the same DNS
zone, however if you have clients not belonging to the same DNS domain
you may have to change the krb5.conf file on all members of the realm to
add
Hi,
I lost my master so did a db2ldif on the replica and then a ldif2db on the
master and it seemed to work fine. Its been more stable than the replicas
which are on their 2nd rebuild in that many months...
:/
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University,
Hi
Is there anyway to use something like a hardware key with IPA for select users
(such as myself)?
So the idea is I not only have a password but a piece of hardware I need to
login to my secure desktop.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University,
On Wed, Aug 08, 2012 at 10:45:47AM -0800, Erinn Looney-Triggs wrote:
An interesting problem has popped up and I am not sure where the issue
lies. Users logging in are presented with cannot find name for user ID
etc. etc. for all groups they are a member of
id returns nothing but the numbers,
On 08/08/2012 01:11 PM, Jakub Hrozek wrote:
On Wed, Aug 08, 2012 at 10:45:47AM -0800, Erinn Looney-Triggs wrote:
An interesting problem has popped up and I am not sure where the issue
lies. Users logging in are presented with cannot find name for user ID
etc. etc. for all groups they are a
Steven Jones wrote:
Hi
Is there anyway to use something like a hardware key with IPA for select users
(such as myself)?
So the idea is I not only have a password but a piece of hardware I need to
login to my secure desktop.
We're looking into 2 factor auth but it isn't supported yet.
Rolf Brusletto wrote:
We had a rather severe issue last night on our primary IPA server(ver
2.2.0), but the replica is still happily plugging along, which very
nice. My question is, there is very, very little I can do with the
'master'. From what I've read, there ins't any replicaton, and I
Lucas Yamanishi wrote:
Is there any way to completely reinitialize the Dogtag instance atomically?
My PKI-IPA directory looks like this:
ldapsearch -x -h localhost -p 7389 -D cn=directory manager -W -b 'o=ipaca'
'objectClass=*'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base o=ipaca
Rich Megginson wrote:
On 08/03/2012 09:50 AM, Baptiste AGASSE wrote:
Hi,
Hi all,
i've a problem with winsync between ipa 2.2 on centos 6.3 and Active
directory 2008R2.
I'm following this documentation to enable synchronization:
I wouldn't even know what to look for.
/var/lib/dirsrv/slapd-PKI-IPA/error is like a debug log. All I can tell
you is that I ran ipa-csreplica-manage re-initialize --from master on
my replica, then on my master a few minutes later.
-
*question everything*learn something*answer nothing*
free...@noboost.org wrote:
Hi All,
NOTE: I posted this on the 389 forum, they rightly suggested this is
most likely and IPA issue.
Spec:
Redhat Enterprise Linux 6.3 x64
- ipa-server-2.2.0-16.el6.x86_64
- 389-ds-base-1.2.10.2-18.el6_3.x86_64
- 389-ds-base-libs-1.2.10.2-18.el6_3.x86_64
We had
26 matches
Mail list logo
