On Tue, Mar 26, 2013 at 07:05:20PM -0400, Rob Crittenden wrote:
David Redmond wrote:
Hi,
I've setup FreeIPA for the first time and am using it successfully with
Linux and Solaris 10 clients. On 8 separate Solaris 9 clients I'm
running into an issue where 'kinit USER', for any user, fails
The FreeIPA team is proud to announce bind-dyndb-ldap version 2.6.
It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/.
The new version has also been built for Fedora 18 and is on its way to
updates-testing:
On 03/27/2013 02:11 AM, David Redmond wrote:
Hi again,
I've got a bit more information. I've found that I can successfully kinit on
the Solaris 9 clients if, on the server, I change the user's password by:
ipa-getkeytab -s SERVER -p USER@REALM -k krb5.keytab -P
This works even if I
On Wed, Mar 27, 2013 at 10:44:53AM +0100, Martin Kosek wrote:
On 03/27/2013 02:11 AM, David Redmond wrote:
Hi again,
I've got a bit more information. I've found that I can successfully kinit on
the Solaris 9 clients if, on the server, I change the user's password by:
ipa-getkeytab
On Wed, 2013-03-27 at 12:23 +0100, Sumit Bose wrote:
I did (as admin@REALM user). But we hardcode root/admin@REALM if
this is
administrative change:
ipapwd_chpwop():
...
if (pwdata.changetype == IPA_CHANGETYPE_NORMAL) {
principal =
Hello,
I'm trying to point a Solaris 10 server to use IPA as it's NIS Server.
The Solaris 10 server has no issues communicating with IPA but it can only see
a few maps (Users, Groups).
Looking at the documentation it says you can add entries so I tried to for
Hosts but I can't get ypcat hosts
On Wed, Mar 27, 2013 at 11:07:44AM -0400, Joseph, Matthew (EXP) wrote:
Here is the entry that is in dse.ldif:
Dn= nis-domain=domain.ca+nis-map=hosts.byname,CN=NIS
Server,cn=plugin,cn=config
objectClass: top
objectClass: extensibleObject
nis-map: hosts.byname
nis=base:
I run the ipa-getkeytab command as the user I'm changing the password for.
New info: On the server, in my /etc/krb5.conf file I have
allow_weak_crypto = true. If I remove that from the file, changing the
password via ipa-getkeytab no longer works. The kinit command on the
Solaris client results
I didn't ask to run ipa-getkeytab,
can you do the following:
1. login to a linux client
2. change the user password as an admin
3. kinit as the user (and perform the password change as it will be
requested)
4. go to the solaris box and now try the kinit using the new password
Does step 4 work if
I've done 1,2,3 many times. 4 always fails.
I realize you didn't ask for the info about allow_weak_crypto. I included
it because it seems to me that it's a telling bit of info.
On Wed, Mar 27, 2013 at 9:50 AM, Simo Sorce s...@redhat.com wrote:
I didn't ask to run ipa-getkeytab,
can you do the
On Wed, 2013-03-27 at 09:56 -0700, David Redmond wrote:
I've done 1,2,3 many times. 4 always fails.
I realize you didn't ask for the info about allow_weak_crypto. I
included it because it seems to me that it's a telling bit of info.
Ok can you run klist -e -kt file.keytab on the keytab you
On Wed, Mar 27, 2013 at 01:42:58PM -0400, Joseph, Matthew (EXP) wrote:
Hey Nalin,
Sorry typo on my part. It does say nis-base.
Alright then. The next thing to check is if the directory entries the
plugin's finding have data that the plugin expects to use to create
entries in the NIS map.
Hey Nalin,
Sorry typo on my part. It does say nis-base.
-Original Message-
From: Nalin Dahyabhai [mailto:na...@redhat.com]
Sent: Wednesday, March 27, 2013 12:57 PM
To: Joseph, Matthew (EXP)
Cc: freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] IPA - NIS Compatability
On
13 matches
Mail list logo