hi! Anyone out there gotten Dynamic DNS freeipa-managed DNS server?
I've been trying for days following instructions from various freeipa
and redhat docs! I've set up keytabs, set up /etc/rndc.key, set
Dynamic update to True and put the following in my BIND update policy:
grant host\047fore
Hi Guy!
I've been working with this recently - maybe I can help.
Have you enrolled the ipadevmstr.collmedia.net as a service with `ipa
service-add DNS/ipadevmstr.collmedia.net`? On the client, can you `kinit -kt
$dnskeytab -p DNS/ipadevmstr.collmedia.net` just fine? You'll have to kinit
be
Anyone have any suggestions to using the auto member function in IPA? I've
tried to set it up so if a server is enrolled by a user called "build" then it
should add it to a specific server group. I put in an inclusive rule and the
expression is just "build", but it doesn't work. Do I need to
Hi
I don't know if anyone has tried what I want to do, I really just want to
know if it's possible at the moment. A few pointers to any information
would be helpful too!
I have an existing FreeIPA server running on a CentOS machine. It is used
to authenticate all users on the network. This works
On Tue, 30 Apr 2013, Simon Williams wrote:
Hi
I don't know if anyone has tried what I want to do, I really just want to
know if it's possible at the moment. A few pointers to any information
would be helpful too!
Short answer: not possible right now if by 'Samba 4' you mean Samba AD DC.
I hav
On Apr 30, 2013, at 9:30 AM, John Moyer
mailto:john.mo...@digitalreasoning.com>> wrote:
Anyone have any suggestions to using the auto member function in IPA? I've
tried to set it up so if a server is enrolled by a user called "build" then it
should add it to a specific server group. I put i
On Tue, 2013-04-30 at 12:08 -0400, Guy Matz wrote:
> hi! Anyone out there gotten Dynamic DNS freeipa-managed DNS server?
> I've been trying for days following instructions from various freeipa
> and redhat docs! I've set up keytabs, set up /etc/rndc.key, set
> Dynamic update to True and put
Yep, enrolledby is what I'm using, but I have been adding them manually since
it hasn't been working.
Thanks,
_
John Moyer
On Apr 30, 2013, at 1:21 PM, JR Aquino wrote:
>
> On Apr 30, 2013, at 9:30 AM, John Moyer
> mailto:john.mo...@digit
I have a small FreeIPA 3.1 installation on Fedora 18. I thought it might
be useful to try to upgrade it to FreeIPA 3.2 on Fedora 19 before I
tried to rebuild it from scratch, as I imagined larger installations
would not be able to rebuild. I thought the test cases for FreeIPA Test
Day might have in
One thing to add is that this build user only has the following access:
Host Administrators
Host enrollment
Would he need more access to do the membership? My original thought was that
technically the user is not doing the addition to the group it's the system
technically doing it so there s
On Apr 30, 2013, at 10:43 AM, John Moyer
wrote:
> One thing to add is that this build user only has the following access:
>
> Host Administrators
> Host enrollment
>
> Would he need more access to do the membership? My original thought was that
> technically the user is not doing the addit
Not a problem, here is the output
ipa automember-find --type=hostgroup
---
1 rules matched
---
Automember Rule: test-group
Inclusive Regex: enrolledby=build
Number of entries returned 1
Thanks,
__
On 04/30/2013 10:48 AM, JR Aquino wrote:
On Apr 30, 2013, at 10:43 AM, John Moyer
wrote:
One thing to add is that this build user only has the following access:
Host Administrators
Host enrollment
Would he need more access to do the membership? My original thought was that
technically th
On Apr 30, 2013, at 10:52 AM, John Moyer
wrote:
> Not a problem, here is the output
>
> ipa automember-find --type=hostgroup
> ---
> 1 rules matched
> ---
> Automember Rule: test-group
> Inclusive Regex: enrolledby=build
>
> Number of entri
It comes back with a ton of stuff the row you are probably interested in is
this one:
enrolledby: uid=build,cn=users,cn=accounts,dc=example,dc=com
Thanks,
_
John Moyer
On Apr 30, 2013, at 1:57 PM, JR Aquino wrote:
> On Apr 30, 2013, at 10
On Apr 30, 2013, at 11:02 AM, John Moyer
wrote:
> It comes back with a ton of stuff the row you are probably interested in is
> this one:
>
> enrolledby: uid=build,cn=users,cn=accounts,dc=example,dc=com
Bingo!
Ok, try to adjust your automember rule.
Delete your previous inclusive regex, an
On Tue, 30 Apr 2013, Dean Hunter wrote:
I have a small FreeIPA 3.1 installation on Fedora 18. I thought it might
be useful to try to upgrade it to FreeIPA 3.2 on Fedora 19 before I
tried to rebuild it from scratch, as I imagined larger installations
would not be able to rebuild. I thought the tes
Dean Hunter wrote:
I have a small FreeIPA 3.1 installation on Fedora 18. I thought it might
be useful to try to upgrade it to FreeIPA 3.2 on Fedora 19 before I
tried to rebuild it from scratch, as I imagined larger installations
would not be able to rebuild. I thought the test cases for FreeIPA T
I tried adding it in addition to the current rule and that didn't work. I then
deleted the old rule to only leave the rule with the full name
(uid=build,cn=users,cn=accounts,dc=example,dc=com) and that didn't work either.
This is the new output of that command you had me run earlier:
ipa auto
On Apr 30, 2013, at 11:12 AM, John Moyer
wrote:
> I tried adding it in addition to the current rule and that didn't work. I
> then deleted the old rule to only leave the rule with the full name
> (uid=build,cn=users,cn=accounts,dc=example,dc=com) and that didn't work
> either.
>
> This is t
That is actually pretty good news. The real requirement is network storage for
the Windows workstations secured by FreeIPA authentication. If I read what
you’ve said correctly this is possible now. I can live with the magical
incantations to enrol any new Windows machines for now. There are
Ha! I tried .*build and build.* before contacting you guys, I didn't try
.*build.*
That worked, it automatically added the machine to the group!
Thanks! That will save me s much time!
Thanks,
_
John Moyer
On Apr 30, 2013, at 2
On Apr 30, 2013, at 11:23 AM, John Moyer
wrote:
> Ha! I tried .*build and build.* before contacting you guys, I didn't try
> .*build.*
>
> That worked, it automatically added the machine to the group!
>
> Thanks! That will save me s much time!
>
Not a problem John, thanks for y
On 04/30/2013 02:17 PM, JR Aquino wrote:
> On Apr 30, 2013, at 11:12 AM, John Moyer
> wrote:
>
>> I tried adding it in addition to the current rule and that didn't work. I
>> then deleted the old rule to only leave the rule with the full name
>> (uid=build,cn=users,cn=accounts,dc=example,dc=co
On Tue, 30 Apr 2013, simon.willi...@thehelpfulcat.com wrote:
That is actually pretty good news. The real requirement is network
storage for the Windows workstations secured by FreeIPA authentication.
If I read what you’ve said correctly this is possible now. I can live
with the magical incantat
On Tue, 30 Apr 2013, Alexander Bokovoy wrote:
On Tue, 30 Apr 2013, simon.willi...@thehelpfulcat.com wrote:
That is actually pretty good news. The real requirement is network
storage for the Windows workstations secured by FreeIPA authentication.
If I read what you’ve said correctly this is poss
So I must have looked at the wrong server name, I just tried to add 4 more
servers and none of them worked. Anymore ideas? The target is specified by
the rule name test-group is the target.
Thanks,
_
John Moyer
On Apr 30, 2013, at 2:25
I've got about 30mins before I get into my next meeting.
Are you able to hop into IRC in Freenode to work in realtime on #freeipa?
"Keeping your head in the cloud"
~
Jr Aquino | Sr. Information Security Specialist
GXPN | GIAC Exploit Researcher and Advanced Pen
On Tue, 30 Apr 2013, Alexander Bokovoy wrote:
On Tue, 30 Apr 2013, Alexander Bokovoy wrote:
On Tue, 30 Apr 2013, simon.willi...@thehelpfulcat.com wrote:
That is actually pretty good news. The real requirement is network
storage for the Windows workstations secured by FreeIPA authentication.
If
On Tue, 2013-04-30 at 22:37 +0300, Alexander Bokovoy wrote:
>
> We need to add some smart logic to ipasam module to handle it.
>
The logic for trusted users needs to go into winbindd or sssd, ipasam is
only about our own domain.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
__
Thanks for all your help. I'll give it a go and see how far I get.
On 30 Apr 2013 19:37, "Alexander Bokovoy" wrote:
> On Tue, 30 Apr 2013,
> simon.williams@thehelpfulcat.**comwrote:
>
>> That is actually pretty good news. The real requirement is network
>> storage for the Windows workstations s
On Tue, 30 Apr 2013, Simo Sorce wrote:
On Tue, 2013-04-30 at 22:37 +0300, Alexander Bokovoy wrote:
We need to add some smart logic to ipasam module to handle it.
The logic for trusted users needs to go into winbindd or sssd, ipasam is
only about our own domain.
In SSSD 1.10 there is new SID
32 matches
Mail list logo
