hi! Anyone out there gotten Dynamic DNS freeipa-managed DNS server?
I've been trying for days following instructions from various freeipa
and redhat docs! I've set up keytabs, set up /etc/rndc.key, set
Dynamic update to True and put the following in my BIND update policy:
grant
Hi Guy!
I've been working with this recently - maybe I can help.
Have you enrolled the ipadevmstr.collmedia.net as a service with `ipa
service-add DNS/ipadevmstr.collmedia.net`? On the client, can you `kinit -kt
$dnskeytab -p DNS/ipadevmstr.collmedia.net` just fine? You'll have to kinit
Anyone have any suggestions to using the auto member function in IPA? I've
tried to set it up so if a server is enrolled by a user called build then it
should add it to a specific server group. I put in an inclusive rule and the
expression is just build, but it doesn't work. Do I need to
Hi
I don't know if anyone has tried what I want to do, I really just want to
know if it's possible at the moment. A few pointers to any information
would be helpful too!
I have an existing FreeIPA server running on a CentOS machine. It is used
to authenticate all users on the network. This works
On Tue, 30 Apr 2013, Simon Williams wrote:
Hi
I don't know if anyone has tried what I want to do, I really just want to
know if it's possible at the moment. A few pointers to any information
would be helpful too!
Short answer: not possible right now if by 'Samba 4' you mean Samba AD DC.
I
On Apr 30, 2013, at 9:30 AM, John Moyer
john.mo...@digitalreasoning.commailto:john.mo...@digitalreasoning.com wrote:
Anyone have any suggestions to using the auto member function in IPA? I've
tried to set it up so if a server is enrolled by a user called build then it
should add it to a
On Tue, 2013-04-30 at 12:08 -0400, Guy Matz wrote:
hi! Anyone out there gotten Dynamic DNS freeipa-managed DNS server?
I've been trying for days following instructions from various freeipa
and redhat docs! I've set up keytabs, set up /etc/rndc.key, set
Dynamic update to True and put the
Yep, enrolledby is what I'm using, but I have been adding them manually since
it hasn't been working.
Thanks,
_
John Moyer
On Apr 30, 2013, at 1:21 PM, JR Aquino jr.aqu...@citrix.com wrote:
On Apr 30, 2013, at 9:30 AM, John Moyer
I have a small FreeIPA 3.1 installation on Fedora 18. I thought it might
be useful to try to upgrade it to FreeIPA 3.2 on Fedora 19 before I
tried to rebuild it from scratch, as I imagined larger installations
would not be able to rebuild. I thought the test cases for FreeIPA Test
Day might have
One thing to add is that this build user only has the following access:
Host Administrators
Host enrollment
Would he need more access to do the membership? My original thought was that
technically the user is not doing the addition to the group it's the system
technically doing it so there
On Apr 30, 2013, at 10:43 AM, John Moyer john.mo...@digitalreasoning.com
wrote:
One thing to add is that this build user only has the following access:
Host Administrators
Host enrollment
Would he need more access to do the membership? My original thought was that
technically the
Not a problem, here is the output
ipa automember-find --type=hostgroup
---
1 rules matched
---
Automember Rule: test-group
Inclusive Regex: enrolledby=build
Number of entries returned 1
Thanks,
On 04/30/2013 10:48 AM, JR Aquino wrote:
On Apr 30, 2013, at 10:43 AM, John Moyer john.mo...@digitalreasoning.com
wrote:
One thing to add is that this build user only has the following access:
Host Administrators
Host enrollment
Would he need more access to do the membership? My original
On Apr 30, 2013, at 10:52 AM, John Moyer john.mo...@digitalreasoning.com
wrote:
Not a problem, here is the output
ipa automember-find --type=hostgroup
---
1 rules matched
---
Automember Rule: test-group
Inclusive Regex: enrolledby=build
It comes back with a ton of stuff the row you are probably interested in is
this one:
enrolledby: uid=build,cn=users,cn=accounts,dc=example,dc=com
Thanks,
_
John Moyer
On Apr 30, 2013, at 1:57 PM, JR Aquino jr.aqu...@citrix.com wrote:
On
On Apr 30, 2013, at 11:02 AM, John Moyer john.mo...@digitalreasoning.com
wrote:
It comes back with a ton of stuff the row you are probably interested in is
this one:
enrolledby: uid=build,cn=users,cn=accounts,dc=example,dc=com
Bingo!
Ok, try to adjust your automember rule.
Delete your
On Tue, 30 Apr 2013, Dean Hunter wrote:
I have a small FreeIPA 3.1 installation on Fedora 18. I thought it might
be useful to try to upgrade it to FreeIPA 3.2 on Fedora 19 before I
tried to rebuild it from scratch, as I imagined larger installations
would not be able to rebuild. I thought the
Dean Hunter wrote:
I have a small FreeIPA 3.1 installation on Fedora 18. I thought it might
be useful to try to upgrade it to FreeIPA 3.2 on Fedora 19 before I
tried to rebuild it from scratch, as I imagined larger installations
would not be able to rebuild. I thought the test cases for FreeIPA
I tried adding it in addition to the current rule and that didn't work. I then
deleted the old rule to only leave the rule with the full name
(uid=build,cn=users,cn=accounts,dc=example,dc=com) and that didn't work either.
This is the new output of that command you had me run earlier:
ipa
On Apr 30, 2013, at 11:12 AM, John Moyer john.mo...@digitalreasoning.com
wrote:
I tried adding it in addition to the current rule and that didn't work. I
then deleted the old rule to only leave the rule with the full name
(uid=build,cn=users,cn=accounts,dc=example,dc=com) and that didn't
That is actually pretty good news. The real requirement is network storage for
the Windows workstations secured by FreeIPA authentication. If I read what
you’ve said correctly this is possible now. I can live with the magical
incantations to enrol any new Windows machines for now. There are
On Apr 30, 2013, at 11:23 AM, John Moyer john.mo...@digitalreasoning.com
wrote:
Ha! I tried .*build and build.* before contacting you guys, I didn't try
.*build.*
That worked, it automatically added the machine to the group!
Thanks! That will save me s much time!
Not a
On 04/30/2013 02:17 PM, JR Aquino wrote:
On Apr 30, 2013, at 11:12 AM, John Moyer john.mo...@digitalreasoning.com
wrote:
I tried adding it in addition to the current rule and that didn't work. I
then deleted the old rule to only leave the rule with the full name
On Tue, 30 Apr 2013, simon.willi...@thehelpfulcat.com wrote:
That is actually pretty good news. The real requirement is network
storage for the Windows workstations secured by FreeIPA authentication.
If I read what you’ve said correctly this is possible now. I can live
with the magical
On Tue, 30 Apr 2013, Alexander Bokovoy wrote:
On Tue, 30 Apr 2013, simon.willi...@thehelpfulcat.com wrote:
That is actually pretty good news. The real requirement is network
storage for the Windows workstations secured by FreeIPA authentication.
If I read what you’ve said correctly this is
So I must have looked at the wrong server name, I just tried to add 4 more
servers and none of them worked. Anymore ideas? The target is specified by
the rule name test-group is the target.
Thanks,
_
John Moyer
On Apr 30, 2013, at
I've got about 30mins before I get into my next meeting.
Are you able to hop into IRC in Freenode to work in realtime on #freeipa?
Keeping your head in the cloud
~
Jr Aquino | Sr. Information Security Specialist
GXPN | GIAC Exploit Researcher and Advanced
On Tue, 30 Apr 2013, Alexander Bokovoy wrote:
On Tue, 30 Apr 2013, Alexander Bokovoy wrote:
On Tue, 30 Apr 2013, simon.willi...@thehelpfulcat.com wrote:
That is actually pretty good news. The real requirement is network
storage for the Windows workstations secured by FreeIPA authentication.
Thanks for all your help. I'll give it a go and see how far I get.
On 30 Apr 2013 19:37, Alexander Bokovoy aboko...@redhat.com wrote:
On Tue, 30 Apr 2013,
simon.williams@thehelpfulcat.**comsimon.willi...@thehelpfulcat.comwrote:
That is actually pretty good news. The real requirement is
On Tue, 30 Apr 2013, Simo Sorce wrote:
On Tue, 2013-04-30 at 22:37 +0300, Alexander Bokovoy wrote:
We need to add some smart logic to ipasam module to handle it.
The logic for trusted users needs to go into winbindd or sssd, ipasam is
only about our own domain.
In SSSD 1.10 there is new SID
30 matches
Mail list logo
