On Thu, 07 May 2015, Christoph Kaminski wrote:
I am curious however. I have been running OpenLDAP configs with 20 or
more servers in replication for over 5 years. In all that time, I think
I have had replication issues 5 times. In the 6 months of working with
FreeIPA, replication issues are
Hi all,
One of the nice FreeIPA features is a host will be added to DNS
automatically when the client is installed. However, in some situations
using an other, external, DNS server is prefered. Now, this is possible but
hosts have to added manually to this other DNS-server.
Is it possible to
On 05/07/2015 10:46 AM, Christoph Kaminski wrote:
I am curious however. I have been running OpenLDAP configs with 20 or
more servers in replication for over 5 years. In all that time, I think
I have had replication issues 5 times. In the 6 months of working with
FreeIPA, replication issues
On 06/05/15 22:28, Andrey Ptashnik wrote:
Hello Team,
We are hosting a few servers at Amazon and using their Elastic Load
Balancing service that gives us a link to a load balancer in the
following format:
webserver-1234567890.us-east-1.elb.amazonaws.com
I was looking for a ways to
On Thu, 07 May 2015, box 31978 wrote:
Hello Alexander,
Thank you very much for your answers!
If Windows client is not a part of the domain, there is no SSO and no
Kerberos. Windows client will attempt using NTLMSSP authentication.
...
Right now -- yes. You are saying you've following
On 05/07/2015 05:39 AM, Janelle wrote:
On 5/6/15 8:12 PM, Vaclav Adamec wrote:
Hi,
Mike Reynolds recommend cleanallruv script (IPA RUV unable to decode
thread), if you are sure that's not any live replica server behind
this id than just try cleanallruv.pl -w X -b dc= -r 9
Vasek
On
On 7.5.2015 09:31, Winfried de Heiden wrote:
Hi all,
One of the nice FreeIPA features is a host will be added to DNS
automatically when the client is installed. However, in some situations
using an other, external, DNS server is prefered. Now, this is possible but
hosts have to added
I'm having an issue where user's can't use sudo commands on ipa client
hosts. I previously thought my issues with sudo were related to the
type of commands, but I've narrowed it down to an issue with using
host groups in the sudo rule access list instead of listing the hosts
directly. When I use
On Wed, May 06, 2015 at 11:15:15AM -0700, nat...@nathanpeters.com wrote:
Ok, I have attempted to set this up by adding the AD domain to my
configuration and it still isn't working.
I just want to confirm what I'm trying to accomplish here before I list
what I've done to troubleshoot this.
Dmitri Pal wrote:
On 05/07/2015 03:07 PM, Megan . wrote:
I'm having an issue where user's can't use sudo commands on ipa client
hosts. I previously thought my issues with sudo were related to the
type of commands, but I've narrowed it down to an issue with using
host groups in the sudo rule
Hello Alexander,
Thank you very much for your answers!
If Windows client is not a part of the domain, there is no SSO and no
Kerberos. Windows client will attempt using NTLMSSP authentication.
...
Right now -- yes. You are saying you've following FreeIPA's Samba
integration guide which I
On Thu, 2015-05-07 at 17:01 +0300, Alexander Bokovoy wrote:
On Thu, 07 May 2015, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Thu, 07 May 2015, Jan Pazdziora wrote:
Hello,
I try to test renaming of user objects. I start with user bob and I'm
able to kinit just fine:
#
On 05/07/2015 03:07 PM, Megan . wrote:
I'm having an issue where user's can't use sudo commands on ipa client
hosts. I previously thought my issues with sudo were related to the
type of commands, but I've narrowed it down to an issue with using
host groups in the sudo rule access list instead
Hello Chris,
And thank you too for your answers!
Our end users use a mix of Windows and OSX laptops / workstations.
These
are not members of any kind of domain. They access our file servers via
Samba shares authenticated by freeIPA.
The samba server is a freeIPA client.
The
Hi Alexander,
Thank you very much for all that precious information.
SSSD can but you need Samba to be aware of these things because Samba
needs way more than just passwords. FreeIPA uses different LDAP schema
for the additional attributes compared to what standard Samba PASSDB
On the server I am running CentOS release 6.6 (Final) with:
sssd-ipa-1.11.6-30.el6_6.4.x86_64
ipa-server-3.0.0-42.el6.centos.x86_64
sudo-1.8.6p3-15.el6.x86_64
On the clients I'm running CentOS release 6.6 (Final):
sssd-ipa-1.11.6-30.el6_6.4.x86_64
ipa-client-3.0.0-42.el6.centos.x86_64
Megan . wrote:
Thank you for the link. I had the nisdomainname set to the hostname
of the directory server. I changed it to the domain (example.com
instead of dir1.example.com) and that seems to have corrected my
issue. Thank you so much!
I have it set in /etc/rc.d/rc.local so that it
Hello,
I try to test renaming of user objects. I start with user bob and I'm
able to kinit just fine:
# echo BobPassword123 | kinit bob
Password for b...@example.test:
#
I then rename the user:
# echo Password123 | kinit admin
Password for
On Thu, 07 May 2015, Jan Pazdziora wrote:
Hello,
I try to test renaming of user objects. I start with user bob and I'm
able to kinit just fine:
# echo BobPassword123 | kinit bob
Password for b...@example.test:
#
I then rename the user:
# echo Password123 |
Alexander Bokovoy wrote:
On Thu, 07 May 2015, Jan Pazdziora wrote:
Hello,
I try to test renaming of user objects. I start with user bob and I'm
able to kinit just fine:
# echo BobPassword123 | kinit bob
Password for b...@example.test:
#
I then rename the user:
# echo
On 05/06/2015 12:14 AM, Nathan Peters wrote:
From this link :
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/active-directory-trust.html#comp-trust-krb
The diagram in that section shows the client communicating with
FreeIPA and
By coincidence I posted a very similar question yesterday -
https://www.redhat.com/archives/freeipa-users/2015-May/msg00103.html.
+1 for the necessary support for out-of-domain Windows clients and NTLMSSP.
Is there a time-table for this?
Thanks,
Dylan.
On 7 May 2015 at 08:48, Alexander
On Wed, May 06, 2015 at 11:15:15AM -0700, nat...@nathanpeters.com wrote:
Ok, I have attempted to set this up by adding the AD domain to my
configuration and it still isn't working.
I just want to confirm what I'm trying to accomplish here before I list
what I've done to troubleshoot this.
On 07/05/15 18:30, Andrey Ptashnik wrote:
Hi Martin,
Thank you for a catch! I just noticed that I was missing the dot you
mentioned!
Regards,
Andrey
From: Martin Basti mba...@redhat.com mailto:mba...@redhat.com
Date: Thursday, May 7, 2015 at 2:37 AM
To: Andrey Ptashnik aptash...@cccis.com
Hi Martin,
Thank you for a catch! I just noticed that I was missing the dot you mentioned!
Regards,
Andrey
From: Martin Basti mba...@redhat.commailto:mba...@redhat.com
Date: Thursday, May 7, 2015 at 2:37 AM
To: Andrey Ptashnik aptash...@cccis.commailto:aptash...@cccis.com,
On 05/07/2015 04:37 AM, Petr Spacek wrote:
On 7.5.2015 09:31, Winfried de Heiden wrote:
Hi all,
One of the nice FreeIPA features is a host will be added to DNS
automatically when the client is installed. However, in some situations
using an other, external, DNS server is prefered. Now, this
26 matches
Mail list logo