date:20161005

[Freeipa-users] Question about removed replica, take two

2016-10-05 Thread John Desantis

Hello all (again), I think my reference to a disease prevented my message from being delivered, despite seeing it posted on the list archive. I apologize in advance for the additional "noise". Anyways, I was hoping some lingering questions could be answered regarding some visible entries via

[Freeipa-users] Novice question: can client hostname be in a different DNS domain than the IPA service?

2016-10-05 Thread Chris Dagdigian

Hi folks, Working on a hairy multiple AD Forest integration issue in AWS and would appreciate a sanity check - I've been wrong so many times about IPA setup and navigating transitive AD trusts so many times I figured it was time to ask questions first before falling on my face again, heh.

Re: [Freeipa-users] Question about removed replica, take two

2016-10-05 Thread Ludwig Krispenz

Hi, the RUV in the replication agreement is maintained to control changelog trimming, no changes should be deleted from the changelog which have not been seen by all consumers. Since not always a connection for a replication agreement can be established, eg if the consumer is down, this

Re: [Freeipa-users] Novice question: can client hostname be in a different DNS domain than the IPA service?

2016-10-05 Thread Alexander Bokovoy

On ke, 05 loka 2016, Chris Dagdigian wrote: Hi folks, Working on a hairy multiple AD Forest integration issue in AWS and would appreciate a sanity check - I've been wrong so many times about IPA setup and navigating transitive AD trusts so many times I figured it was time to ask questions

Re: [Freeipa-users] Novice question: can client hostname be in a different DNS domain than the IPA service?

2016-10-05 Thread Chris Dagdigian

Alexander Bokovoy wrote: You need to read this: http://www.freeipa.org/page/V4/IPA_Client_in_Active_Directory_DNS_domain to understand all limitations and problems. This is technical description. For higher level, see http://rhelblog.redhat.com/2016/07/13/i-really-cant-rename-my-hosts/ Thank

Re: [Freeipa-users] Debugging SSH password-based authentication when IPA client is in a different DNS domain

2016-10-05 Thread Alexander Bokovoy

On ke, 05 loka 2016, Chris Dagdigian wrote: Hello again, Following up on an early query about configuring IPA clients that are in different DNS domains than the IPA server domain & realm This is our setup: AD Servers & IPA: AD Forest #1: company-test.org AD Forest

[Freeipa-users] Debugging SSH password-based authentication when IPA client is in a different DNS domain

2016-10-05 Thread Chris Dagdigian

Hello again, Following up on an early query about configuring IPA clients that are in different DNS domains than the IPA server domain & realm This is our setup: AD Servers & IPA: AD Forest #1: company-test.org AD Forest #2: company-aws.org IPA Server:

Re: [Freeipa-users] Debugging SSH password-based authentication when IPA client is in a different DNS domain

2016-10-05 Thread Chris Dagdigian

Alexander Bokovoy wrote: As http://www.freeipa.org/page/V4/IPA_Client_in_Active_Directory_DNS_domain explains, you need to have proper mapping of domains to realms and have proper definitions for those realms. We don't see your krb5.conf, so if it deviates from what the wiki describes, you

Re: [Freeipa-users] Question about removed replica, take two

2016-10-05 Thread John Desantis

Ludwig, Thank you! John DeSantis 2016-10-05 10:43 GMT-04:00 Ludwig Krispenz : > Hi, > > the RUV in the replication agreement is maintained to control changelog > trimming, no changes should be deleted from the changelog which have not > been seen by all consumers. Since not

Re: [Freeipa-users] Debugging SSH password-based authentication when IPA client is in a different DNS domain

2016-10-05 Thread Alexander Bokovoy

On ke, 05 loka 2016, Chris Dagdigian wrote: Alexander Bokovoy wrote: As http://www.freeipa.org/page/V4/IPA_Client_in_Active_Directory_DNS_domain explains, you need to have proper mapping of domains to realms and have proper definitions for those realms. We don't see your krb5.conf, so if it

Re: [Freeipa-users] Debugging SSH password-based authentication when IPA client is in a different DNS domain

2016-10-05 Thread Chris Dagdigian

Alexander Bokovoy wrote: you don't have explicit definition for the AD realms and you don't allow Kerberos to discover neither realms nor their KDCs via DNS SRV records. The latter happened because you have used --server option when configuring the client -- man page for ipa-client-install has

[Freeipa-users] Question about removed replica, take two

[Freeipa-users] Novice question: can client hostname be in a different DNS domain than the IPA service?

Re: [Freeipa-users] Question about removed replica, take two

Re: [Freeipa-users] Novice question: can client hostname be in a different DNS domain than the IPA service?

Re: [Freeipa-users] Novice question: can client hostname be in a different DNS domain than the IPA service?

Re: [Freeipa-users] Debugging SSH password-based authentication when IPA client is in a different DNS domain

[Freeipa-users] Debugging SSH password-based authentication when IPA client is in a different DNS domain

Re: [Freeipa-users] Debugging SSH password-based authentication when IPA client is in a different DNS domain

Re: [Freeipa-users] Question about removed replica, take two

Re: [Freeipa-users] Debugging SSH password-based authentication when IPA client is in a different DNS domain

Re: [Freeipa-users] Debugging SSH password-based authentication when IPA client is in a different DNS domain

11 matches

Site Navigation

Mail list logo

Footer information