Re: [Freeipa-users] NetApp Filer with IPA?

2011-12-12 Thread Simo Sorce
On Mon, 2011-12-12 at 19:34 +0100, Sigbjorn Lie wrote: > On 12/12/2011 04:18 PM, Simo Sorce wrote: > > On Mon, 2011-12-12 at 16:13 +0100, Sigbjorn Lie wrote: > >> On Mon, December 12, 2011 15:31, Simo Sorce wrote: > >>> On Mon, 2011-12-12 at 11:55 +0100, Sigbjorn Lie wrote: > >>> > options lda

Re: [Freeipa-users] Replica and CA mess

2011-12-12 Thread Rob Crittenden
Sigbjorn Lie wrote: On 12/03/2011 07:32 PM, Dmitri Pal wrote: On 11/28/2011 01:23 PM, Sigbjorn Lie wrote: HTTP Server: port 443(https) (443): OK All ports except 389 fails when the master is IPv6 enabled, but the replica is only IPv4 enabled. Directory Service: Unsecure port (389): OK Directo

Re: [Freeipa-users] NetApp Filer with IPA?

2011-12-12 Thread Sigbjorn Lie
On 12/12/2011 04:18 PM, Simo Sorce wrote: On Mon, 2011-12-12 at 16:13 +0100, Sigbjorn Lie wrote: On Mon, December 12, 2011 15:31, Simo Sorce wrote: On Mon, 2011-12-12 at 11:55 +0100, Sigbjorn Lie wrote: options ldap.name uid=s-netapp,cn=users,cn=accounts,dc=test,dc=local options ldap.passwd

Re: [Freeipa-users] NetApp Filer with IPA?

2011-12-12 Thread Ondrej Valousek
I wonder if the following simplified setup I am using with AD: ldap.ADdomainmydomain.com ldap.enable on ldap.nssmap.attribute.uniqueMember Member ldap.nssmap.objectClass.groupOfUniqueNames Group ldap.nssmap.objectClass.posixAccount User ldap.nssmap.objectClass.pos

Re: [Freeipa-users] NetApp Filer with IPA?

2011-12-12 Thread Simo Sorce
On Mon, 2011-12-12 at 16:13 +0100, Sigbjorn Lie wrote: > On Mon, December 12, 2011 15:31, Simo Sorce wrote: > > On Mon, 2011-12-12 at 11:55 +0100, Sigbjorn Lie wrote: > > > >> options ldap.name uid=s-netapp,cn=users,cn=accounts,dc=test,dc=local > >> options ldap.passwd > >> passwordforbinduser > >

Re: [Freeipa-users] NetApp Filer with IPA?

2011-12-12 Thread Sigbjorn Lie
On Mon, December 12, 2011 15:31, Simo Sorce wrote: > On Mon, 2011-12-12 at 11:55 +0100, Sigbjorn Lie wrote: > >> options ldap.name uid=s-netapp,cn=users,cn=accounts,dc=test,dc=local options >> ldap.passwd >> passwordforbinduser > > If you need a special user you can avoid polluting the normal user

Re: [Freeipa-users] NetApp Filer with IPA?

2011-12-12 Thread Simo Sorce
On Mon, 2011-12-12 at 11:55 +0100, Sigbjorn Lie wrote: > options ldap.name uid=s-netapp,cn=users,cn=accounts,dc=test,dc=local > options ldap.passwd passwordforbinduser If you need a special user you can avoid polluting the normal user space by creating a user under cn=sysaccounts,cn=etc,suffix..

Re: [Freeipa-users] NetApp Filer with IPA?

2011-12-12 Thread Sigbjorn Lie
Hi, I've used OnTAP 7.3.3 with IPA. Using LDAP lookups for users/groups and netgroups so far, using autenticated connections to the IPA LDAP server. Have not been able to get LDAPS working yet. I still have kerberos for NFSv4 left to configure. I used the following OnTAP config: options ldap.

Re: [Freeipa-users] sssd in Ubuntu

2011-12-12 Thread Jakub Hrozek
On Sun, Dec 11, 2011 at 11:49:46PM +0100, Sigbjorn Lie wrote: > On the other hand, even though looking up users, groups and > netgroups seem fine, I cannot log in. Neither at the console, su, or > ssh. Was there an issue with HBAC rules in SSSD 1.5.13 ? > > Dec 11 21:13:32 mint12 su[6769]: pam_sss