Yes I'd missed this,
echo nisdomainname ods.vuw.ac.nz /etc/rc.d/rc.local
Is it not possible to automate this (sudo setup) more in the
ipa-client-install ? control whether you want it via a sudo_enable=yes or no
somewhere?
Ive added it to my kickstart for now so my sudo setup is
Hi everyone,
Is it possible to create a cross domain trust between two IPA servers? I
would have thought FreeIPA would have dealt with this use case first rather
than jump directly into integrating with AD.
The reason for this is because your more likely to have satellite sites of
Redhat servers
On Tue, 2012-08-07 at 14:54 +0100, Johnathan Phan wrote:
Hi everyone,
Is it possible to create a cross domain trust between two IPA servers?
I would have thought FreeIPA would have dealt with this use case first
rather than jump directly into integrating with AD.
Not yet, the reason we
I have an unusual situation. Our DBAs want different passwords for
the oracle account
on production and development machines. I'm using local
authentication for oracle
on all the boxes, but they're also not allowed to log in directly as
oracle, only su, but
su always wants to go to ldap first.
On Tue, 2012-08-07 at 16:36 +0100, Johnathan Phan wrote:
Hi Simo,
This document here implies that this does it.
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/Setting_Up_Cross_Realm_Authentication.html#basic-trust
This document do not apply to
I've figured this out on AIX. If anyone googles this later:
in /etc/security/user
the default: stanza needs to have:
system = compat or KRB5ALXAP or LDAP
instead of:
SYSTEM = KRB5ALXAP or LDAP or compat
It could probably be done other ways (using PAM,) but this was easiest for now.
On Tue,
I suspect I'm SOL on this one, but I'd like confirmation.
We have two servers in an HA cluster:
source:
sla710ph1.unix.magellanhealth.com
target:
slahat01.unix.magellanhealth.com
and a service name of:
sla710ph.unix.magellanhealth.com
The service name will float between the HA source and
Good Afternoon,
I'm testing FreeIPA for a proof-of-concept replacement of NIS on OEL 6.3
(RHEL 6.3). I followed the guide to set up the FreeIPA server, and it
seems to be working great on the IPA server itself. I can ssh in as admin,
type my password, and I'm in.
I then have been struggling
On Tue, 2012-08-07 at 14:56 -0500, KodaK wrote:
I suspect I'm SOL on this one, but I'd like confirmation.
We have two servers in an HA cluster:
source:
sla710ph1.unix.magellanhealth.com
target:
slahat01.unix.magellanhealth.com
and a service name of:
On Tue, 2012-08-07 at 13:00 -0700, Rob Ogilvie wrote:
Good Afternoon,
I'm testing FreeIPA for a proof-of-concept replacement of NIS on OEL
6.3 (RHEL 6.3). I followed the guide to set up the FreeIPA server,
and it seems to be working great on the IPA server itself. I can ssh
in as admin,
On Tue, Aug 7, 2012 at 1:24 PM, Simo Sorce s...@redhat.com wrote:
Kerberos depends on proper name resolution. If a hostname cannot be
resolved you cannot acquire tickets for it.
So if your host ovm-c19-db does not have a DNS entry (either using IPA's
DNS server or an external DNS server) you
On Tue, 2012-08-07 at 13:35 -0700, Rob Ogilvie wrote:
On Tue, Aug 7, 2012 at 1:24 PM, Simo Sorce s...@redhat.com wrote:
Kerberos depends on proper name resolution. If a hostname cannot be
resolved you cannot acquire tickets for it.
So if your host ovm-c19-db does not have a DNS entry
On Tue, Aug 7, 2012 at 1:59 PM, Simo Sorce s...@redhat.com wrote:
Does klist -kt /etc/krb5.keytab return entries with the right hostname ?
It lists four entries, each with the correct FQDN:
[root@ovm-c19-db ~]# klist -kt /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Timestamp
I just found this additional log file entries on my IPA server. The
vm-mapsdc2 is one of the domain controllers/DNS servers not associated
with IPA other than being one of our authoritative DNS servers. Is
something misconfigured in IPA on the server side?
Aug 07 14:01:02 ovm-auth.domain
On Tue, Aug 7, 2012 at 4:48 PM, Rob Ogilvie r...@axpr.net wrote:
I just found this additional log file entries on my IPA server. The
vm-mapsdc2 is one of the domain controllers/DNS servers not associated
with IPA other than being one of our authoritative DNS servers. Is
something
15 matches
Mail list logo
