El mié, 13-03-2013 a las 15:57 -0400, Simo Sorce escribió:
> On Wed, 2013-03-13 at 14:36 -0430, Loris Santamaria wrote:
> > El mié, 13-03-2013 a las 14:44 +0100, Petr Spacek escribió:
> > > On 13.3.2013 14:28, Rob Crittenden wrote:
> > > > Michael ORourke wrote:
> > > >> I think SRV records are onl
On Mar 14, 2013, at 6:38 AM, KodaK wrote:
> On Wed, Mar 13, 2013 at 3:39 PM, Luke Kearney wrote:
>> Hello,
>>
>> I have recently been working on integrating our solaris 10 fleet with
>> FreeIPA. The first 'test' host went relatively smoothly and we recently
>> created a new test host. Only th
On Wed, Mar 13, 2013 at 10:45 PM, Dale Macartney
wrote:
> I've just deployed a RHEL 6.4 proxy and the guide is still accurate and
> works.. however I agree a config file would be a better place for the
> options. Both work at the end of the day.
yes, the guide is accurate, but upgrading to meet a
I'm not sure if this will help (not being a Solaris shop), but when we rolled
out IPA in our environment, I had some trouble with ssh and kerberos auth
working correctly. As it turned out, the fix was adding reverse lookup records
(PTR) in the DNS for all the servers.
-Mike
-Original Me
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/13/2013 09:20 PM, Natxo Asenjo wrote:
> hi,
>
> following the howto
>
http://freeipa.org/page/Squid_Integration_with_FreeIPA_using_Single_Sign_On
> I had setup squid.
>
> Tonight running the updates the changes to the init script
>
http://freei
On Wed, Mar 13, 2013 at 3:39 PM, Luke Kearney wrote:
> Hello,
>
> I have recently been working on integrating our solaris 10 fleet with
> FreeIPA. The first 'test' host went relatively smoothly and we recently
> created a new test host. Only this time it was more challenging to get the
> system
Hello,
I have recently been working on integrating our solaris 10 fleet with FreeIPA.
The first 'test' host went relatively smoothly and we recently created a new
test host. Only this time it was more challenging to get the system working.
On our original test installation every step went almos
On Wed, 2013-03-13 at 14:36 -0430, Loris Santamaria wrote:
> El mié, 13-03-2013 a las 14:44 +0100, Petr Spacek escribió:
> > On 13.3.2013 14:28, Rob Crittenden wrote:
> > > Michael ORourke wrote:
> > >> I think SRV records are only part of the problem. We are using
> > >> integrated BIND/DNS with
El mié, 13-03-2013 a las 14:44 +0100, Petr Spacek escribió:
> On 13.3.2013 14:28, Rob Crittenden wrote:
> > Michael ORourke wrote:
> >> I think SRV records are only part of the problem. We are using
> >> integrated BIND/DNS with our IPA servers and I'm not sure it supports
> >> views. But thanks
On Wed, 2013-03-13 at 16:12 +0100, Natxo Asenjo wrote:
> hi,
>
> is it possible to do that?
If by local group you mean /etc/group then it is not possible.
Posix does not understand nested groups.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Fre
Hi all.
I know that the A part of IPA has been delayed, but that doesn't mean
that the auditing requirement has gone away.
Before I write a bunch of stuff for this, I wanted to see if anyone
had any thoughts (or code!) regarding how to accomplish some of this
stuff that auditors want to see.
Her
On Wed, 2013-03-13 at 09:28 -0400, Rob Crittenden wrote:
> Michael ORourke wrote:
> > I think SRV records are only part of the problem. We are using
> > integrated BIND/DNS with our IPA servers and I'm not sure it
> supports
> > views. But thanks for the suggestion.
> > I guess we could create cu
On 13.3.2013 14:28, Rob Crittenden wrote:
Michael ORourke wrote:
I think SRV records are only part of the problem. We are using
integrated BIND/DNS with our IPA servers and I'm not sure it supports
views. But thanks for the suggestion.
I guess we could create custom krb5.conf files in each DC
On Wed, 2013-03-13 at 09:28 -0400, Rob Crittenden wrote:
> Michael ORourke wrote:
> > I think SRV records are only part of the problem. We are using
> > integrated BIND/DNS with our IPA servers and I'm not sure it supports
> > views. But thanks for the suggestion.
> > I guess we could create cust
Michael ORourke wrote:
I think SRV records are only part of the problem. We are using
integrated BIND/DNS with our IPA servers and I'm not sure it supports
views. But thanks for the suggestion.
I guess we could create custom krb5.conf files in each DC and mange them
with Puppet, but there are o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/13/2013 01:17 PM, Simo Sorce wrote:
> On Wed, 2013-03-13 at 12:41 +, Dale Macartney wrote:
>> chown root:mail /etc/postfix/smtp.keytab
>> chmod 644 /etc/postfix/smtp.keytab
>>
> NEVER ever use 644 on a keytab file.
>
> A keytab is like a pa
On Tue, 12 Mar 2013, de Jong, Mark-Jan wrote:
Hello,
I'm currently testing forest trusts in v3.0 on CentOS 6.4. I've got a
trust setup between my IPA forest (nix.ipatest.dom) and my Windows
forest (ipatest.dom). I have gone though the setup procedure as outlined
at http://freeipa.org/page/Howto/I
On Wed, 2013-03-13 at 12:41 +, Dale Macartney wrote:
> chown root:mail /etc/postfix/smtp.keytab
> chmod 644 /etc/postfix/smtp.keytab
>
NEVER ever use 644 on a keytab file.
A keytab is like a password, if you make it accessible to everybody on a
system you gave it up.
Sorry to be harsh but I
On Wednesday, March 13, 2013 12:41:05 PM Dale Macartney wrote:
> Silly mistake on my part. Simple perms issue with keytab file.
>
> Below is a working config of postfix with IPA user lookups and kerberos
> authenticated sending.
>
> ipa-getkeytab -s ds01.example.com -p smtp/$(hostname) -k
> /etc/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/13/2013 10:47 AM, Dale Macartney wrote:
>
>
> On 03/12/2013 02:05 PM, Anthony Messina wrote:
> > On Tuesday, March 12, 2013 08:53:59 AM Anthony Messina wrote:
> >> On Tuesday, March 12, 2013 01:50:47 PM Dale Macartney wrote:
> >>> > # Import en
I think SRV records are only part of the problem. We are using integrated
BIND/DNS with our IPA servers and I'm not sure it supports views. But thanks
for the suggestion.
I guess we could create custom krb5.conf files in each DC and mange them with
Puppet, but there are other config files (e.g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/12/2013 02:05 PM, Anthony Messina wrote:
> On Tuesday, March 12, 2013 08:53:59 AM Anthony Messina wrote:
>> On Tuesday, March 12, 2013 01:50:47 PM Dale Macartney wrote:
>>> > # Import environment for Kerberos v5 GSSAPI
>>> >
>>> > import_enviro
i'll get back to the previous part later, wehn i can test it (thanks petr!)
i guess the timestamps are somehwere in the ldap schema, i would like to know
where or how i can find them.
and if possible, how to do that using the ipalib python api.
btw, is it correct for me to assume that when has
On 03/13/2013 09:55 AM, Petr Spacek wrote:
> On 12.3.2013 14:41, Stijn De Weirdt wrote:
...
>> i guess the timestamps are somehwere in the ldap schema, i would like to know
>> where or how i can find them.
>> and if possible, how to do that using the ipalib python api.
>>
>> btw, is it correct for
On 12.3.2013 14:41, Stijn De Weirdt wrote:
hi all,
(i'm new to freeipa, so it's possible i missed some docs here and there ;)
i'm looking to add hosts with some secret password to ipa, then during
kickstart install they use this password to run ipa-client-install.
You need to add host account
25 matches
Mail list logo