IPA does not need to have internet access. But if you want to have the IPA
server time synchronized, it needs to have access to the NTP server of your
choice.
Martin
On 11/21/2014 03:00 AM, Rolf Nufable wrote:
> I have a new question ( stupid question really )
> is it required for the IPA serve
Hi Guys,
For authenticating a user in Kolab I need uid@sub.domain.local as
emailaddress, but as my user needs also n...@domain.tld I need to add
this as extra mail address.
When I add this second email address I cannot login to Kolab anymore
as it will use u...@domain.tld in the kolab logs. When
I have a new question ( stupid question really )
is it required for the IPA server to have internet access? cuz thats my only
way to get the time right in my freeipa server.. the timedatectl in fedora20
while using ntp theres some bugs maybe that every after reboot it doesn't
automatically run,
Good Evening!
We are using 3.0.0-42 on Centos 6.6. I am not using NTP or DNS (we
are not allowed to run these services in our environment.)
I configured the replica using the directions at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/ins
On 11/20/2014 07:38 PM, William Muriithi wrote:
?Hi guys,
I am wondering how one would go about allowing both ad users and
FreeIPA user to work in harmony.
I recently was able to get FreeIPA to use trust to service unix
systems. However, I encountered resistance as some people didn't like
t
Hi guys,I am wondering how one would go about allowing both ad users and FreeIPA user to work in harmony. I recently was able to get FreeIPA to use trust to service unix systems. However, I encountered resistance as some people didn't like the long username, for example, username@domain.lo...@dev
Roman Naumenko wrote:
> Rob Crittenden wrote on 11-11-14 9:11:
>> Alexander Bokovoy wrote:
>>> On Tue, 11 Nov 2014, Roman Naumenko wrote:
Alexander Bokovoy wrote on 11-11-14 6:52:
> On Tue, 11 Nov 2014, Roman Naumenko wrote:
>> I'd like to adjust process settings on freeipa server to f
-Y GSSAPI fixed the ldap query. Thanks.
I figured out the problem with the ipa-getkeytab. In short, it was PEBKAC.
Thanks for the help.
On Thu, Nov 20, 2014 at 4:07 AM, Sumit Bose wrote:
> On Wed, Nov 19, 2014 at 09:55:51PM -0500, Richard Betel wrote:
> > I suddenly started getting errors when
On 11/20/2014 12:03 PM, dbisc...@hrz.uni-kassel.de wrote:
Hi,
On Thu, 20 Nov 2014, thierry bordaz wrote:
Server1 successfully replicated to Server2, but Server2 fails to
replicated to Server1.
The replication Server2->Server1 is done with kerberos
authentication. Server1 receives the replic
Rob Crittenden wrote on 11-11-14 9:11:
Alexander Bokovoy wrote:
On Tue, 11 Nov 2014, Roman Naumenko wrote:
Alexander Bokovoy wrote on 11-11-14 6:52:
On Tue, 11 Nov 2014, Roman Naumenko wrote:
I'd like to adjust process settings on freeipa server to fit it
better into virtual instance.
Is it p
Hi,
Dne 19.11.2014 v 09:45 Christoph Kaminski napsal(a):
this is an example of a host here and the ways how can I reach it via ssh:
(they are all in dns forward and reverse resolving)
(note I redacted the hostnames and IP addresses in the output below)
host host.mgmt
host.mgmt has address 1
Hi,
On Thu, 20 Nov 2014, thierry bordaz wrote:
Server1 successfully replicated to Server2, but Server2 fails to
replicated to Server1.
The replication Server2->Server1 is done with kerberos authentication.
Server1 receives the replication session, successfully identify the
replication manag
On 19/11/14 15:00, Rob Crittenden wrote:
Rob Crittenden wrote:
Roderick Johnstone wrote:
On 19/11/2014 08:33, Roderick Johnstone wrote:
On 18/11/2014 22:58, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 18/11/2014 22:19, Dmitri Pal wrote:
On 11/18/2014 12:57 PM, Roderick Johnstone wrot
Hello Will, Daniel,
Server1 successfully replicated to Server2, but Server2 fails to
replicated to Server1.
The replication Server2->Server1 is done with kerberos authentication.
Server1 receives the replication session, successfully identify the
replication manager, start to receives replica
Thanks, that solve my concern!
On Thu, Nov 20, 2014 at 5:35 PM, Jakub Hrozek wrote:
> On Thu, Nov 20, 2014 at 05:19:57PM +0800, Thomas Lau wrote:
> > What will happen if laptop haven't turn on for a long time and ticket
> > expired with cache and store password enabled? Does user unable to login
On Thu, Nov 20, 2014 at 05:19:57PM +0800, Thomas Lau wrote:
> What will happen if laptop haven't turn on for a long time and ticket
> expired with cache and store password enabled? Does user unable to login
> after expired?
SSSD doesn't use the ticket to authenticate in offline case, so sssd
doesn
What will happen if laptop haven't turn on for a long time and ticket
expired with cache and store password enabled? Does user unable to login
after expired?
On Thu, Nov 20, 2014 at 5:10 PM, Jakub Hrozek wrote:
> On Thu, Nov 20, 2014 at 05:04:02PM +0800, Thomas Lau wrote:
> > Does anyone know wh
On Thu, Nov 20, 2014 at 05:04:02PM +0800, Thomas Lau wrote:
> Does anyone know what's the behavior look like if a mobile user (laptop)
> being disconnected from Kerberos for too long even cache is enabled by
> default in our environment?
SSSD caches the user data and if cache_credentials is enable
On Wed, Nov 19, 2014 at 09:55:51PM -0500, Richard Betel wrote:
> I suddenly started getting errors when I try to use ipa-getkeytab:
>
> [root@ipa1 kerberize]# ipa-getkeytab -s jn01 -p hdfs/jn01 -k
> jn01.hdfs.keytab
> SASL Bind failed Can't contact LDAP server (-1) !
Please try to use the fully q
Does anyone know what's the behavior look like if a mobile user (laptop)
being disconnected from Kerberos for too long even cache is enabled by
default in our environment?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To ht
On 11/20/2014 08:10 AM, Rolf Nufable wrote:
> I've installed freeipa 4.1.1 --setup-dns --no-forwarders so far the
> installation went well .. but I need to configure freeipa server as a
> forwarder right?
> so I used te web UI and added the freeipaserver ip as a forwarder, then I
> rebooted the
21 matches
Mail list logo
