On 03/11/2015 07:57 AM, Robert Erzen wrote:
Thanks for your input.
Since I have most users on Windows clients, I will have to consider
implementing AD and join Linux servers in.
Any thought on that?
br
I think the best would be to read my blogs.
Jan 20, 2015
An Introduction to
#yiv2229194538 #yiv2229194538 -- _filtered #yiv2229194538
{font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;} _filtered #yiv2229194538
{panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv2229194538
{font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;} _filtered #yiv2229194538
We¹re trying to setup IPA with it acting as an intermediate CA against our
test Active Directory environment.
The first part goes well:
# ipa-server-install -a admin-pass ‹hostname=server.domain.com -n
unix.test.osuwmc -p password -P password -r UNIX.TEST.OSUWMC
--external-ca
On 03/11/2015 11:13 AM, Gould, Joshua wrote:
We¹re trying to setup IPA with it acting as an intermediate CA against our
test Active Directory environment.
The first part goes well:
# ipa-server-install -a admin-pass ‹hostname=server.domain.com -n
unix.test.osuwmc -p password -P password -r
Hi,
We have a mix of Centos 6 and Centos 7 machines which we would like to
manage with FreeIPA.
I remember that setting up freeipa on Centos 6 can be a bit tricky although
I found this method which works.
https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html
I imagine the
On 03/11/2015 09:50 AM, Ben .T.George wrote:
HI
i can able to reach upto level that IPA user can able to login on
solaris box,
but how can i create home directories automatically on solaris while
IPA user login.
even i change the shell in IPA web interface that is getting affected.
i saw
HI
thanks for the rply.
even i tried native auto_master file with directory checking script. if i
feed the user manually to the script, the directory is creating and while
login request comes, it didn't.
i don't think no one did full solaris integration util now as i asked many
questions
sipazzo wrote:
*
*
This issue has now gotten much worse and we are unable to enroll
clients. We are getting an error saying the server does not have a cert:
Do you want download the CA cert from
http://ipa1.example.com/ipa/config/ca.crt ?
(this is INSECURE) [no]: yes
Cannot
Hi Naxto,
i think your solutions will work in my case. sems like both os's are same.
using opensolaris
anyway let me try this and will let you know the status
Thanks regards,
Ben
On Wed, Mar 11, 2015 at 10:51 PM, Natxo Asenjo natxo.ase...@gmail.com
wrote:
On Wed, Mar 11, 2015 at 8:36 PM,
On 03/11/2015 06:33 PM, Gould, Joshua wrote:
We’re trying to setup RHEL7 with the latest updates. Our ipa-server shows
ipa-server-4.1.0-18.el7.x86_64.
On 3/11/15, 12:39 PM, Dmitri Pal d...@redhat.com wrote:
On 03/11/2015 11:13 AM, Gould, Joshua wrote:
We¹re trying to setup IPA with it acting
This is how use the automounter to automatically create home directories for
ipa users under /export/home/ and mount them under /home/ on Solaris 10, as
well as copy over the profile files and assign appropriate owner and group:
We first created a service account called auth in ipa to allow ldap
On 03/11/2015 03:43 PM, Steven Jones wrote:
Hi,
I have been asked to look at packetfence and linking it to IPA for
authentication but I might need to allow users to login into their IPA
info and add MAC addresses themselves, this is possible I think?
Since ppl these days can have 3
We’re trying to setup RHEL7 with the latest updates. Our ipa-server shows
ipa-server-4.1.0-18.el7.x86_64.
On 3/11/15, 12:39 PM, Dmitri Pal d...@redhat.com wrote:
On 03/11/2015 11:13 AM, Gould, Joshua wrote:
We¹re trying to setup IPA with it acting as an intermediate CA against
our
test Active
First off congratulations on getting this out. Love the new UI, all pretty and
integrates well with the access.redhat.com UI.
Second, did DNSSEC not make the chop? It looks like for FreeIPA DNSSEC was
included in the 4.1.0 release, but near as I can tell it is not part of IPA
4.1.0 in RHEL
Ben .T.George wrote:
HI
thanks for the rply.
even i tried native auto_master file with directory checking script. if
i feed the user manually to the script, the directory is creating and
while login request comes, it didn't.
i don't think no one did full solaris integration util now
==
[root@vuwunicoipam004 ipa-certs]# ipa-replica-install --setup-dns
--forwarder=10.100.32.31 -U replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg
--skip-conncheck
Checking forwarders, please wait ...
WARNING: DNS forwarder 10.100.32.31 does not return DNSSEC signatures in answers
Please fix
Hi,
Hosts however would have to be joined by an admin?
They also wouldnt be very IPA aware and stable from what I can see, ie joining
a non-RH OS to IPA just looks an awful nightmare especially for 1+ devices
plus with 3 different OSes at least (IOS, Win, Android, linux and apple and
On 03/11/2015 01:18 PM, Ben .T.George wrote:
HI
thanks for the rply.
even i tried native auto_master file with directory checking script.
if i feed the user manually to the script, the directory is creating
and while login request comes, it didn't.
i don't think no one did full solaris
Hi all, I have a weird shutdown issue on an IPA instance
(ipa-server-3.3.3-28.0.1.el7.centos.3.x86_64) on CentOS (CentOS Linux release
7.0.1406) that's been working fine for at least six months, maybe longer. It's
replicated to an identical instance that is having no problems.
On Wed, Mar 11, 2015 at 8:36 PM, Rob Crittenden rcrit...@redhat.com wrote:
Ben .T.George wrote:
HI
thanks for the rply.
even i tried native auto_master file with directory checking script. if
i feed the user manually to the script, the directory is creating and
while login request
For troubleshooting this you need to enable debug_level=10 in sssd.conf in
domain and pam sections. Restart sssd and try to login.
OK, this has pinpointed the problem. The log file now shows:
(Wed Mar 11 11:31:01 2015) [sssd[be[middlebury.edu]]] [sdap_save_user]
(0x1000): Mapping user
On 03/11/2015 03:49 PM, Steven Jones wrote:
Hi,
When I try to join a 7.1 based replica to an existing setup and use an AD
forwarder the command complains that the AD box isnt doing DNSSEC suggesting to
me it is present in 7.1?
Can you share the message that you get and what steps you take
from BZ
While we value your interest in IPA Solaris support, the implementation of
the DUA profile is not on our nearest schedule at the moment. We lack both
knowledge and resources to focus on integration with Solaris. This is where
we need a help (ideally patches) and contribution from the
Hi,
I have been asked to look at packetfence and linking it to IPA for
authentication but I might need to allow users to login into their IPA info and
add MAC addresses themselves, this is possible I think?
Since ppl these days can have 3 mobile devices, (ipad, iphone and laptop) I
would
Hi,
When I try to join a 7.1 based replica to an existing setup and use an AD
forwarder the command complains that the AD box isnt doing DNSSEC suggesting to
me it is present in 7.1?
At the moment however I cant join a 7.1 based IPA server into a 6.6 based IPA
cluster. Or a 7.1 client to
HI
yea , i saw that mail thread and he claims that he achieved somehow. but
not clear.
and the steps mentioned is too technical for me. :) as i am very new to
IPA it's bit confusing.
later that thread also closed without proper explanation.
i think you guys can contact him to change existing
On 03/11/2015 01:13 PM, Andrew Holway wrote:
Hi,
We have a mix of Centos 6 and Centos 7 machines which we would like to
manage with FreeIPA.
I remember that setting up freeipa on Centos 6 can be a bit tricky
although I found this method which works.
On 03/11/2015 01:56 PM, Ben .T.George wrote:
HI
yea , i saw that mail thread and he claims that he achieved somehow.
but not clear.
and the steps mentioned is too technical for me. :) as i am very new
to IPA it's bit confusing.
later that thread also closed without proper explanation.
i
Okay, one of those as soon as you press send issues.
The problem that wasn't obvious was that the tomcat service was enabled on the
first box. Seems to be stable after removing that and rebooting.
Whew!!
On Mar 11, 2015, at 3:02 PM, Brian Topping brian.topp...@gmail.com wrote:
Hi all, I
On 03/11/2015 03:15 PM, Erinn Looney-Triggs wrote:
First off congratulations on getting this out. Love the new UI, all pretty and
integrates well with the access.redhat.com UI.
Thanks!
Second, did DNSSEC not make the chop? It looks like for FreeIPA DNSSEC was
included in the 4.1.0 release,
On 03/11/2015 04:37 PM, Steven Jones wrote:
==
[root@vuwunicoipam004 ipa-certs]# ipa-replica-install --setup-dns
--forwarder=10.100.32.31 -U replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg
--skip-conncheck
Checking forwarders, please wait ...
WARNING: DNS forwarder 10.100.32.31 does not
thanks Dmitri,
I am now testing two-way SSL auth to a Apache webserver using
auth_kerb_module which authenticates to IPA, idea is that it will reverse
proxy to another server which is under IPA domain.
I will try out mod_nss and later PKINIT.
thanks for the reply.
-KSHK
On Tue, Mar 10, 2015
Thanks for your input.
Since I have most users on Windows clients, I will have to consider
implementing AD and join Linux servers in.
Any thought on that?
br
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to
On 3/11/2015 10:13 PM, Gould, Joshua wrote:
The selftests.log contradicts itself and I¹m not really sure where to look
next. Any ideas?
There's an existing ticket about the confusing selftest messages:
https://fedorahosted.org/pki/ticket/1249
Could you post the full CA debug log (i.e.
HI
i can able to reach upto level that IPA user can able to login on solaris
box,
but how can i create home directories automatically on solaris while IPA
user login.
even i change the shell in IPA web interface that is getting affected. i
saw some option in IPA 3.3 web interface like automount
35 matches
Mail list logo
