Re: [Freeipa-users] anonymous LDAP attributes with IPA ipa-server-4.1

2015-10-29 Thread Martin Kosek
On 10/29/2015 12:06 AM, craig.li...@mypenguin.net.au wrote: Thanks it worked! For those also intersted in the settings; Permission: ldap_anonymous Bind Type Rule: anonymous Granted Rights: (I used) "read","search","compare" Subtree: cn=users,cn=accounts,dc=example,dc=com Extra target filter: (&(

Re: [Freeipa-users] rest api

2015-10-29 Thread Martin Kosek
On 10/28/2015 05:13 PM, Alexander Bokovoy wrote: On Wed, 28 Oct 2015, Winfried de Heiden wrote: Hi all, In order for an external application to communicate with IPA and/or modify on (free)Ipa, we want to use the JSON API. Where can I find documentation how to use this API? Read my blog post:

Re: [Freeipa-users] FreeIPA and Samba4

2015-10-29 Thread Joshua Doll
Hmm.. well I'm at a loss then. I had to only run the ipa-adtrust-install --add-sids. I did notice when I was setting this up recently that I had to run the adtrust-install command whenever I added new users or groups. I don't know if it was just me being impatient or a limitation. Another thing I n

Re: [Freeipa-users] FreeIPA and Samba4

2015-10-29 Thread Troels Hansen
Same result... ldapsearch -h kenai.casalogic.lan -D 'cn=Directory Manager' -x -W uid=th ipaNTHash Enter LDAP Password: # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: uid=th # requesting: ipaNTHash # # th, users, compat, casalogic.lan dn: uid=th,cn=users,cn=c

Re: [Freeipa-users] FreeIPA and Samba4

2015-10-29 Thread Joshua Doll
What about as directory manager? --Joshua D Doll On Thu, Oct 29, 2015 at 2:43 PM Troels Hansen wrote: > I should think so: > > On IPA server. > > ipa role-show 'CIFS server' > Role name: CIFS server > Privileges: CIFS server privilege > Member services: cifs/tinkerbell.casalogic@casal

Re: [Freeipa-users] FreeIPA and Samba4

2015-10-29 Thread Troels Hansen
I should think so: On IPA server. ipa role-show 'CIFS server' Role name: CIFS server Privileges: CIFS server privilege Member services: cifs/tinkerbell.casalogic@casalogic.lan ipa privilege-show 'CIFS server privilege' Privilege name: CIFS server privilege Permissions: CIFS test, CIF

[Freeipa-users] FreeIPA dogtag pkinit

2015-10-29 Thread Jean 'clark' EYMERIT
Hello, I search a way to use pkinit (http://web.mit.edu/kerberos/krb5-devel/doc/admin/pkinit.html) with FreeIPA (even without dogtag). Can someone give me a howto for this ? On the official documentation and the ML archive, I only find some references about the disabled feature because of the do

Re: [Freeipa-users] Multiple Reverse (PTR) Zone

2015-10-29 Thread Yogesh Sharma
Sure Petr. Will go through it. Thanks for Sharing. *Best Regards,* *__* *Yogesh Sharma* *Email: yks0...@gmail.com | Web: www.initd.in * *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

Re: [Freeipa-users] FreeIPA and Samba4

2015-10-29 Thread Joshua Doll
Are you using the correct principal for the ldapsearch? Did you grant it permissions to view those attributes? --Joshua D Doll On Thu, Oct 29, 2015 at 9:14 AM Troels Hansen wrote: > Hmm, weird. > I ran ipa-adtrust-install and it says it said it had user without SID's, > and I told it to generete

[Freeipa-users] FreeIPA public demo upgraded to version 4.2

2015-10-29 Thread Martin Kosek
Hello everyone, The FreeIPA Public Demo [1] was upgraded from version 4.1 to 4.2.2, running on Fedora 23. Please feel free to try all the new and shiny features, from Certificate Profiles or User Certificates to new User Life Cycle Management or API Browser. To see the full list of changes, you c

Re: [Freeipa-users] FreeIPA and Samba4

2015-10-29 Thread Troels Hansen
Hmm, weird. I ran ipa-adtrust-install and it says it said it had user without SID's, and I told it to generete SID's. However, I still can't see them on the user. a IPA-db doesn't reveal them being generated and I can't look them up via LDAP. ldapsearch -Y GSSAPI uid=th ipaNTHash ... #

Re: [Freeipa-users] Multiple Reverse (PTR) Zone

2015-10-29 Thread Petr Spacek
On 29.10.2015 11:33, Yogesh Sharma wrote: > Hi, > > We are working on to create another DC and extending our existing FreeIPA. > > Our current environment has subnet as 172.16.32.0/16. In another DC we have > 10.242.96.0/20. > > On FreeIPA master I have created a PTR Zone with 242.10.in-addr.arp

[Freeipa-users] Multiple Reverse (PTR) Zone

2015-10-29 Thread Yogesh Sharma
Hi, We are working on to create another DC and extending our existing FreeIPA. Our current environment has subnet as 172.16.32.0/16. In another DC we have 10.242.96.0/20. On FreeIPA master I have created a PTR Zone with 242.10.in-addr.arpa. , However, on registering the DC2 Client with FreeIPA M

Re: [Freeipa-users] Cockpit with (Free)IPA admin users

2015-10-29 Thread Petr Spacek
Thank you very much! Petr^2 Spacek On 27.10.2015 22:26, Martin Štefany wrote: > On Ut, 2015-10-27 at 15:48 +0100, Petr Spacek wrote: >> On 20.10.2015 23:25, Martin Štefany wrote: >>> Hello, >>> >>> did anybody manage to get FreeIPA admin user (member of admins >>> group, >>> full sudo access, etc

Re: [Freeipa-users] FreeIPA 3.3 performance issues with many hosts

2015-10-29 Thread Ludwig Krispenz
On 10/28/2015 02:06 PM, Sven Kieske wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On 21/10/15 17:03, Ludwig Krispenz wrote: It looks like it is accessing memory, which was freed in a pre-bind plugin, this could be the issue tracked in https://fedorahosted.org/389/ticket/48188 are