Re: [Freeipa-users] Kerberos and 2fa with mac OS X client

On Thu, Dec 15, 2016 at 06:50:53PM +, Mark Steele wrote: > Still no luck. > > > klist > Credentials cache: API:4FE16A36-A5AB-476F-8B49-4B427E816279 > Principal: ad...@int.domain.com > > IssuedExpires Principal > Dec 15 13:45:09 2016 Dec 16 13:45:07

Re: [Freeipa-users] Kerberos realm for different domain

On Sun, Dec 11, 2016 at 11:31 PM, David Kupka > wrote: yes you can do it. DNS domain and Kerberos realm are two different things. It's common and AFAIK recommended to capitalize DNS domain to get the realm but it's not required. If

Re: [Freeipa-users] Kerberos and 2fa with mac OS X client

On to, 15 joulu 2016, Mark Steele wrote: Still no luck. klist Credentials cache: API:4FE16A36-A5AB-476F-8B49-4B427E816279 Principal: ad...@int.domain.com IssuedExpires Principal Dec 15 13:45:09 2016 Dec 16 13:45:07 2016

Re: [Freeipa-users] Failed ipa-client-install with IPA Replica

Hi Flo, That's a good point! I checked the dirsrv certificate and confirmed valid(good until later next year). Since I had no problem to enroll another new IPA client(RHEL7 box instead of RHEL6) to such replica server, I thought it might not be a server end issue. However, when I tried to restart

Re: [Freeipa-users] Kerberos and 2fa with mac OS X client

Still no luck. klist Credentials cache: API:4FE16A36-A5AB-476F-8B49-4B427E816279 Principal: ad...@int.domain.com IssuedExpires Principal Dec 15 13:45:09 2016 Dec 16 13:45:07 2016 krbtgt/int.domain@int.domain.com KRB5_TRACE=/dev/stdout kinit

Re: [Freeipa-users] Kerberos and 2fa with mac OS X client

On to, 15 joulu 2016, Sumit Bose wrote: On Thu, Dec 15, 2016 at 03:38:14PM +, Mark Steele wrote: Hi, Has anyone managed to make this work and if so, is there some documentation for doing so? I can successfully authenticate to my linux servers using 2FA, but am unable to get my Mac to be

Re: [Freeipa-users] Kerberos and 2fa with mac OS X client

On Thu, Dec 15, 2016 at 03:38:14PM +, Mark Steele wrote: > Hi, > > Has anyone managed to make this work and if so, is there some documentation > for doing so? > > I can successfully authenticate to my linux servers using 2FA, but am unable > to get my Mac to be able to get a ticket with

Re: [Freeipa-users] Failed ipa-client-install with IPA Replica

On 12/14/2016 07:49 PM, beeth beeth wrote: Hi Flo, Thanks for the great hint! I reran the ipa-client-install on the rhel6 box(ipadev6), and monitored the access log file you mentioned on the replica: # ipa-client-install --domain=ipa.example.com

[Freeipa-users] Kerberos and 2fa with mac OS X client

Hi, Has anyone managed to make this work and if so, is there some documentation for doing so? I can successfully authenticate to my linux servers using 2FA, but am unable to get my Mac to be able to get a ticket with kinit. Kinit returns: “password incorrect”, and isn’t prompting for the

Re: [Freeipa-users] Replica Creation Issue

On 12/14/2016 03:27 PM, Christian McNamara wrote: > Hi all, > > I recently inherited a FreeIPA system that I believe is running v3.0, and I'm > trying to upgrade to the latest version. Following documentation, I'm trying > to > create a replica but I'm running into problems connecting to the