[Freeipa-users] Funny Looking Records

I have some funny looking records left over from a deleted replica. I think this is why I see it in the list of servers and can't delete the server. ldapsearch -D 'cn=Directory Manager' -W -b 'cn=masters,cn=ipa,cn=etc,dc=bpt,dc=rocks' dn ## These records have the name of the deleted server in

[Freeipa-users] replication mess

Hello, we have 2 auth servers with a replication agreement. Turns out that auth-2 had network issues that went unnoticed from some time after a reboot. This wasn't discovered until after a yum update on auth-1 this morning. Now my logfile is filling up with this message:

Re: [Freeipa-users] Migration from FreeIPA 3.0 to 4.x

I am looking to take this same journey. I found this guide, it seems like it covers all the bases https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/h tml/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrade-6-to-7.h tml -Zak -Original Message- From:

[Freeipa-users] Migration from FreeIPA 3.0 to 4.x

Hi, I am hoping someone will be able to help answer some questions about migrations. I have been asked to look at upgrading an existing FreeIPA installation on CentOS 6 (3.0.0) to a new installation on CentOS 7 with a recent stable release (4.4.0). The existing CentOS 6 installation does

Re: [Freeipa-users] Authenticating windows users

> Thanks Jason, but those documents need AD as the primary authenticator. This > is > not the case for us. I think you need to read them a bit closer. Very first line of first link says: "This article describes direct integration between FreeIPA and Windows machine, i.e. without involving

Re: [Freeipa-users] Authenticating windows users

> We are primarily linux/osx shop and we currently have FreeIPA/IDM (ver 4.2) as > our master. I will need to add a handful of windows machines and been trying > to > figure out how to authenticate our windows users with FreeIPA/IDM. Is this > even > possible? I know Global Catalogs may not

[Freeipa-users] Announcing FreeIPA 4.3.3

Release date: 2017-03-23 The FreeIPA team would like to announce FreeIPA 4.3.3 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Please note that this is the last upstream release of FreeIPA 4.3.x branch. This announcement is also available at

Re: [Freeipa-users] Authenticating windows users

Thanks Jason, but those documents need AD as the primary authenticator. This is not the case for us. On Thu, Mar 23, 2017 at 11:46 AM, Jason B. Nance wrote: > We are primarily linux/osx shop and we currently have FreeIPA/IDM (ver > 4.2) as our master. I will need to add a

[Freeipa-users] Authenticating windows users

Hi, We are primarily linux/osx shop and we currently have FreeIPA/IDM (ver 4.2) as our master. I will need to add a handful of windows machines and been trying to figure out how to authenticate our windows users with FreeIPA/IDM. Is this even possible? I know Global Catalogs may not happen

[Freeipa-users] Announcing FreeIPA 4.4.4

Release date: 2017-03-23 The FreeIPA team would like to announce FreeIPA 4.4.4 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 24 will be available in the official COPR repository .

Re: [Freeipa-users] One kerberos realm, two dns zones and SSHFP records

On 03/22/2017 08:29 PM, Ranbir wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Everyone, I'm using a fully updated CentOS 7.3 environment for two IPA servers. I have one kerberos realm, one dns zone with the same name as the kerberos realm and another dns zone with a different

Re: [Freeipa-users] One kerberos realm, two dns zones and SSHFP records

On Wed, Mar 22, 2017 at 03:29:06PM -0400, Ranbir wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi Everyone, > > I'm using a fully updated CentOS 7.3 environment for two IPA servers. I > have one kerberos realm, one dns zone with the same name as the > kerberos realm and another