One of my users is having trouble because the FreeIPA web interface
does not work well with a DNS zone that contains more than 2000
entries. When he goes to Network Services->DNS->DNS Zones and selects
the problematic zone, he gets an error popup saying the results were
truncated because the numbe
It's a CentOS 7.3 host, the version of sssd is 1.14.0, so there's no need
for mapping. However on the AD host:
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
adm.tiemen@VM-WIN-01 C:\Users\adm.tiemen>klist
Current LogonId is 0:0x603b58
Cached Ticket
On Tue, May 02, 2017 at 05:46:34PM +0200, Tiemen Ruiten wrote:
> I think I just realised that my expectation may be wrong: GSSAPI login with
> a FreeIPA user logged in on an AD host to a FreeIPA host works. So is it
> correct to also expect passwordless login with an AD user to a FreeIPA host?
The
Yeah, after I sent this email, I realized what I was trying to do and
that, "Oh wait, this is not really going to work."
For what it is worth - version on RHEL 7.3 - 4.4.0-14.el7_3.7
-K
On 5/2/17 11:04 AM, Rob Crittenden wrote:
Kat wrote:
Hi all,
I am somewhat confused trying to get the pro
Kat wrote:
> Hi all,
>
> I am somewhat confused trying to get the process of using an external
> cert for IPA.
>
> If I follow step 1:
> ipa-server-install -a Secret123 -p Secret123 -r EXAMPLE.COM
> --external-ca -U
>
> This does indeed generate a CSR, but trying to do anything with this CSR
> h
Hi Tiemen,
> To be clear, what I'm trying to do: log in from an AD account (adm.tiemen),
> from
> an AD host ( [ http://leon.clients.rdmedia.com/ | leon.clients.rdmedia.com ] )
> to a FreeIPA host ( [ http://neodymium.test.ams.i.rdmedia.com/ |
> neodymium.test.ams.i.rdmedia.com ] ) with the same
> I think I just realised that my expectation may be wrong: GSSAPI login with a
> FreeIPA user logged in on an AD host to a FreeIPA host works. So is it correct
> to also expect passwordless login with an AD user to a FreeIPA host?
If your FreeIPA domain trusts the AD domain, then yes, you can use
I think I just realised that my expectation may be wrong: GSSAPI login with
a FreeIPA user logged in on an AD host to a FreeIPA host works. So is it
correct to also expect passwordless login with an AD user to a FreeIPA host?
On 2 May 2017 at 17:40, Jason B. Nance wrote:
> Hi Tiemen,
>
> To be c
Hi all,
I am somewhat confused trying to get the process of using an external
cert for IPA.
If I follow step 1:
ipa-server-install -a Secret123 -p Secret123 -r EXAMPLE.COM --external-ca -U
This does indeed generate a CSR, but trying to do anything with this CSR
has no success since it is not
Hi,
I will be hosting a table at the SouthEast Linux Fest in Charlotte,
North Carolina this year from June 9th to the 11th and would like to
invite anyone in the area to stop by an hang out. At the table, I will
be giving a brief overlook as to what FreeIPA is and the potential it has.
Last
Hello,
I now have a working two-way trust between Active Directory (
clients.rdmedia.com) and FreeIPA (i.rdmedia.com). Users from the AD can
authenticate to FreeIPA hosts and the other way around. Great!
Next, I'm trying to achieve passwordless Single Sign On through GSSAPI for
Windows clients to
The closest I found was this:
[02/May/2017:14:33:57][localhost-startStop-1]: No rule can be found for
publishing: cacert
[02/May/2017:14:33:37][localhost-startStop-1]: published ca cert
[02/May/2017:14:33:37][localhost-startStop-1]: CMSEngine: ca startup done
On 05/02/2017 10:50 AM, Bret Wort
I plowed through /var/log/pki/pki-tomcat/ca/debug, but nothing jumps out
as looking like an error.
The cert-show failure is troubling, but my inability to get CSRs turned
into certs is what's actually driving this.
Bret
On 04/26/2017 06:02 PM, Rob Crittenden wrote:
Bret Wortman wrote:
So
I have a simple IPA setup with masters spanning two different AWS
regional VPCs with a replication agreement between them.
Oddly enough I see a different host count between the two servers.
I've tried running:
ipa-replica-manage force-sync --from (remote host)
... on both hosts. Did not see
Hello freeipa team,
I have download freeipa4.4.4.tar.gz and I need to setup freeipa project
as a local environment(to customize via IDE like eclipse) for
customization. suggest me how can do that. or any reference link.
Thanks,
--
Regards,
Rajkumar E
r...@gworks.mobi
8675496254.
--
Manage
On (02/05/17 00:36), Z D wrote:
>Hi, we've been using the IdM server 4.4.0 but still have some EL5 (build
>system) we'd like to be ipa-clients. The ipa-client v2.1.3 has been installed,
>that works well.
>
>And I believe that with EL5, there is no sssd support for sudo, hence it's
>configured vi
16 matches
Mail list logo