Re: [Freeipa-users] AD permissions needed for setting up AD trusts

team at my place of work will want to know exactly what the tool will do before they grant permission. I have added this information to the AD trusts wiki page: http://www.freeipa.org/page/IPAv3_AD_trust_setup#Add_trust_with_AD_domain That link only gets me to an empty wiki page... -- David

Re: [Freeipa-users] Desperate help requested.

On lör, 2012-08-25 at 23:05 -0500, KodaK wrote: I've just been informed by my boss's boss's boss that, and I quote from his ridiculous email: we cannot use anything other than MS AD for authentication I've spent months of time and much effort rolling out IPA, consolidating authentication

Re: [Freeipa-users] FreeIPA in a locked down Active Directory environment

. Have a look at http://freeipa.org/page/IPAv3_testing_AD_trust for some info on how this can be tested. -- David Juran Sr. Consultant Red Hat +46-725-345801 signature.asc Description: This is a digitally signed message part ___ Freeipa-users mailing

Re: [Freeipa-users] FreeIPA in a locked down Active Directory environment

like it's describing a full two way trust - in principal would a one way trust be feasible? Allow the AD users (or a selection thereof) access to the systems part of the IPA domain but not vice versa? AFAIK, that is the only thing currently implemented. -- David Juran Sr. Consultant Red Hat +46

Re: [Freeipa-users] dead in the water IPA server

for the OOM-killer )-. At this point you need to reboot the machine to recover but with some luck, the syslog should contain some hints of where the memory went. -- David Juran Sr. Consultant Red Hat +46-725-345801 signature.asc Description: This is a digitally signed message part

Re: [Freeipa-users] Trying out ipa on zlinux

On fre, 2012-05-04 at 10:25 -0400, Simo Sorce wrote: On Fri, 2012-05-04 at 16:04 +0200, David Juran wrote: [04/May/2012:15:22:27 +0200] conn=8 fd=66 slot=66 connection from local to /var/run/slapd-SRV-VOLVO-COM.socket [04/May/2012:15:22:27 +0200] conn=8 op=0 BIND dn=uid=kdc,cn

Re: [Freeipa-users] Trying out ipa on zlinux

-13.el6.s390x cyrus-sasl-gssapi-2.1.23-13.el6.s390x -- David Juran Sr. Consultant Red Hat +46-725-345801 signature.asc Description: This is a digitally signed message part ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com

Re: [Freeipa-users] syncing users more not limited to a subtree

-stopper I'll get back to you, but if schedule permits, I'd rather wait for the trust feature rather then develop a new feature for this. -- David Juran Sr. Consultant Red Hat +46-725-345801 signature.asc Description: This is a digitally signed message part

Re: [Freeipa-users] nisNet groups in AD

On Mon, 2011-11-21 at 11:55 -0500, Dmitri Pal wrote: On 11/21/2011 11:48 AM, David Juran wrote: Hello. I have a customer who is using nisNetgroups in microsoft Active Directory to keep track of which users are allowed to access which services. I've understood that IPA today does

[Freeipa-users] nisNet groups in AD

? Would that allow us to use the nisNet groups in AD for HBAC and sudo? -- David Juran Sr. Consultant Red Hat +46-725-345801 signature.asc Description: This is a digitally signed message part ___ Freeipa-users mailing list Freeipa-users@redhat.com https