Hi,
I am trying to setup external DNS for IPA with AD trust.
I have set all records in DNS according doc but in the internal IPA DNS I can
see 3 more DNS records which are not mentioned in doc. They were set
automatically during ipa trust-add commnad I guess:
Hi all,
I have a questions about IPA with AD forest trust. What I am trying to do is
setup environment, where all informations about users are stored in one place -
AD. I would like to read at least uid, home, shell and sshkey from AD.
I have set up trust with this parameters:
ipa
Hi,
thank you for the answers. May be I am doing something wrong.
1. AD attributes - I am using the standard set of user's attributes in AD - I
did not extend the AD schema (2012 R2)
I am using set of attributes defined in RFS2307:
uidNumber
gidNumber
gecos
homeDirectory
loginShell
I am
Hi all,
I have lab environment with IPA server and trust to Active directory.
IPA server is in a.example.com.
AD DC is in example.com.
We have also child AD subdomain ext.examle.com.
Everything is fine until the users in AD domain ext.example.com gets the UPN
suffix of the root AD domain -
are exists ? Is
> there any additional configuration needed to fix this scenario ?
In general no, not until 7.3. But it might work with a workaround. Can
you try setting:
ldap_user_principal = nosuchattr
subdomain_inherit = ldap_user_principal
in sssd.conf's domain section on the server? (Y
]
#debug_level = 5
[sudo]
[autofs]
[ssh]
#debug_level = 4
[pac]
#debug_level = 4
[ifp]
Regards,
Jan
From: "Alexander Bokovoy" <aboko...@redhat.com>
To: "Jan Karásek" <jan.kara...@elostech.cz>
Cc: "Justin Stephenson" <jstep...@redhat.com>, fr
Hi,
I am still fighting with storing user's POSIX attributes in AD. Please can
anybody provide some simple reference settings of IPA-AD trust where users are
able to get uid from AD - not from IPA ID pool ?
I have tried to set values of attributes before and after creating trust, I
have
- so no values assigned.
I'm using W2012 R2.
Thank you,
Jan
From: "Justin Stephenson" <jstep...@redhat.com>
To: "Jan Karásek" <jan.kara...@elostech.cz>, freeipa-users@redhat.com
Sent: Tuesday, July 19, 2016 8:36:00 PM
Subject: Re: [Freeipa-users] AD tru
=RpcServices,CN=System,DC=rwe,DC=tt - it is
empty.
Do I missed to set something on the AD site ?
Thanks,
Jan
From: "Justin Stephenson" <jstep...@redhat.com>
To: "Jan Karásek" <jan.kara...@elostech.cz>
Cc: freeipa-users@redhat.com
Sent: Wednesday, July
the value of unixHomeDirectory attribute.
Is there any way to use value from AD not from subdomain_homedir template for
this parameter ?
Regards,
Jan
From: "Justin Stephenson" <jstep...@redhat.com>
To: "Jan Karásek" <jan.kara...@elostech.cz>, "Alexande
Hi,
please could somebody explain how and and with which account IPA is accessing
DC in IPA - AD trust scenario. Is is possible to simulate with ldapsearch some
query to AD with the same permission as IPA server?
We have some issues with reading ldap object from AD and I would like to
Great ! Thank you very much. It works !
Regards,
Jan
From: "Alexander Bokovoy" <aboko...@redhat.com>
To: "Jan Karásek" <jan.kara...@elostech.cz>
Cc: freeipa-users@redhat.com
Sent: Thursday, August 18, 2016 4:03:14 PM
Subject: Re: [Freeipa-users] IPA-AD lda
Hi,
I just looked into RHEL 6.9 beta repos and I can see there is
sssd-client-1.13.3-53.el6.x86_64 version. I would like to know if with rhel 6.9
will come support for using different UPN then domain name. I am talking about
AD trust scenario where user in AD domain sits in
Hi, thank you for help.
I am running RHEL 7.3 on IPA serveres and with RHEL 7.3 clients it works really
nice.
Trouble is on RHEL 6 machines. I have tried to add
krb5_use_enterprise_principal = true into domain section of sssd.conf on RHEL 6
IPA clients but problem still persists. Is there
for help.
Jan Karásek
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hi,
I have a question about the IPA-AD trust scenario where POSIX attributes are
store in AD.
I would like to know if it's possible to store public SSH user key in Active
Directory in some user's object attribute - the same way as uidNumber or
loginShell. I can't find any suitable attribute
to AD ldap ?
Thank you,
Jan
From: "Alexander Bokovoy" <aboko...@redhat.com>
To: "Jan Karásek" <jan.kara...@elostech.cz>
Cc: freeipa-users@redhat.com
Sent: Wednesday, August 17, 2016 4:12:28 PM
Subject: Re: [Freeipa-users] IPA-AD ldap acces - account ?
On
to handle that.
Thanks,
Jan
--
From: "Jan Karásek" <jan.kara...@elostech.cz>
To: freeipa-users@redhat.com
Sent: Tuesday, May 10, 2016 4:44:14 PM
Subject: AD trust and UPN issue
Hi,
thank you for the answer
Hi,
thank you for help.
This is my sssd.conf from server :
[domain/vs.example.cz]
debug_level = 7
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = vs.example.cz
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname =
Ok thank you. Wonder why it's a problem only on clients - IPA servers are quite
ok with that.
Jan
--
Message: 1
Date: Wed, 19 Oct 2016 12:28:31 +0200
From: Sumit Bose
To: freeipa-users@redhat.com
Hi,
please can you help me with troubleshooting IPA clients in IPA - AD trust
scenario ? We have two IPA servers and couple of clients running on RHEl 6 and
7. IPA is running on RHEL 7.2.
AD servers are in domains example.cz, cen.example.cz. Test users sits in
cen.example.cz. IPA is subdomain
Hi,
I have trouble with resolving AD users from my IPA clients.
Environment: 2x IPA server with trust into AD - both IPA servers and clients
running latest rhel 7.3.
IPA domain: vs.example.com
AD domain: example.com, cen.example.com
All tstx users are in cen.example.com but their UPN
the primary group of
newly created user- tester + other non primary groups.
Am I doing something wrong ? How to fix this ? Import primary groups manually
with ldapmodify or can I create them with ipa group-add ?
Thanks,
Jan
Jan Karásek
ELOS Technologies s.r.o.
Americká 36 120
will have backup
servers inside the each site.
Just now I am simply trying to establish first inter site replication to prove
that design is possible.
Jan
- Original Message -
From: "Martin Basti" <mba...@redhat.com>
To: "Jan Karásek" <jan.kara...@elostech.cz>,
Hi,
please can you point me to right direction with this issue ?
Scenario:
Site A, Site B, IPA in Site A is already installed with DNS, CA and i want to
create replica to Site B.
OS: RHEL 7.3, IPA 4.4
Site A - 192.168.0.0/24
IPA_A server interfaces:
eth0: 192.168.0.10 -- access for
25 matches
Mail list logo