[Freeipa-users] Trusted Realm Across IPA Servers
Hi All, I have requirement to access the service under different IPA servers, can some one help me on this... IPA Servers are running on V3. -Eldo--- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] IPA V3 Backup and recovery
Thanks Guys :)
Date: Sat, 29 Nov 2014 12:24:12 -0500
From: rcrit...@redhat.com
To: pvobo...@redhat.com; jeld...@live.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA V3 Backup and recovery
Petr Vobornik wrote:
On 11/28/2014 10:39 AM, Eldo Joseph wrote:
Hi All,
Can some one help me, with the best practices which can be used for
IPAV3 backup and recovery, currently it is been a kind of single
point of failure.
Current infrastructure: One Master serverFive clients.
I've tried with db2bak and bak2db features, I was able for a
successful restore. how ever IPA admintools commands are failing with
this error.
(info): TGS_REQ (4 etypes {18 17 16 23}) xx.xx.xx.xx : PROCESS_TGS:
authtime 0, unknown client for unknown server, Decrypt integrity
check failed
Thanks,Eldo.
Hello Eldo,
sounds like: https://fedorahosted.org/freeipa/ticket/4726
try to run:
sudo -u apache kdestroy
after the restore
You may also want to look at the design for backup and restore,
http://www.freeipa.org/page/V3/Backup_and_Restore . Quite a lot needs to
happen for a proper backup and restore, particularly since you have
multiple masters.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
[Freeipa-users] IPA V3 Backup and recovery
Hi All,
Can some one help me, with the best practices which can be used for IPAV3
backup and recovery, currently it is been a kind of single point of failure.
Current infrastructure: One Master serverFive clients.
I've tried with db2bak and bak2db features, I was able for a successful
restore. how ever IPA admintools commands are failing with this error.
(info): TGS_REQ (4 etypes {18 17 16 23}) xx.xx.xx.xx : PROCESS_TGS: authtime 0,
unknown client for unknown server, Decrypt integrity check failed
Thanks,Eldo. --
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Disable AES256 Encryption
Martin, Application compatible issue, AES256 is not been supported. Thanks, Eldo On 21/07/2014 7:15 pm, Martin Kosek mko...@redhat.com wrote: On 07/21/2014 03:38 PM, Eldo Joseph wrote: Is it possible to disable AES256 Encryption from IPA, while making Kerberos principals... -Eldo- I think you would need to hand update krbDefaultEncSaltTypes in cn=YOUR-REALM,cn=kerberos,SUFFIX (via ldapmodify) to make this working. Can you share what is the motivation for this change? I see requests to rather add additional (older) encryption types, not removing the current ones. Thanks, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] Add user principal with admin privilege
Hi, Is it possible to add a user principal with admin privileges. like kadmin: addprinc -randkey user1/ad...@domain.com when ever tried I got this Kerberos database constraints violated Thanks, Eldo -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
