[Freeipa-users] Trusted Realm Across IPA Servers
Hi All, I have requirement to access the service under different IPA servers, can some one help me on this... IPA Servers are running on V3. -Eldo--- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] IPA V3 Backup and recovery
Thanks Guys :) Date: Sat, 29 Nov 2014 12:24:12 -0500 From: rcrit...@redhat.com To: pvobo...@redhat.com; jeld...@live.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] IPA V3 Backup and recovery Petr Vobornik wrote: On 11/28/2014 10:39 AM, Eldo Joseph wrote: Hi All, Can some one help me, with the best practices which can be used for IPAV3 backup and recovery, currently it is been a kind of single point of failure. Current infrastructure: One Master serverFive clients. I've tried with db2bak and bak2db features, I was able for a successful restore. how ever IPA admintools commands are failing with this error. (info): TGS_REQ (4 etypes {18 17 16 23}) xx.xx.xx.xx : PROCESS_TGS: authtime 0, unknown client for unknown server, Decrypt integrity check failed Thanks,Eldo. Hello Eldo, sounds like: https://fedorahosted.org/freeipa/ticket/4726 try to run: sudo -u apache kdestroy after the restore You may also want to look at the design for backup and restore, http://www.freeipa.org/page/V3/Backup_and_Restore . Quite a lot needs to happen for a proper backup and restore, particularly since you have multiple masters. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] IPA V3 Backup and recovery
Hi All, Can some one help me, with the best practices which can be used for IPAV3 backup and recovery, currently it is been a kind of single point of failure. Current infrastructure: One Master serverFive clients. I've tried with db2bak and bak2db features, I was able for a successful restore. how ever IPA admintools commands are failing with this error. (info): TGS_REQ (4 etypes {18 17 16 23}) xx.xx.xx.xx : PROCESS_TGS: authtime 0, unknown client for unknown server, Decrypt integrity check failed Thanks,Eldo. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Disable AES256 Encryption
Martin, Application compatible issue, AES256 is not been supported. Thanks, Eldo On 21/07/2014 7:15 pm, Martin Kosek mko...@redhat.com wrote: On 07/21/2014 03:38 PM, Eldo Joseph wrote: Is it possible to disable AES256 Encryption from IPA, while making Kerberos principals... -Eldo- I think you would need to hand update krbDefaultEncSaltTypes in cn=YOUR-REALM,cn=kerberos,SUFFIX (via ldapmodify) to make this working. Can you share what is the motivation for this change? I see requests to rather add additional (older) encryption types, not removing the current ones. Thanks, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] Add user principal with admin privilege
Hi, Is it possible to add a user principal with admin privileges. like kadmin: addprinc -randkey user1/ad...@domain.com when ever tried I got this Kerberos database constraints violated Thanks, Eldo -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project