Re: [Freeipa-users] Remove AD domain in auth commands

2016-11-08 Thread Martin Babinsky 

On 11/07/2016 09:11 PM, James Harrison wrote:

Hello
Sorry didn't explain. The ipa is the default domain, but I also want to
use the Windows domain to authenticate, but I want the OS to detect what
realm to use in the ssh command.

Thanks

On Mon, 7 Nov, 2016 at 11:48, Martin Basti
 wrote:

AFAIK Jakub already answered that
https://www.redhat.com/archives/freeipa-users/2016-November/msg00031.html

On 07.11.2016 12:05, James Harrison wrote:

Anyone ?

Sent from Yahoo Mail on Android


On Fri, 4 Nov, 2016 at 11:04, James Harrison
 wrote:
Hello,

I've installed FreeIPA 4.2 master using Centos and I have a
Windows 2012R2 with its AD schema emulating a Windows 2012 system

I have established a trust between the two and it appears to
work. I can reference a user on the AD domain, but the only
way is to add the AD domain.

The only way to ssh to the master IPA server is like this:

ssh "x_@IPAWIN.LOCAL"@10.10.10.10

Another example is using kinit:

I have to do the following to get a credential:
kinit x_@IPAWIN.LOCAL

Ideally I would not need or use the "@IPAWIN.LOCAL".

Can anyone help?

Best regards,
James Harrison









Hi James,

as Jakub pointed out you may have to wait for the next release of SSSD 
for this to work.


--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Remove AD domain in auth commands

2016-11-07 Thread James Harrison 
Hello
Sorry didn't explain. The ipa is the default domain, but I also want to use the 
Windows domain to authenticate, but I want the OS to detect what realm to use 
in the ssh command.
Thanks 
 
  On Mon, 7 Nov, 2016 at 11:48, Martin Basti wrote:   
AFAIK Jakub already answered 
thathttps://www.redhat.com/archives/freeipa-users/2016-November/msg00031.html
 On 07.11.2016 12:05, James Harrison wrote:
  
Anyone ?
 
 Sent from Yahoo Mail on Android 
 
 On Fri, 4 Nov, 2016 at 11:04, James Harrison  
wrote:   Hello, 
  I've installed FreeIPA 4.2 master using Centos and I have a Windows 2012R2 
with its AD schema emulating a Windows 2012 system 
  I have established a trust between the two and it appears to work. I can 
reference a user on the AD domain, but the only way is to add the AD domain. 
  
  The only way to ssh to the master IPA server is like this:
  
   ssh "x_@IPAWIN.LOCAL"@10.10.10.10 
  Another example is using kinit: 
  I have to do the following to get a credential: kinit x_@IPAWIN.LOCAL 
  Ideally I would not need or use the "@IPAWIN.LOCAL". 
  
  Can anyone help? 
  Best regards, James Harrison

 
  
 
 
  
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Remove AD domain in auth commands

2016-11-07 Thread Martin Basti 
AFAIK Jakub already answered that 
https://www.redhat.com/archives/freeipa-users/2016-November/msg00031.html


On 07.11.2016 12:05, James Harrison wrote:

Anyone ?

Sent from Yahoo Mail on Android 



On Fri, 4 Nov, 2016 at 11:04, James Harrison
 wrote:

Hello,

I've installed FreeIPA 4.2 master using Centos and I have a
Windows 2012R2 with its AD schema emulating a Windows 2012 system

I have established a trust between the two and it appears to work.
I can reference a user on the AD domain, but the only way is to
add the AD domain.

The only way to ssh to the master IPA server is like this:

ssh "x_@IPAWIN.LOCAL"@10.10.10.10

Another example is using kinit:

I have to do the following to get a credential:
kinit x_@IPAWIN.LOCAL

Ideally I would not need or use the "@IPAWIN.LOCAL".

Can anyone help?

Best regards,
James Harrison





-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Remove AD domain in auth commands

2016-11-07 Thread James Harrison 
Anyone ?

Sent from Yahoo Mail on Android 
 
  On Fri, 4 Nov, 2016 at 11:04, James Harrison 
wrote:   Hello,
I've installed FreeIPA 4.2 master using Centos and I have a Windows 2012R2 with 
its AD schema emulating a Windows 2012 system
I have established a trust between the two and it appears to work. I can 
reference a user on the AD domain, but the only way is to add the AD domain. 

The only way to ssh to the master IPA server is like this:

 ssh "x_@IPAWIN.LOCAL"@10.10.10.10
Another example is using kinit:
I have to do the following to get a credential:kinit x_@IPAWIN.LOCAL
Ideally I would not need or use the "@IPAWIN.LOCAL". 

Can anyone help?
Best regards,James Harrison
  
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Remove AD domain in auth commands

2016-11-04 Thread Jakub Hrozek 
On Fri, Nov 04, 2016 at 11:04:28AM +, James Harrison wrote:
> Hello,
> I've installed FreeIPA 4.2 master using Centos and I have a Windows 2012R2 
> with its AD schema emulating a Windows 2012 system
> I have established a trust between the two and it appears to work. I can 
> reference a user on the AD domain, but the only way is to add the AD domain. 
> 
> The only way to ssh to the master IPA server is like this:
> 
>  ssh "x_@IPAWIN.LOCAL"@10.10.10.10
> Another example is using kinit:
> I have to do the following to get a credential:kinit x_@IPAWIN.LOCAL
> Ideally I would not need or use the "@IPAWIN.LOCAL". 
> 
> Can anyone help?
> Best regards,James Harrison

Currently the only way is to use default_domain_suffix. This might
change in the upcoming version of sssd (1.15)

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Remove AD domain in auth commands

2016-11-04 Thread James Harrison 
Hello,
I've installed FreeIPA 4.2 master using Centos and I have a Windows 2012R2 with 
its AD schema emulating a Windows 2012 system
I have established a trust between the two and it appears to work. I can 
reference a user on the AD domain, but the only way is to add the AD domain. 

The only way to ssh to the master IPA server is like this:

 ssh "x_@IPAWIN.LOCAL"@10.10.10.10
Another example is using kinit:
I have to do the following to get a credential:kinit x_@IPAWIN.LOCAL
Ideally I would not need or use the "@IPAWIN.LOCAL". 

Can anyone help?
Best regards,James Harrison
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project