[Freeipa-users] Re: How to Setup FreeIPA Services for Mac OS X 10.12

Hi, On 14/06/2017 18:02, Jason Sherrill via FreeIPA-users wrote: > Hello All, > > I have recently submitted a How/To > > for > FreeIPA. I'd very much appreciate any feedback or editing on it- I > don't want to link to

[Freeipa-users] Re: Access issues with SSH/IPA

You'll have to forgive my ignorance here since I'm still fairly new to IPA and fortunately haven't run in to many issues as of yet. The three IPA 3.0 servers all have what look to be following conflicts: $ ldapsearch -D "cn=directory manager" -w secret -b "dc=domain,dc=tld" "nsds5ReplConflict=

[Freeipa-users] Re: replication problem

So, this problem is still causing me unable to install/build any replica servers. Eric -Original Message- Date: Tue, 13 Jun 2017 12:11:57 -0400 Subject: Re: [Freeipa-users] Re: replication problem Cc: Mark Reynolds , Rob Crittenden To: Rob Crittenden via FreeIPA-users From: Eric Renfr

[Freeipa-users] Overcoming hurdles installing freeipa-server on ubuntu 17.10

Hope this helps to save some of some time digging. And I know, freeipa-server on a non LTS release is daft.. apt-get install freeipa-server-trust-ad #This has been mentioned elsewhere, and it should either be a dependency OR it's absence should not break things as it currently does sudo mkdir /et

[Freeipa-users] Apache authentication with Kerberos to IPA

Hi, my question is not directly related to IPA, but since IPA provides underlying authentication services, I think it almost fits here. I have an Apache WebDAV server that authenticates via Kerberos to IPA server. Related configuration in Apache is: AuthTypeKerberos # Essential fo

[Freeipa-users] Re: Access issues with SSH/IPA

On Thu, Jun 15, 2017 at 01:07:27PM -, john.bowman--- via FreeIPA-users wrote: > You'll have to forgive my ignorance here since I'm still fairly new to IPA > and fortunately haven't run in to many issues as of yet. > > The three IPA 3.0 servers all have what look to be following conflicts: >

[Freeipa-users] Re: Overcoming hurdles installing freeipa-server on ubuntu 17.10

David Harvey via FreeIPA-users writes: > sudo mkdir /etc/krb5.conf.d/ > #Apparently this is expected by ipa-server to have been generated by one of > the kerberos packages but is not.. There's a PR open for this in [1]. Since it hasn't merged, though, it's probably not going to get a backport.

[Freeipa-users] Re: Certificate renewals with external CA

Rob Foehl wrote: > On Fri, 9 Jun 2017, I wrote: > >> In short, that didn't go particularly well at all, which in some ways >> brings me back to the original as-yet-unanswered deployment question: >> >> Is trying to do this with an external CA worth the pain? > > Three attempts at this question, a

[Freeipa-users] Re: Overcoming hurdles installing freeipa-server on ubuntu 17.10

Robbie Harwood via FreeIPA-users writes: > David Harvey via FreeIPA-users writes: > >> sudo mkdir /etc/krb5.conf.d/ >> #Apparently this is expected by ipa-server to have been generated by one of >> the kerberos packages but is not.. > > There's a PR open for this in [1]. Since it hasn't merged,

[Freeipa-users] Re: Access issues with SSH/IPA

Which path would be better? Upgrading sssd on the older machines or attempting to delete the ldap entries? Both eventually? Does having the namingConflict entries pose a threat to the system stability? ___ FreeIPA-users mailing list -- freeipa-users

[Freeipa-users] Re: How to Setup FreeIPA Services for Mac OS X 10.12

Thank you Lee and Jens! I've been testing your suggestions and I'll start deploying the changes next week. On Thu, Jun 15, 2017 at 6:03 AM, Jens Timmerman via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi, > > On 14/06/2017 18:02, Jason Sherrill via FreeIPA-users wrote: > > H

[Freeipa-users] Re: Certificate renewals with external CA

On Thu, 15 Jun 2017, Rob Crittenden wrote: Rob Foehl wrote: Can I at least get a yes or no on whether external CA certificate renewal has ever been tested when that certificate is nearing expiration? Yes. I tested this with IPA v3.0. Did it break in between? Possible. As I pointed out certmo

[Freeipa-users] Re: Access issues with SSH/IPA

On Thu, Jun 15, 2017 at 05:15:41PM -, john.bowman--- via FreeIPA-users wrote: > Which path would be better? Upgrading sssd on the older machines or > attempting to delete the ldap entries? I think you want to fix the server side, upgrading sssd is just a quick kludge to let you access th