[Freeipa-users] Re: freeipa and saml

2018-02-07 Thread Alexander Bokovoy via FreeIPA-users
On ke, 07 helmi 2018, Rob Crittenden via FreeIPA-users wrote: Николай Савельев via FreeIPA-users wrote: Hi. I have freeipa with AD trust. I want to setup Nextcloud with ipa and ad users. Ldap in cn=compat,dc=dom,dc=lan doesnt have memberOf atribute. I setup ipsilon

[Freeipa-users] Re: Group membership and AD trust problem

2018-02-07 Thread Alexander Bokovoy via FreeIPA-users
On ke, 07 helmi 2018, Boris Sukhinin via FreeIPA-users wrote: I've tried the same setup with RHEL 7.5 beta and Fedora Server 27 but still no luck. Everything works fine (except there is no membership info for AD users in cn=groups,cn=compat) until I add the following lines to the compat plugin

[Freeipa-users] Re: Missing MasterCRL.bin after upgrade from 3.0 to 4 on CentOS 7.4

2018-02-07 Thread Jim Richard via FreeIPA-users
00 >> MasterCRL-20180206-01.der >> -rw-rw-r-- 1 pkiuser pkiuser 59148 Feb 6 05:00 >> MasterCRL-20180206-05.der >> -rw-rw-r-- 1 pkiuser pkiuser 59148 Feb 6 09:00 >> MasterCRL-20180206-09.der >> -rw-rw-r-- 1 pkiuser pkiuser 59148 Feb 6 13:00 >> M

[Freeipa-users] Re: Missing MasterCRL.bin after upgrade from 3.0 to 4 on CentOS 7.4

2018-02-07 Thread Rob Crittenden via FreeIPA-users
Feb  6 13:00 > MasterCRL-20180206-13.der > -rw-rw-r-- 1 pkiuser pkiuser 59148 Feb  6 17:00 > MasterCRL-20180206-17.der > -rw-rw-r-- 1 pkiuser pkiuser 59148 Feb  6 21:00 > MasterCRL-20180206-21.der > -rw-rw-r-- 1 pkiuser pkiuser 59148 Feb  7 01:00 > MasterCRL-20180207-

[Freeipa-users] Re: IPA-Server Deletion issues

2018-02-07 Thread Jamal Mahmoud via FreeIPA-users
Hi Rob, Just wondering if you had time to look at this issue for me? Still stuck in a state of limbo with this IDM and i have run out of options. Any help in resolving this issue would be appreciated. Many Thanks, Jamal On 1 February 2018 at 17:04, Jamal Mahmoud wrote:

[Freeipa-users] FreeIPA replica in AWS

2018-02-07 Thread Andrew Meyer via FreeIPA-users
I just got FreeIPA added as a client and then I tried to promote it as a replica. I got the following error: Done configuring kadmin. Configuring directory server (dirsrv) [1/3]: configuring TLS for DS instance [error] RuntimeError: Certificate issuance failed (CA_REJECTED) Your system may be

[Freeipa-users] Re: IPA-Server Deletion issues

2018-02-07 Thread Rob Crittenden via FreeIPA-users
Jamal Mahmoud via FreeIPA-users wrote: > Hi Rob, > > Just wondering if you had time to look at this issue for me? Still stuck > in a state of limbo with this IDM and i have run out of options. Any > help in resolving this issue would be appreciated. A few more questions. What is the output of:

[Freeipa-users] Missing MasterCRL.bin after upgrade from 3.0 to 4 on CentOS 7.4

2018-02-07 Thread Jim Richard via FreeIPA-users
6-13.der -rw-rw-r-- 1 pkiuser pkiuser 59148 Feb 6 17:00 MasterCRL-20180206-17.der -rw-rw-r-- 1 pkiuser pkiuser 59148 Feb 6 21:00 MasterCRL-20180206-21.der -rw-rw-r-- 1 pkiuser pkiuser 59148 Feb 7 01:00 MasterCRL-20180207-01.der -rw-rw-r-- 1 pkiuser pkiuser 59148 Feb 7 07:36 Ma

[Freeipa-users] Re: IPA 4.5 with radius server

2018-02-07 Thread barrykfl--- via FreeIPA-users
I have some confuse in the following sample: https://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_to_service_accounts..html host.ipa.example.net.au > if I have a cluster of ldap should I only need config install in one server only or two? if two then I may need change

[Freeipa-users] Re: freeipa and saml

2018-02-07 Thread Николай Савельев via FreeIPA-users
07.02.2018, 22:20, "Rob Crittenden" : > Николай Савельев via FreeIPA-users wrote: >>  Hi. >>  I have freeipa with AD trust. >>  I want to setup Nextcloud with ipa and ad users. >>  Ldap in cn=compat,dc=dom,dc=lan doesnt have memberOf atribute. >>  I setup ipsilon

[Freeipa-users] freeipa and saml

2018-02-07 Thread Николай Савельев via FreeIPA-users
Hi. I have freeipa with AD trust. I want to setup Nextcloud with ipa and ad users. Ldap in cn=compat,dc=dom,dc=lan doesnt have memberOf atribute. I setup ipsilon (https://ipsilon-project.org/) for SSO and SAML autentification. Autentification with login and password works But i have local domain

[Freeipa-users] Re: Certificates renewing with the wrong Subject

2018-02-07 Thread Roderick Johnstone via FreeIPA-users
On 05/02/2018 19:44, Rob Crittenden via FreeIPA-users wrote: Roderick Johnstone wrote: On 31/01/2018 20:36, Rob Crittenden via FreeIPA-users wrote: Roderick Johnstone via FreeIPA-users wrote: On 25/01/2018 16:56, Roderick Johnstone via FreeIPA-users wrote: On 25/01/2018 13:43, Rob Crittenden

[Freeipa-users] Re: Group membership and AD trust problem

2018-02-07 Thread Boris Sukhinin via FreeIPA-users
I've tried the same setup with RHEL 7.5 beta and Fedora Server 27 but still no luck. Everything works fine (except there is no membership info for AD users in cn=groups,cn=compat) until I add the following lines to the compat plugin configuration in LDAP: schema-compat-entry-attribute:

[Freeipa-users] Re: freeipa and saml

2018-02-07 Thread Rob Crittenden via FreeIPA-users
Николай Савельев via FreeIPA-users wrote: > Hi. > I have freeipa with AD trust. > I want to setup Nextcloud with ipa and ad users. > Ldap in cn=compat,dc=dom,dc=lan doesnt have memberOf atribute. > I setup ipsilon (https://ipsilon-project.org/) for SSO and SAML > autentification. >