Hi,
I've a weird problem with 2 hosts on ipa-client-install registration.
All my servers are using a 99% alike kickstart profile.
8 hosts did their registration almost immediately (after submit of admin)
But on 2 servers I am stuck with:
stderr=
trying to retrieve CA cert via LDAP from
https://github.com/abajwa-hw/security-workshops/blob/master/Setup-knox-23.md
Adapts as necessary
On Mon, Nov 13, 2017 at 4:28 PM, Kat via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Curious if anyone has done any configuration in using Apache Knox and
> integrating into
Hi,
We have an application (Spring LDAP backend) that uses ketyabs in the IPA
domain for SSO auth.
No problems at all for internal FreeIPA users after they have a valid
ticket (using MIT Kerberos for Windows) and a correctly configured browser.
An AD user is never present in IPA itself as an
er if the product uses SSSD/PAM as identity store as well
somehow...
Sincerely Pieter
On Mon, Jul 2, 2018 at 2:15 PM Alexander Bokovoy
wrote:
> On ma, 02 heinä 2018, Pieter Baele via FreeIPA-users wrote:
> > Hi,
> >
> >We have an application (Spring LDAP backend)
Hi,
We have an application (Spring LDAP backend) that uses ketyabs in the IPA
domain for SSO auth.
No problems at all for internal FreeIPA users after they have a valid
ticket (using MIT Kerberos for Windows) and a correctly configured browser.
An AD user is never present in IPA itself as an
umber: x
homeDirectory: /home/Accmsnet.railb.be/mcj7700
ipaAnchorUUID:: x
uid: mcj7...@accmsnet.railb.be
Thx a lot!
-- Pieter
On Wed, Jul 4, 2018 at 7:22 AM Alexander Bokovoy
wrote:
> On ke, 04 heinä 2018, Pieter Baele via FreeIPA-users wrote:
> >Hi,
> >
> >On a test
Hi,
On a test FreeIPA environment (4.5.0-22), a user is shown using the id
command, so ID Override is working as well.
id x...@accmsnet.railb.be
uid=8028(x...@accmsnet.railb.be) gid=4030(ucc)
groups=4030(ucc),702800513(domain us...@accmsnet.railb.be
),131849(ad_users)
However this particular
I have currently been assisting an AIX colleague to use IPA as
authentication/authz provider for AIX systems.
That way we are moving to a common platform
We have found some examples on the web (AIX 5.x, AIX 6); information here
and there - but for the moment we still have a few issues.
The
Is it somehow possible to have the uid field
in cn=users,cn=compat,dc=accnix,dc=infrabel,dc=be without the domain
extension?
It is causing problems for AD users using an IPA-AD trust
This problem was also discussed in
Ok, thanks for the clarification.
So there is *no* possibility to serve AIX completely...
There goes the use-case for our Unix admins - np ;-)
On Wed, Jul 25, 2018 at 1:56 PM Alexander Bokovoy
wrote:
> On ke, 25 heinä 2018, Pieter Baele via FreeIPA-users wrote:
> >Is it somehow
Hi,
Would it somehow be possible to - partially - sync AD users (max 200) with
IPA while still using a trust with the same domain?
Logically this sounds like a bad idea, but my colleagues would really
really like to use IPA also for AIX. The biggest limitation is that the AIX
client doesn't work
Hi,
I've one more application that doesn't behave very properly with FQDN users.
For LDAP, this is no longer a problem as we use AD directly for
applications now.
But this application uses PAM, so somehow I do need to present it a
shortname as described in
it?)
Thx for any advice
On Thu, Sep 6, 2018 at 9:23 AM Alexander Bokovoy
wrote:
> On to, 06 syys 2018, Pieter Baele via FreeIPA-users wrote:
> >Hi,
> >
> >I've one more application that doesn't behave very properly with FQDN
> users.
> >For LDAP, this is no
N response.
>
> Finally, on IPA masters do not reconfigure SSSD to output non-FQDN
> names. This breaks badly compat tree and if you'd use legacy clients
> with trust to AD, there is no way to fix that.
>
> >
> >Thx for any advice
> >
> >
> >
> >
&g
RHEL is indeed available for Power 8 and Power 9.
But FreeIPA server is not, only the clients / sssd :-(
On Mon, Nov 12, 2018 at 7:14 PM Rob Crittenden wrote:
> Pieter Baele via FreeIPA-users wrote:
> > Seriously? I could not find them in our internal satellite 6 install and
&g
Anyone an idea what the timeline/roadmap is for FreeIPA ipa-server PPC64LE
build for Centos 7 (or RH IDM on RHEL 7/8)
I only see some packages for PowerPC on Fedora and Ubuntu
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To
Seriously? I could not find them in our internal satellite 6 install and
support was going more into the subject of the IBM acquisition then
technical stuff
On Mon, 12 Nov 2018, 17:55 Rob Crittenden, wrote:
> Pieter Baele via FreeIPA-users wrote:
> > Anyone an idea what the timelin
I tried various approached to get Renewable tickets :
modifying the kdc
modifying krb5.conf
using kadmin.local on every replica to modify the principal; which is not
working - as designed (?)- in IPA
What should I do to get a ticket with the correct R flag from IPA ?
I don't think this is SSSD
Hi,
We use an IPA domain for a large part of our internal servers.
Our first one-way trust implementation was not properly working because of
routing issues.
Two-way trust in our environment is not possible, because normal users are
limited.
(we can resolve 'system/service' accounts without
are reaching out to RH)
Sincerely Pieter
On Wed, 16 Oct 2019, 10:08 Alexander Bokovoy, wrote:
> On ke, 16 loka 2019, Pieter Baele via FreeIPA-users wrote:
> >The only open issue we have with IPA is Windows clients not being directed
> >to the Kerberos servers of the IPA rea
On Fri, Oct 18, 2019 at 8:26 AM Alexander Bokovoy
wrote:
> On pe, 18 loka 2019, Pieter Baele wrote:
> >All Windows clients are properly enrolled into the AD domain.
> >
> >We can't use two-way trust because of reasons you explained here before. A
> >one-way external trust is used. All perfectly
The only open issue we have with IPA is Windows clients not being directed
to the Kerberos servers of the IPA realm.
We can solve this issue using domain_realm registry keys as mentioned on
the mailing list before.
But is there any different method to accomplish this?
As far as I know/read,
Hi ,
Current IPA environment is using lowercase usernames.
But we also have a LDAP environment in which usernames are in UPPERCASE.
This is used for "some" krb tickets possibilities.
Imagine we add users to the Default Trust View and adapt login to
UPPERCASE. Can we expect some troubles or
Hi,
We only used the default trust view. Recently a colleague added another ID
View.
After that when adding a lot of new users from AD, with overrides in the
Default Trust View we were not able to resolve the new users (id: ‘xx’:
no such user)
on IPA clients. No problem on the IPA servers
24 matches
Mail list logo
