[Freeipa-users] Re: AD trust setup woes

There is IPA provider, but no sssd_pac module. [service_startup_handler] (0x0010): Could not exec /usr/lib/sssd/sssd_pac --debug-to-files, reason: No such file or directory ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To

[Freeipa-users] Re: AD trust setup woes

On ti, 12 syys 2017, Igor Sever via FreeIPA-users wrote: Unfortunately, I cannot upgrade systems and packages as I want because of legacy applications. Is there somewhere information how would I approach to configure SSSD to use FreeIPA as Kerberos and LDAP provider and for policies to work? I

[Freeipa-users] Re: AD trust setup woes

Unfortunately, I cannot upgrade systems and packages as I want because of legacy applications. Is there somewhere information how would I approach to configure SSSD to use FreeIPA as Kerberos and LDAP provider and for policies to work? I can only find where access is enforced with LDAP filter

[Freeipa-users] Re: AD trust setup woes

On (11/09/17 07:42), Igor Sever via FreeIPA-users wrote: >Can I use FreeIPA as Kerberos and LDAP provider (not as IPA) and still use >policies somehow? Yes you can, but sssd-1.11.5.1 was quite broken and contained many bugs. 1.11.8 should be much better but from sssd upstream POV 1.13 is long

[Freeipa-users] Re: AD trust setup woes

Can I use FreeIPA as Kerberos and LDAP provider (not as IPA) and still use policies somehow? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: AD trust setup woes

sssd-krb5-common-1.11.5.1-14.1.x86_64 sssd-32bit-1.11.5.1-28.1.x86_64 sssd-ad-1.11.5.1-14.1.x86_64 sssd-ipa-1.11.5.1-14.1.x86_64 python-sssd-config-1.11.5.1-14.1.x86_64 sssd-1.11.5.1-14.1.x86_64 sssd-tools-1.11.5.1-14.1.x86_64 sssd-krb5-1.11.5.1-14.1.x86_64 sssd-ldap-1.11.5.1-14.1.x86_64

[Freeipa-users] Re: AD trust setup woes

> On 10 Sep 2017, at 16:36, Igor Sever via FreeIPA-users > wrote: > > It looks like my problems with AD trust on server side went away when I > upgraded to FreeIPA 4.5 using Centos 7.4 packages, but unfortunately this is > only half of the way. > I have

[Freeipa-users] Re: AD trust setup woes

It looks like my problems with AD trust on server side went away when I upgraded to FreeIPA 4.5 using Centos 7.4 packages, but unfortunately this is only half of the way. I have alot of SLES servers 11 and 12, but it looks like SSSD that comes with SLES is not fully featured as RHEL or Centos.

[Freeipa-users] Re: AD trust setup woes

On to, 03 elo 2017, Igor Sever via FreeIPA-users wrote: I didn’t specify any ID range. This was all done automagically by setup. I read a lot of documentation, and I can’t remember that ever been mentioned. We indeed had NIS at some point, but this is not supported any more by MS, and FreeIPA

[Freeipa-users] Re: AD trust setup woes

I didn’t specify any ID range. This was all done automagically by setup. I read a lot of documentation, and I can’t remember that ever been mentioned. We indeed had NIS at some point, but this is not supported any more by MS, and FreeIPA should not just presume that we have gidNumber on all

[Freeipa-users] Re: AD trust setup woes

On ke, 02 elo 2017, Igor Sever via FreeIPA-users wrote: There is no gidNumber attribute on AD group objects. If I want to apply posix attributes directly in AD, then I don't need FreeIPA, do I...

[Freeipa-users] Re: AD trust setup woes

There is no gidNumber attribute on AD group objects. If I want to apply posix attributes directly in AD, then I don't need FreeIPA, do I... https://blogs.technet.microsoft.com/activedirectoryua/2016/02/09/identity-management-for-unix-idmu-is-deprecated-in-windows-server/ It is obvious that

[Freeipa-users] Re: AD trust setup woes

On Tue, Aug 01, 2017 at 11:20:16AM -, Igor Sever via FreeIPA-users wrote: > I have the same error. > I established two-way trust with AD which went fine. > Authentication with Kerberos to AD is working. > Since I have one test FreeIPA which is working correctly (relatively) I > compared logs

[Freeipa-users] Re: AD trust setup woes

On Tue, Jul 25, 2017 at 10:12:38AM -0400, Jason Hensley via FreeIPA-users wrote: > On Tue, Jul 25, 2017 at 2:29 AM, Jakub Hrozek via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > > > On Mon, Jul 24, 2017 at 04:25:14PM -0400, Jason Beck via FreeIPA-users > > wrote: > > > On Mon,

[Freeipa-users] Re: AD trust setup woes

On Mon, Jul 24, 2017 at 2:23 PM, Jakub Hrozek wrote: > On Mon, Jul 24, 2017 at 01:53:20PM -0400, Jason Beck wrote: > > On Mon, Jul 24, 2017 at 9:25 AM, Jakub Hrozek > wrote: > > > > > On Mon, Jul 24, 2017 at 09:05:59AM -0400, Jason Beck wrote: > > > > On

[Freeipa-users] Re: AD trust setup woes

On Jul 24, 2017 4:14 AM, "Jakub Hrozek via FreeIPA-users" < freeipa-users@lists.fedorahosted.org> wrote: > On Fri, Jul 21, 2017 at 03:43:58PM -0400, Jason Beck via FreeIPA-users > wrote: > > I have been trying to reliably get an AD trust setup for a few weeks and > no > > matter what I try, when

[Freeipa-users] Re: AD trust setup woes

On Mon, Jul 24, 2017 at 09:05:59AM -0400, Jason Beck wrote: > On Jul 24, 2017 4:14 AM, "Jakub Hrozek via FreeIPA-users" < > freeipa-users@lists.fedorahosted.org> wrote: > > > On Fri, Jul 21, 2017 at 03:43:58PM -0400, Jason Beck via FreeIPA-users > > wrote: > > > I have been trying to reliably get

[Freeipa-users] Re: AD trust setup woes

On Fri, Jul 21, 2017 at 03:43:58PM -0400, Jason Beck via FreeIPA-users wrote: > I have been trying to reliably get an AD trust setup for a few weeks and no > matter what I try, when I goto add AD users to an external group in > FreeIPA, I get: > > "trusted domain object not found" > > Googling