Re: [Freeipa-users] Centos 6

2011-10-19 Thread Sigbjorn Lie
For the stable version I suppose you have to wait for CentOS 6.2, after RHEL 6.2 is out. At the moment even CentOS 6.1 hasn't been released, so I thin it will be a while. Have a look at Scientific Linux instead: http://www.scientificlinux.org/ They're already got a 6.1 release with updated pkgs

[Freeipa-users] Announcing FreeIPA 2.1.3

2011-10-19 Thread Rob Crittenden
The FreeIPA team is proud to announce version 2.1.3. It can be downloaded from http://www.freeipa.org/Downloads == What happened to 2.1.2!? == Right after tagging 2.1.2 we found an upgrade issue that would have affected any users using the selfsign CA (installed with --selfsign). We decided

Re: [Freeipa-users] Extending schema

2011-10-19 Thread Dmitri Pal
On 10/16/2011 04:53 PM, Sigbjorn Lie wrote: On 10/14/2011 03:14 PM, Jenny Galipeau wrote: - Original Message - On Thu, 2011-10-13 at 15:44 +0200, Sigbjorn Lie wrote: Hi, What is your recommendations for avoiding incompatability with future upgrades of IPA if extending the dirsrv

[Freeipa-users] The concept of sites...

2011-10-19 Thread Sigbjorn Lie
Hi, Has there been given any thought to the concept of sites within IPA to improve cross-site implementations? This should be easy to implement as you are already using DNS SRV records to locate the ldap/kerberos servers. E.g. Site: Boston Site: London Create a subdomain of the IPA dns

Re: [Freeipa-users] The concept of sites...

2011-10-19 Thread Dmitri Pal
On 10/19/2011 03:14 PM, Sigbjorn Lie wrote: Hi, Has there been given any thought to the concept of sites within IPA to improve cross-site implementations? This should be easy to implement as you are already using DNS SRV records to locate the ldap/kerberos servers. E.g. Site: Boston

Re: [Freeipa-users] The concept of sites...

2011-10-19 Thread Simo Sorce
On Wed, 2011-10-19 at 15:24 -0400, Dmitri Pal wrote: On 10/19/2011 03:14 PM, Sigbjorn Lie wrote: Hi, Has there been given any thought to the concept of sites within IPA to improve cross-site implementations? This should be easy to implement as you are already using DNS SRV records to

Re: [Freeipa-users] The concept of sites...

2011-10-19 Thread Steven Jones
Hi, I think AD sort of does this which they have now backed away from? From my very limited understanding having sub-domains/realms seems to be counter-productivein that trying to do cross-realm trusts/passwords/user info becomes a nightmare? I know somehow I have to get unix.vuw.ac.nz

[Freeipa-users] Problem when SSHing into FreeIPA client

2011-10-19 Thread Dan Scott
Hi, I am having some problems when SSHing into my Fedora 15 client which is authenticated using FreeIPA djscott@pc35:~$ ssh admin@pc35 admin@pc35's password: id: cannot find name for user ID 181260 id: cannot find name for user ID 181260 [I have no name!@pc35 ~]$ logout Connection to

Re: [Freeipa-users] The concept of sites...

2011-10-19 Thread Sigbjorn Lie
I see your point with a messy dns infrastructure, however this would happen in the background. You would still only have one kerberos realm per IPA instance. Rgds, Siggi On Wed, October 19, 2011 21:30, Steven Jones wrote: Hi, I think AD sort of does this which they have now backed away

Re: [Freeipa-users] The concept of sites...

2011-10-19 Thread Steven Jones
Ah right, yes, one realm. However how would you password sync with AD? So sayLondon.ad.ms.com and Newyork.ad.ms.com With NY as the head So with london.ipa.unix.com and newyork.ipa.unix.com Is there still only one winsync agreement? regards Steven Jones Technical Specialist -

Re: [Freeipa-users] The concept of sites...

2011-10-19 Thread Sigbjorn Lie
On Wed, October 19, 2011 21:27, Simo Sorce wrote: On Wed, 2011-10-19 at 15:24 -0400, Dmitri Pal wrote: On 10/19/2011 03:14 PM, Sigbjorn Lie wrote: Hi, Has there been given any thought to the concept of sites within IPA to improve cross-site implementations? This should be easy to

Re: [Freeipa-users] The concept of sites...

2011-10-19 Thread Sigbjorn Lie
The London/newyork dns sub-domains would be used for looking up srv records for the local kerberos/ldap servers only. The actual domain configured on the client and the kerberos and LDAP base would still be the ipa.domain.com. Sync with AD would still be done between ipa.domain.com -

Re: [Freeipa-users] Problem when SSHing into FreeIPA client

2011-10-19 Thread Dmitri Pal
On 10/19/2011 04:05 PM, Dan Scott wrote: Hi, I am having some problems when SSHing into my Fedora 15 client which is authenticated using FreeIPA djscott@pc35:~$ ssh admin@pc35 admin@pc35's password: id: cannot find name for user ID 181260 id: cannot find name for user ID 181260

Re: [Freeipa-users] Problem when SSHing into FreeIPA client

2011-10-19 Thread Jan Zeleny
Dmitri Pal d...@redhat.com wrote: On 10/19/2011 04:05 PM, Dan Scott wrote: Hi, I am having some problems when SSHing into my Fedora 15 client which is authenticated using FreeIPA djscott@pc35:~$ ssh admin@pc35 admin@pc35's password: id: cannot find name for user ID 181260

Re: [Freeipa-users] Problem when SSHing into FreeIPA client

2011-10-19 Thread Dan Scott
Hi, On Wed, Oct 19, 2011 at 16:43, Dmitri Pal d...@redhat.com wrote: On 10/19/2011 04:05 PM, Dan Scott wrote: Hi, I am having some problems when SSHing into my Fedora 15 client which is authenticated using FreeIPA djscott@pc35:~$ ssh admin@pc35 admin@pc35's password: id: cannot find