Re: [Freeipa-users] need info on AD / IPA coexistence

2012-03-08 Thread Sylvain Angers
is abcd.ca your windows domain ? yes in this example ipa-server-install -a xx \ --hostname=ipa1.unix.abcd.ca \ -n unix.abcd.ca \ -p xxx \ -r UNIX.ABCD.CA http://unix.abcd.ca/ \ --subject=subject_DN \ #Sets the base element for the subject DN of the issued

Re: [Freeipa-users] need info on AD / IPA coexistence

2012-03-08 Thread Sylvain Angers
Hi Again Our current Linux/AIX servers fqdn should remain on abcd.ca domain I need an advice: Should the ipa server fqdn be ipa.abcd.ca or ipa.unix.abcd.ca? and on the Linux/AIX server, should we add entry of both dns (ipa and Microsoft AD) in resolv.conf? domain unix.abcd.ca search

Re: [Freeipa-users] need info on AD / IPA coexistence

2012-03-08 Thread Simo Sorce
On Thu, 2012-03-08 at 09:46 -0500, Sylvain Angers wrote: Hi Again Our current Linux/AIX servers fqdn should remain on abcd.ca domain I need an advice: Should the ipa server fqdn be ipa.abcd.ca or ipa.unix.abcd.ca? You can have machines on a different DNS domain with FreeIPA. So you can

Re: [Freeipa-users] need info on AD / IPA coexistence

2012-03-08 Thread Sylvain Angers
Alright! I am now requesting to our DNS team please delegate dns zone unix.abcd.ca to ??? Question: is the ipa server fqdn, be ipaserver.unix.abcd.ca or ipaserver.abcd.ca? does it matter? thanks 2012/3/8 Simo Sorce s...@redhat.com On Thu, 2012-03-08 at 09:46 -0500, Sylvain Angers wrote:

Re: [Freeipa-users] need info on AD / IPA coexistence

2012-03-08 Thread Simo Sorce
On Thu, 2012-03-08 at 11:54 -0500, Sylvain Angers wrote: Alright! I am now requesting to our DNS team please delegate dns zone unix.abcd.ca to ??? the ip address of your ipa server, they will know what questions to ask :) Question: is the ipa server fqdn, be ipaserver.unix.abcd.ca or

Re: [Freeipa-users] need info on AD / IPA coexistence

2012-03-08 Thread Brian Cook
If your AD realm is ABCD.CA and you want your unix realm to be UNIX.ABCD.CA then your FQDN should be ipaserver.unix.abcd.ca When you delegate the zone from AD, you should have at least two IPA servers running bind listed. ipaserver1.unix.abcd.ad ipaserver2.unix.abcd.ad That way if one is

[Freeipa-users] IPA clashing with selinux on users home directories

2012-03-08 Thread Steven Jones
Hi, I am setting up some IPA users what I have noticed is if I or they type startx to start a gui locking the .Xauthority fails, if I setenforce 0 then it works fine.I have never seen this behaviour before and googling suggests its an IPA and selinux conflict. and in fact when I create a

Re: [Freeipa-users] IPA clashing with selinux on users home directories

2012-03-08 Thread Stephen Gallagher
On Thu, 2012-03-08 at 20:14 +, Steven Jones wrote: Hi, I am setting up some IPA users what I have noticed is if I or they type startx to start a gui locking the .Xauthority fails, if I setenforce 0 then it works fine.I have never seen this behaviour before and googling suggests its

Re: [Freeipa-users] IPA clashing with selinux on users home directories

2012-03-08 Thread Simo Sorce
On Thu, 2012-03-08 at 21:27 +, Steven Jones wrote: Hi, I used ipa-client-install --mkhomedir How do I change that so it will do so properly? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272

Re: [Freeipa-users] IPA clashing with selinux on users home directories

2012-03-08 Thread Steven Jones
Thanks, I can put that in Sat. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Simo Sorce [s...@redhat.com] Sent: Friday, 9 March 2012 10:35 a.m. To: Steven Jones Cc: