Re: [Freeipa-users] Another CA replica install issue

2012-03-28 Thread Dan Scott
Can anyone help with this? Thanks, Dan On Mon, Mar 26, 2012 at 16:17, Dan Scott danieljamessc...@gmail.com wrote: On Mon, Mar 26, 2012 at 15:53, Rob Crittenden rcrit...@redhat.com wrote: Dan Scott wrote: Hi, I'm having another replica CA install issue. Fedora 16 with latest updates

Re: [Freeipa-users] Another CA replica install issue

2012-03-28 Thread Rob Crittenden
Dan Scott wrote: Can anyone help with this? Thanks, Dan On Mon, Mar 26, 2012 at 16:17, Dan Scottdanieljamessc...@gmail.com wrote: On Mon, Mar 26, 2012 at 15:53, Rob Crittendenrcrit...@redhat.com wrote: Dan Scott wrote: Hi, I'm having another replica CA install issue. Fedora 16 with

[Freeipa-users] passwd sync

2012-03-28 Thread Steven Jones
Hi, I have a support call into RH as the passync msi is in the RDS channel so I have no access to it as I have no RDS subscription..so if its free as it comes with IPA it needs to be moved. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ

Re: [Freeipa-users] passwd sync

2012-03-28 Thread Steven Jones
8-- It cannot be a wildcard: if (strcasecmp(krbcfg-passsync_mgrs[i], bindDN) == 0) { pwdata.changetype = IPA_CHANGETYPE_DSMGR; break; } but it is multivalued. 8-- This is over my head 8-- What exactly are you

Re: [Freeipa-users] passwd sync

2012-03-28 Thread Dmitri Pal
On 03/28/2012 03:50 PM, Steven Jones wrote: 8-- It cannot be a wildcard: if (strcasecmp(krbcfg-passsync_mgrs[i], bindDN) == 0) { pwdata.changetype = IPA_CHANGETYPE_DSMGR; break; } but it is multivalued. 8-- This is

Re: [Freeipa-users] passwd sync

2012-03-28 Thread Steven Jones
Hi, That is cool, but I have not read that anywhere, can we get that bit written into the passsync section? or have I missed it? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From:

[Freeipa-users] http service keytab for cname virtual host

2012-03-28 Thread Natxo Asenjo
hi, enable a kerberized site with the fqdn is very easy with freeipa but we would like to use virtual hosting and kerberized sites. I have joined a host webserver01.ipa.domain.tld to a ipa realm. I then created a spn HTTP/webserver01.ipa.domain.tld, generated the keytab, configured the apache

Re: [Freeipa-users] passwd sync

2012-03-28 Thread Simo Sorce
On Wed, 2012-03-28 at 20:12 +, Steven Jones wrote: Hi, That is cool, but I have not read that anywhere, can we get that bit written into the passsync section? or have I missed it? This may shed some light: http://freeipa.org/page/PasswordSynchronization Simo. -- Simo Sorce * Red

Re: [Freeipa-users] http service keytab for cname virtual host

2012-03-28 Thread Rob Crittenden
Natxo Asenjo wrote: hi, enable a kerberized site with the fqdn is very easy with freeipa but we would like to use virtual hosting and kerberized sites. I have joined a host webserver01.ipa.domain.tld to a ipa realm. I then created a spn HTTP/webserver01.ipa.domain.tld, generated the keytab,

Re: [Freeipa-users] http service keytab for cname virtual host

2012-03-28 Thread Simo Sorce
On Wed, 2012-03-28 at 22:49 +0200, Natxo Asenjo wrote: hi, enable a kerberized site with the fqdn is very easy with freeipa but we would like to use virtual hosting and kerberized sites. I have joined a host webserver01.ipa.domain.tld to a ipa realm. I then created a spn

Re: [Freeipa-users] http service keytab for cname virtual host

2012-03-28 Thread Simo Sorce
On Wed, 2012-03-28 at 17:30 -0400, Rob Crittenden wrote: Natxo Asenjo wrote: hi, enable a kerberized site with the fqdn is very easy with freeipa but we would like to use virtual hosting and kerberized sites. I have joined a host webserver01.ipa.domain.tld to a ipa realm. I then