[Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Morning all I have setup the domain trust set up and have errors when trying to map groups from AD to IPA Environment is IPA 3.0 on RHEL 6.4 and Windows 2012 When adding groups, I get the following. [root@ds01 ~]# ipa group-add --desc='Active Dire

Re: [Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012

On Fri, Mar 15, 2013 at 09:38:04AM +, Dale Macartney wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Morning all > > I have setup the domain trust set up and have errors when trying to map > groups from AD to IPA > > Environment is IPA 3.0 on RHEL 6.4 and Windows 2012 > > Wh

Re: [Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2013 09:52 AM, Sumit Bose wrote: > On Fri, Mar 15, 2013 at 09:38:04AM +, Dale Macartney wrote: >> > Morning all > > I have setup the domain trust set up and have errors when trying to map > groups from AD to IPA > > Environment is IPA 3.

Re: [Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2013 10:03 AM, Dale Macartney wrote: > > > On 03/15/2013 09:52 AM, Sumit Bose wrote: > > On Fri, Mar 15, 2013 at 09:38:04AM +, Dale Macartney wrote: > >> > > Morning all > > > I have setup the domain trust set up and have errors when try

Re: [Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2013 10:06 AM, Dale Macartney wrote: > > > On 03/15/2013 10:03 AM, Dale Macartney wrote: > > > > On 03/15/2013 09:52 AM, Sumit Bose wrote: > > > On Fri, Mar 15, 2013 at 09:38:04AM +, Dale Macartney wrote: > > >> > > > Morning all > > > >

Re: [Freeipa-users] Allow IPA Join and remove only

John Moyer wrote: Question: I am trying to reduce the rights to an account so that it can only add and remove machines from the IPA server. It will be used for scripts to run as this user to bind machines that are stood up adhoc to the IPA server, and then clean them up after they are ready for

Re: [Freeipa-users] Solaris Clients

On Mar 14, 2013, at 7:08 AM, Luke Kearney wrote: > > On Mar 14, 2013, at 6:38 AM, KodaK wrote: > >> On Wed, Mar 13, 2013 at 3:39 PM, Luke Kearney wrote: >>> Hello, >>> >>> I have recently been working on integrating our solaris 10 fleet with >>> FreeIPA. The first 'test' host went relatively

Re: [Freeipa-users] check host password age

On 03/13/2013 05:35 AM, Stijn De Weirdt wrote: > i'll get back to the previous part later, wehn i can test it (thanks > petr!) > > i guess the timestamps are somehwere in the ldap schema, i would like to know where or how i can find them. and if possible, how to do that using th

Re: [Freeipa-users] Revisiting auditing and avoiding reinvention of round rolling things

On 03/13/2013 11:49 AM, KodaK wrote: > Hi all. > > I know that the A part of IPA has been delayed, but that doesn't mean > that the auditing requirement has gone away. > > Before I write a bunch of stuff for this, I wanted to see if anyone > had any thoughts (or code!) regarding how to accomplish s

Re: [Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012

On 03/15/2013 08:59 AM, Dale Macartney wrote: > > Any ideas what KDC returned error string: HANDLE_AUTHDATA means? > Sumit, can it be that the SSSD plugin into the SSH that processes MSPACs is not working properly? -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc.