Re: [Freeipa-users] User admins for different groups

2013-03-26 Thread Philipp Richter
On 03/26/2013 12:39 AM, Dmitri Pal wrote: I am trying to do the following: We have some branch offices at different locations. We want to use one ipa-server with replicas in each branch office. Each branch office should have it's own set of administrators who should be able to

Re: [Freeipa-users] mutiple domain, single realm

2013-03-26 Thread Alexander Bokovoy
On Tue, 26 Mar 2013, Stijn De Weirdt wrote: hi all, how can one add more domains to the same (existing) realm with ipa? we would like to bring multiple networks (some private, some public) under a single realm. as far as i understand krb5.conf, it means creating the following domain_realm

Re: [Freeipa-users] mutiple domain, single realm

2013-03-26 Thread Stijn De Weirdt
thanks for the info. i'll setup a test with current branch and see if that works for us. stijn On 03/26/2013 01:52 PM, Alexander Bokovoy wrote: On Tue, 26 Mar 2013, Stijn De Weirdt wrote: hi all, how can one add more domains to the same (existing) realm with ipa? we would like to bring

Re: [Freeipa-users] User admins for different groups

2013-03-26 Thread Rob Crittenden
Philipp Richter wrote: On 03/26/2013 12:39 AM, Dmitri Pal wrote: I am trying to do the following: We have some branch offices at different locations. We want to use one ipa-server with replicas in each branch office. Each branch office should have it's own set of administrators who should be

Re: [Freeipa-users] User admins for different groups

2013-03-26 Thread Petr Spacek
On 26.3.2013 15:10, Rob Crittenden wrote: Philipp Richter wrote: On 03/26/2013 12:39 AM, Dmitri Pal wrote: I am trying to do the following: We have some branch offices at different locations. We want to use one ipa-server with replicas in each branch office. Each branch office should have

Re: [Freeipa-users] User admins for different groups

2013-03-26 Thread Rob Crittenden
Petr Spacek wrote: On 26.3.2013 15:10, Rob Crittenden wrote: Philipp Richter wrote: On 03/26/2013 12:39 AM, Dmitri Pal wrote: I am trying to do the following: We have some branch offices at different locations. We want to use one ipa-server with replicas in each branch office. Each branch

[Freeipa-users] Heads-up: Removing self-sign CA

2013-03-26 Thread Petr Viktorin
Hello list, FreeIPA's self-sign CA is a holdout from days where the our integration with a real CA wasn't that good. Also its name is confusing: the Dogtag CA also uses a self-signed certificate by default. We will soon be introducing a way to install IPA with custom certificates without a CA

[Freeipa-users] Announcing FreeIPA 3.1.3

2013-03-26 Thread Martin Kosek
The FreeIPA team is proud to announce version FreeIPA v3.1.3. It can be downloaded from http://www.freeipa.org/page/Downloads. The new version has also been built for Fedora 18 and is on its way to updates-testing: https://admin.fedoraproject.org/updates/freeipa-3.1.3-1.fc18 This release

Re: [Freeipa-users] User admins for different groups

2013-03-26 Thread Dmitri Pal
On 03/26/2013 11:55 AM, Rob Crittenden wrote: Petr Spacek wrote: On 26.3.2013 15:10, Rob Crittenden wrote: Philipp Richter wrote: On 03/26/2013 12:39 AM, Dmitri Pal wrote: I am trying to do the following: We have some branch offices at different locations. We want to use one ipa-server

[Freeipa-users] kinit seg-fault for Solaris 9

2013-03-26 Thread David Redmond
Hi, I've setup FreeIPA for the first time and am using it successfully with Linux and Solaris 10 clients. On 8 separate Solaris 9 clients I'm running into an issue where 'kinit USER', for any user, fails with a segmentation fault after prompting for a password. On the client side there are no log

Re: [Freeipa-users] kinit seg-fault for Solaris 9

2013-03-26 Thread Rob Crittenden
David Redmond wrote: Hi, I've setup FreeIPA for the first time and am using it successfully with Linux and Solaris 10 clients. On 8 separate Solaris 9 clients I'm running into an issue where 'kinit USER', for any user, fails with a segmentation fault after prompting for a password. On the

Re: [Freeipa-users] Cannot Enter in IP Addresses via GUI

2013-03-26 Thread Rob Crittenden
adam smith wrote: First off, I am a new IPA admin, so please bear with me! I was wondering if something has changed recently...As of this past Friday, I was able to create Hosts under the Identity tab within the GUI. However, now it will not accept any IP address that I enter in. The message

Re: [Freeipa-users] User admins for different groups

2013-03-26 Thread Rob Crittenden
Dmitri Pal wrote: On 03/26/2013 11:55 AM, Rob Crittenden wrote: Petr Spacek wrote: On 26.3.2013 15:10, Rob Crittenden wrote: Philipp Richter wrote: On 03/26/2013 12:39 AM, Dmitri Pal wrote: I am trying to do the following: We have some branch offices at different locations. We want to use

Re: [Freeipa-users] kinit seg-fault for Solaris 9

2013-03-26 Thread David Redmond
Hi again, I've got a bit more information. I've found that I can successfully kinit on the Solaris 9 clients if, on the server, I change the user's password by: ipa-getkeytab -s SERVER -p USER@REALM -k krb5.keytab -P This works even if I delete the resulting keytab file. However, kinit on the