Re: [Freeipa-users] Trust between IPA and another MIT Kerberos Realm

2013-11-27 Thread Simo Sorce
On Wed, 2013-11-27 at 15:24 +1000, Matt Bryant wrote: > Hmm just upgraded to 3 so thought I woudl give it a go ... but (aint > there always one of those :() can't seem to add the principle .. > > kadmin.local: add_principal krbtgt/OLD-REALM@IPA-REALM > WARNING: no policy specified for krbtgt/OLD

Re: [Freeipa-users] CA expiration and renewal

2013-11-27 Thread Erinn Looney-Triggs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/25/2013 11:09 AM, Rob Crittenden wrote: > Erinn Looney-Triggs wrote: >> Folks just wanted to touch base again before the American holiday >> season starts. My CA, which is subordinate to AD CS will be >> expiring on December 9th, I submitted a

Re: [Freeipa-users] CA expiration and renewal

2013-11-27 Thread Rob Crittenden
Erinn Looney-Triggs wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/25/2013 11:09 AM, Rob Crittenden wrote: Erinn Looney-Triggs wrote: Folks just wanted to touch base again before the American holiday season starts. My CA, which is subordinate to AD CS will be expiring on December

Re: [Freeipa-users] Trust between IPA and another MIT Kerberos Realm

2013-11-27 Thread Matt Bryant
Simo, Have added the following into bugzilla .. Bug 1035494 has been added to the database seems strange but whilst listprincs/getprinc works getpols and the addprinc (at least in this use case) doesnt... ie kadmin.local: add_principal

Re: [Freeipa-users] Trust between IPA and another MIT Kerberos Realm

2013-11-27 Thread Simo Sorce
On Thu, 2013-11-28 at 08:29 +1000, Matt Bryant wrote: > Simo, > > Have added the following into bugzilla .. > > Bug 1035494 has been added to the database > > seems strange but whilst listprincs/getprinc works getpols and the > addprinc (at least in this use case) doesnt... addprinc not working

Re: [Freeipa-users] Trust between IPA and another MIT Kerberos Realm

2013-11-27 Thread Matt Bryant
Simo, Thanks for that .. using that switch the principle is now created on to see it it works as expected .. rgds Matt B. On 11/28/2013 09:10 AM, Simo Sorce wrote: On Thu, 2013-11-28 at 08:29 +1000, Matt Bryant wrote: Simo, Have added the following into bugzilla .. Bug 1035494 has been a

[Freeipa-users] winsyncs - multiple

2013-11-27 Thread Steven Jones
Hi, I currently have a winsync agreement from one AD domain to one of three IPA servers, works fine. Can I set up another winsync agreement from a different AD to one of the other IPA servers and one way sync that as well? The obvious risk is a user id clash, but both domains have different na