Re: [Freeipa-users] Running a FreeIPA replica in a limited-resource environment

2014-04-17 Thread Martin Kosek
On 04/16/2014 08:56 PM, Simo Sorce wrote: On Wed, 2014-04-16 at 13:40 -0500, Christopher Swingler wrote: Hello, FreeIPA list. We're looking to start using FreeIPA to replace our standard 389 LDAP server on our public web server. That public web server also houses a public wiki, which

Re: [Freeipa-users] FreeIPA backend. Mavericks server shows UIDs instead of usernames in File Sharing.

2014-04-17 Thread Fredy Sanchez
Sure Rob, we'll put something together and send it to you for publishing. Give us a few days. We'll also sanitize our enrollment package and share it w/ you too. This is what we use to enroll our Macs, a one time install that does what ipa-client-install does for Linux, including these LDAP

[Freeipa-users] nothing sync'ed to AD

2014-04-17 Thread Will Last
Hi, I have got a freeipa server (pa-server-3.0.0-37) running on centos 6.5 and am trying to set up sync with/to AD on win 2008/R2, basically following https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/active-directory.html. The sync

Re: [Freeipa-users] nothing sync'ed to AD

2014-04-17 Thread Rob Crittenden
Will Last wrote: Hi, I have got a freeipa server (pa-server-3.0.0-37) running on centos 6.5 and am trying to set up sync with/to AD on win 2008/R2, basically following

Re: [Freeipa-users] nothing sync'ed to AD

2014-04-17 Thread Petr Spacek
On 17.4.2014 16:16, Rob Crittenden wrote: Will Last wrote: Hi, I have got a freeipa server (pa-server-3.0.0-37) running on centos 6.5 and am trying to set up sync with/to AD on win 2008/R2, basically following

[Freeipa-users] Client Install - I'm clueless

2014-04-17 Thread Lincoln Fessenden
Hi folks! First time I played with this was yesterday so forgive me if I am way behind the median user here. I installed the server twice, both times on RHEL 6.5. Seems to work just fine and the install goes smooth. First install of the client was on a RHEL 7 beta machine, which worked but I

Re: [Freeipa-users] External Collaboration Domains

2014-04-17 Thread Dmitri Pal
On 04/15/2014 06:05 PM, Nordgren, Bryce L -FS wrote: Variant (A) - IdP + PKINIT: A1) User authenticates to his SAML/OpenID provider (external domain) A2) User locally generates CSR A3) User contacts IdP (gssapi/saml ; gssapi/openid) and sends CSR to the IdP A4) IdP returns short-lived

[Freeipa-users] setup key-based ssh using freeipa

2014-04-17 Thread quest monger
I have setup freeipa server, and added a centos client that my ipa users can now ssh too by using the freeipa account credentials. Now, i would like my users to be able to ssh to this centos client using keys. I read this - http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA

Re: [Freeipa-users] FreeIPA backend. Mavericks server shows UIDs instead of usernames in File Sharing.

2014-04-17 Thread Chris Whittle
I was able to take that script and with some customizing get it to work with Mavericks This should work, I tried to do a find and replace to make it work like the github one. On Wed, Apr 16, 2014 at 5:40 PM, Fredy Sanchez fredy.sanc...@modmed.comwrote: Sure Rob, we'll put something

Re: [Freeipa-users] PasswordAuthentication option for SSH

2014-04-17 Thread Dmitri Pal
On 04/16/2014 04:28 PM, David Kreuter wrote: On client side the valid Kerberos ticket is present. The following SSH configuration is used on the machine where the IPA client is running: /etc/ssh/sshd_config ---cut--- PasswordAuthentication yes KerberosAuthentication no PubkeyAuthentication yes

Re: [Freeipa-users] Client Install - I'm clueless

2014-04-17 Thread Dmitri Pal
On 04/17/2014 01:52 PM, Lincoln Fessenden wrote: Hi folks! First time I played with this was yesterday so forgive me if I am way behind the median user here. I installed the server twice, both times on RHEL 6.5. Seems to work just fine and the install goes smooth. First install of the client

Re: [Freeipa-users] setup key-based ssh using freeipa

2014-04-17 Thread Dmitri Pal
On 04/17/2014 02:42 PM, quest monger wrote: I have setup freeipa server, and added a centos client that my ipa users can now ssh too by using the freeipa account credentials. Now, i would like my users to be able to ssh to this centos client using keys. I read this -

Re: [Freeipa-users] Client Install - I'm clueless

2014-04-17 Thread Rob Crittenden
Dmitri Pal wrote: On 04/17/2014 01:52 PM, Lincoln Fessenden wrote: Hi folks! First time I played with this was yesterday so forgive me if I am way behind the median user here. I installed the server twice, both times on RHEL 6.5. Seems to work just fine and the install goes smooth. First