[Freeipa-users] IPA Trust AD and Illegal cross-realm ticket

2014-10-15 Thread crony
Hi, I've been following the AD integration guide for IPAv3: http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup My setup is: • 5 domain controllers with Windows 2008 R2 AD DC - example.com as Forest Root Domain and acme.example.com as transitive child domain • RHEL7 as IPA server with domain:

Re: [Freeipa-users] Migration fails with custom objectClasses

2014-10-15 Thread Simo Sorce
On Tue, 14 Oct 2014 10:58:36 -0600 Clint Savage her...@gmail.com wrote: Hi all, I've been working on a migration plan using three custom user objectClasses and one group objectclass. In my attempt, I've setup an openldap server with the proper schemas, imported the ldif and have records

Re: [Freeipa-users] IPA Trust AD and Illegal cross-realm ticket

2014-10-15 Thread Alexander Bokovoy
On Wed, 15 Oct 2014, crony wrote: Hi, I've been following the AD integration guide for IPAv3: http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup My setup is: • 5 domain controllers with Windows 2008 R2 AD DC - example.com as Forest Root Domain and acme.example.com as transitive child domain

Re: [Freeipa-users] IPA Trust AD and Illegal cross-realm ticket

2014-10-15 Thread crony
Alex, thank you. Now it works, but not completely: 1. [leszek@ipa1 ~]$ ssh ipatst03.linux.acme.example.com -l us...@acme.example.com Password: Last login: Wed Oct 15 16:11:27 2014 -sh-4.1$ id uid=127283727(us...@acme.example.com) gid=127283727(us...@acme.example.com)

Re: [Freeipa-users] IPA Trust AD and Illegal cross-realm ticket

2014-10-15 Thread Sumit Bose
On Wed, Oct 15, 2014 at 04:31:55PM +0200, crony wrote: Alex, thank you. Now it works, but not completely: 1. [leszek@ipa1 ~]$ ssh ipatst03.linux.acme.example.com -l us...@acme.example.com Password: Last login: Wed Oct 15 16:11:27 2014 -sh-4.1$ id

Re: [Freeipa-users] Migration fails with custom objectClasses

2014-10-15 Thread Clint Savage
I have extended the schema with the custom objectclasses. They show up properly in /etc/dirsrv/slapd-EXAMPLE-COM/schema/99user.ldif. I did the import with ldapmodify using the following schemas. It's a bit long, but hopefully it helps. # cat customPersonAttributes.ldif dn: cn=schema changetype:

Re: [Freeipa-users] Solaris 10 client configuration using profile

2014-10-15 Thread Giger, Justean
Thank you both. I successfully set up a new profile on the server and am able to use it with authentication. It seems to work for existing users but I am having issues when I add new user access via HBAC so I am trying to figure that part out. There are a few options I can invoke using

Re: [Freeipa-users] Migration fails with custom objectClasses

2014-10-15 Thread Ludwig Krispenz
On 10/14/2014 06:58 PM, Clint Savage wrote: Hi all, I've been working on a migration plan using three custom user objectClasses and one group objectclass. In my attempt, I've setup an openldap server with the proper schemas, imported the ldif and have records that look something like this

Re: [Freeipa-users] Migration fails with custom objectClasses

2014-10-15 Thread Rob Crittenden
Ludwig Krispenz wrote: On 10/14/2014 06:58 PM, Clint Savage wrote: Hi all, I've been working on a migration plan using three custom user objectClasses and one group objectclass. In my attempt, I've setup an openldap server with the proper schemas, imported the ldif and have records that

Re: [Freeipa-users] Migration fails with custom objectClasses

2014-10-15 Thread Clint Savage
$ rpm -q ipa-server ipa-server-3.3.3-28.el7.centos.1.x86_64 I was thinking that this might be an issue with the rhel7 version. I'm going to be trying the same migration tonight on rhel6. I know the IPA version is older, and samba stuff might not work as it does in 3.3. I haven't looked in RHEL

Re: [Freeipa-users] Migration fails with custom objectClasses

2014-10-15 Thread Rich Megginson
On 10/15/2014 02:05 PM, Rob Crittenden wrote: Clint Savage wrote: $ rpm -q ipa-server ipa-server-3.3.3-28.el7.centos.1.x86_64 I was thinking that this might be an issue with the rhel7 version. I'm going to be trying the same migration tonight on rhel6. I know the IPA version is older, and

Re: [Freeipa-users] Replace Self-Signed Cert

2014-10-15 Thread Murty, Ajeet (US - Arlington)
Thanks for all the info. I think I will wait for the 4.1 update. This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and any

Re: [Freeipa-users] Migration fails with custom objectClasses

2014-10-15 Thread Clint Savage
On Wed, Oct 15, 2014 at 2:33 PM, Rich Megginson rmegg...@redhat.com wrote: On 10/15/2014 02:05 PM, Rob Crittenden wrote: Clint Savage wrote: $ rpm -q ipa-server ipa-server-3.3.3-28.el7.centos.1.x86_64 I was thinking that this might be an issue with the rhel7 version. I'm going to be

Re: [Freeipa-users] Migration fails with custom objectClasses

2014-10-15 Thread Dmitri Pal
On 10/15/2014 06:43 PM, Clint Savage wrote: On Wed, Oct 15, 2014 at 2:33 PM, Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: On 10/15/2014 02:05 PM, Rob Crittenden wrote: Clint Savage wrote: $ rpm -q ipa-server

Re: [Freeipa-users] Migration fails with custom objectClasses

2014-10-15 Thread Rich Megginson
On 10/15/2014 04:43 PM, Clint Savage wrote: On Wed, Oct 15, 2014 at 2:33 PM, Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: On 10/15/2014 02:05 PM, Rob Crittenden wrote: Clint Savage wrote: $ rpm -q ipa-server

Re: [Freeipa-users] Migration fails with custom objectClasses

2014-10-15 Thread Clint Savage
On Wed, Oct 15, 2014 at 5:04 PM, Rich Megginson rmegg...@redhat.com wrote: On 10/15/2014 04:43 PM, Clint Savage wrote: On Wed, Oct 15, 2014 at 2:33 PM, Rich Megginson rmegg...@redhat.com wrote: On 10/15/2014 02:05 PM, Rob Crittenden wrote: Clint Savage wrote: $ rpm -q ipa-server

Re: [Freeipa-users] Migration fails with custom objectClasses

2014-10-15 Thread Rich Megginson
On 10/15/2014 05:29 PM, Clint Savage wrote: On Wed, Oct 15, 2014 at 5:04 PM, Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: On 10/15/2014 04:43 PM, Clint Savage wrote: On Wed, Oct 15, 2014 at 2:33 PM, Rich Megginson rmegg...@redhat.com

Re: [Freeipa-users] Migration fails with custom objectClasses

2014-10-15 Thread Clint Savage
Rich, Sorry about that. Thanks for the help. http://ur1.ca/idu6a -- should be there at least for a few days. Clint On Wed, Oct 15, 2014 at 9:51 PM, Rich Megginson rmegg...@redhat.com wrote: On 10/15/2014 05:29 PM, Clint Savage wrote: On Wed, Oct 15, 2014 at 5:04 PM, Rich Megginson