On Mon, 13 Oct 2014 17:30:58 +0200
Andreas Ladanyi andreas.lada...@kit.edu wrote:
On my old system from which i migrated the users/group accounts uses
the Kerberos own DB without LDAP for the principals.
I could dump the master key :
kdb5_util dump filename K/M@REALM
Now i have a lot of
Shashi Dahal wrote:
Hi Rob,
From server A and server B(itself), if I give that command, i get:
last update status: -1 - LDAP error: Can't contact LDAP server
I'd start with checking basic connectivity to ensure that A/B can talk
to port 389 on C.
From server C, I get:
Cannot find
Hello again,
I've managed to integrate my katello configuration with freeipa.
Now I not only use freeipa authentication in katello but also when a host
is defined in katello it automagically gets created in the freeipa realm ,
certs, otp,dns all working great.
however, to obtain all this
On 4.11.2014 15:27, Rob Verduijn wrote:
Hello again,
I've managed to integrate my katello configuration with freeipa.
Now I not only use freeipa authentication in katello but also when a host
is defined in katello it automagically gets created in the freeipa realm ,
certs, otp,dns all working
Hi,
I'm planning to use FreeIPA to manage infrastructure resources, sudo users, DNS
and things like that.
But I also need isp style directory with multiple organizations and root DNs to
control users, mainly for authentication purpose. FreeIPA wouldn't suitable for
latter, so I'm looking at
Hello FreeIPA Users,
I am trying to make working a sync between my AD win 2008 R2 and FreeIPA
(fedora 20) server.
My goal is to retrieve all my AD users in freeIPA database.
1. With ipa-replica-manage connect --winsync ..., I succeeded to copy
users from AD to FreeIPA (via the sync
On Tue, 04 Nov 2014, Roman Naumenko wrote:
Hi,
I'm planning to use FreeIPA to manage infrastructure resources, sudo
users, DNS and things like that. But I also need isp style directory
with multiple organizations and root DNs to control users, mainly for
authentication purpose. FreeIPA
Hi Guys,
Thanks for the previous replies. I hate to dig up and old thread, but im
still banging my head on this. I am trying to configure IPA to send notify
to slaves servers on manual updates from the web or CLI tools.
Dynamic DNS updates from an IPA client issuing an nsupdate works great, I
On 11/04/2014 04:18 PM, Edouard Guigné wrote:
Hello FreeIPA Users,
I am trying to make working a sync between my AD win 2008 R2 and
FreeIPA (fedora 20) server.
My goal is to retrieve all my AD users in freeIPA database.
1. With ipa-replica-manage connect --winsync ..., I succeeded to
copy
- Original Message -
On Tue, 04 Nov 2014, Roman Naumenko wrote:
Hi,
I'm planning to use FreeIPA to manage infrastructure resources, sudo
users, DNS and things like that. But I also need isp style
directory
with multiple organizations and root DNs to control users, mainly
for
The problem with 'foreman-prepare-realm' and freeipa was that it claimed
that a few o thef permissions required did not exist when it tried to add
them to the 'smart proxy host management' privilege.
I think it was because the permissions were all in lower case without the
'System: ' prefix. This
On Tue, 04 Nov 2014, Roman Naumenko wrote:
You definitely can set up separate instances of 389-ds. Preferably
this should be done on separate hosts than IPA masters because
otherwise you'll have a number of practical issues with different
instances binding to the same LDAP/LDAPS ports and so
- Original Message -
On Tue, 04 Nov 2014, Roman Naumenko wrote:
You definitely can set up separate instances of 389-ds. Preferably
this should be done on separate hosts than IPA masters because
otherwise you'll have a number of practical issues with different
instances binding to
On 11/04/2014 05:21 PM, Alexander Bokovoy wrote:
On Tue, 04 Nov 2014, Roman Naumenko wrote:
You definitely can set up separate instances of 389-ds. Preferably
this should be done on separate hosts than IPA masters because
otherwise you'll have a number of practical issues with different
On Tue, 04 Nov 2014, Dmitri Pal wrote:
On 11/04/2014 11:25 AM, Roman Naumenko wrote:
- Original Message -
On Tue, 04 Nov 2014, Roman Naumenko wrote:
You definitely can set up separate instances of 389-ds. Preferably
this should be done on separate hosts than IPA masters because
On 11/04/2014 05:28 PM, Dmitri Pal wrote:
On 11/04/2014 11:25 AM, Roman Naumenko wrote:
- Original Message -
On Tue, 04 Nov 2014, Roman Naumenko wrote:
You definitely can set up separate instances of 389-ds. Preferably
this should be done on separate hosts than IPA masters because
On 11/04/2014 11:25 AM, Roman Naumenko wrote:
- Original Message -
On Tue, 04 Nov 2014, Roman Naumenko wrote:
You definitely can set up separate instances of 389-ds. Preferably
this should be done on separate hosts than IPA masters because
otherwise you'll have a number of practical
Hello FreeIPA users,
for those that like leaving on the bleeding edge and using the latest
bits, we are going to have a Fedora Server Test Day next Friday[1].
One of the features of Fedora Server will be the new rolekit
infrastructure, that simplify installing roles on the server.
One of the
- Original Message -
On 11/04/2014 05:28 PM, Dmitri Pal wrote:
On 11/04/2014 11:25 AM, Roman Naumenko wrote:
- Original Message -
On Tue, 04 Nov 2014, Roman Naumenko wrote:
You definitely can set up separate instances of 389-ds.
Preferably
this should be done on
On 11/04/2014 06:13 PM, Roman Naumenko wrote:
- Original Message -
On 11/04/2014 05:28 PM, Dmitri Pal wrote:
On 11/04/2014 11:25 AM, Roman Naumenko wrote:
- Original Message -
On Tue, 04 Nov 2014, Roman Naumenko wrote:
You definitely can set up separate instances of 389-ds.
On 11/04/2014 12:15 PM, Rich Megginson wrote:
On 11/04/2014 06:13 PM, Roman Naumenko wrote:
- Original Message -
On 11/04/2014 05:28 PM, Dmitri Pal wrote:
On 11/04/2014 11:25 AM, Roman Naumenko wrote:
- Original Message -
On Tue, 04 Nov 2014, Roman Naumenko wrote:
You
Hello Jim,
I am re-posting your question to the FreeIPA list as it belongs there.
Here is the copy of the original question.
Subject:
[ovirt-users] templates and freeipa
From:
Jim Kinney jim.kin...@gmail.com
Date:
10/31/2014 02:55 PM
To:
us...@ovirt.org us...@ovirt.org
Ovirt 3.5 is running
We are trying to configure vcenter 5.5 to authenticate against freeipa
instead of AD.
Its working for single users, we can update passwd in freeipa and they
can authenticate aganinst vcenter.
But we are not able to get the groups to work as we want, we cant even
see them on the vcenter side.
richard wrote:
We are trying to configure vcenter 5.5 to authenticate against freeipa
instead of AD.
Its working for single users, we can update passwd in freeipa and they
can authenticate aganinst vcenter.
But we are not able to get the groups to work as we want, we cant even
see them on
On 11/04/2014 01:27 PM, Dmitri Pal wrote:
Hello Jim,
I am re-posting your question to the FreeIPA list as it belongs there.
Here is the copy of the original question.
Subject:
[ovirt-users] templates and freeipa
From:
Jim Kinney jim.kin...@gmail.com
Date:
10/31/2014 02:55 PM
To:
2014-11-04 21:02 skrev Rob Crittenden:
richard wrote:
We are trying to configure vcenter 5.5 to authenticate against freeipa
instead of AD.
Its working for single users, we can update passwd in freeipa and they
can authenticate aganinst vcenter.
But we are not able to get the groups to work as
Afternoon,I have two AD and would like to retain that redundancy within IPA after establishing trust relationship. How would one achieve that?I have attempted the following:[root@ipa3-yyz-int ~]# ipa dnszone-add example.local --name-server=srvyyzdc02.example.local
Thanks for the reply. The PAM file is pretty stock for a centos build
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired pam_env.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite
28 matches
Mail list logo
