Hi,
We are running the most recent IPA packages in RHEL7 and are facing a few
issues when accessing the web console:
First, since we utilize a Kerberos trust with AD, we had to create 'internal'
IPA users that we use to login to the web console. I believe it is expected
that AD users cannot l
Hi,
Thank your for your reply, it really is much clearer to me now.
I think I get why SSSD offline authentication would help to solve "AD
unreachable" issue.
If I understood well, the SSSD on the IPA master would cache
credentials, allowing the user to log in (as in the kinit meaning) even
On Wed, 27 Jul 2016, malo wrote:
Hi,
Thank your for your reply, it really is much clearer to me now.
I think I get why SSSD offline authentication would help to solve "AD
unreachable" issue.
If I understood well, the SSSD on the IPA master would cache
credentials, allowing the user to log i
On Wed, 27 Jul 2016, Baird, Josh wrote:
Hi,
We are running the most recent IPA packages in RHEL7 and are facing a
few issues when accessing the web console:
First, since we utilize a Kerberos trust with AD, we had to create
'internal' IPA users that we use to login to the web console. I
believ
sir/madame,
I am in great trouble in choosing FreeIPA for identity management. I want
to know more about AD cross-realm trust and how it works.
--
A.H
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org f
On 07/27/2016 11:35 AM, Abu Haris wrote:
sir/madame,
I am in great trouble in choosing FreeIPA for identity management. I
want to know more about AD cross-realm trust and how it works.
--
A.H
Hi Abu,
there is quite an extensive upstream documentation of IPA-AD trust
workings and setup. You
Hello,
We are running IPA version: 4.2.0, API_version: 2.156 on CentOS 7.2.1511 (Core)
Trust is configured with Windows 2008 R2 Enterprise Domain roottest1.com
Below is output from ipa trustdomain-find
Realm name: ROOTTEST1.COM
Domain name: deluxetest1.com
Domain NetBIOS name: DELUXETEST
Hi,
I am running ipa server 4.2 and set it up without using "--setup-dns=no".
On few clients the installation fails with the below error message.
I verified that the ipa master dns is resolvable. Not sure what could be
wrong here..
Joining realm failed: libcurl failed to execute the HTTP POST
Hello
I want to use an external certificate when setting up a new FreeIPA
next week and plan to send the CSR tomorrow.
I would like to source a certificate for example.com and use it on
FreeIPA on eng.example.com. I can't specifically set the FreeIPA on
example.com because we have active directo
I personally haven't done this, but from https://www.freeipa.org/page/PKI
"when --external-ca option is used, ipa-server-install produces a
certificate certificate request for it's CA certificate so that it can be
properly chained in existing PKI infrastructure."
and from
https://www.redhat.com/a
10 matches
Mail list logo