Re: [Freeipa-users] Ping forwarded domain name.

On 24.11.2016 06:08, TomK wrote: > On 11/23/2016 3:28 AM, Martin Basti wrote: >> >> >> On 23.11.2016 03:48, TomK wrote: >>> On 11/22/2016 10:22 AM, Martin Basti wrote: On 22.11.2016 13:57, TomK wrote: > On 11/22/2016 2:59 AM, Martin Basti wrote: >> Hey, >> >> >>

Re: [Freeipa-users] Ping forwarded domain name.

On 11/24/2016 4:49 AM, Petr Spacek wrote: On 24.11.2016 06:08, TomK wrote: On 11/23/2016 3:28 AM, Martin Basti wrote: On 23.11.2016 03:48, TomK wrote: On 11/22/2016 10:22 AM, Martin Basti wrote: On 22.11.2016 13:57, TomK wrote: On 11/22/2016 2:59 AM, Martin Basti wrote: Hey, On

Re: [Freeipa-users] can(should) IPA issue/manage certificates...

On Thu, Nov 24, 2016 at 04:19:03PM +, lejeczek wrote: > .. for entities outside of it's own domain? > Would you use IPA this way? > > I'm thinking - it would be nice that have one central point(console) and > manage all my "virtual" domains certification, but, I'm not an expert on the >

Re: [Freeipa-users] anyone else getting porn spam pretending to be replies to freeipa-users threads?

On 11/16/2016 11:23 AM, Sean Hogan wrote: Yes... just got 2 of them from same address.. kimi rachel Sean Hogan Inactive hide details for Tony Brian Albers ---11/15/2016 11:54:35 PM---Hehe, just you wait Lachlan ;) /tonyTony Brian Albers ---11/15/2016 11:54:35 PM---Hehe, just you wait

[Freeipa-users] Can't establish a trust to AD

Hello Guys, we need help to establish a trust from freeipa to ad. Ad users should be able to access to linux environment, but linux users not to ad environment. our setup: AD Domain: domain.com, there we have two AD-Controllers installed wird Windows Server 2008. All users are managed here.

Re: [Freeipa-users] error; Allocation of a new value

On 11/24/2016 07:30 PM, lejeczek wrote: On 24/11/16 17:14, lejeczek wrote: hi I see this: 2 ranges matched Range name: xx.id_range First Posix ID of the range: 195240 Number of IDs in the range: 20 First RID of the corresponding RID range: 0 Domain SID of

Re: [Freeipa-users] anyone else getting porn spam pretending to be replies to freeipa-users threads?

Yeah, im getting spam too! Denis Am Freitag, den 25.11.2016, 00:15 -0500 schrieb TomK: On 11/16/2016 11:23 AM, Sean Hogan wrote: Yes... just got 2 of them from same address.. kimi rachel Sean Hogan Inactive hide details for Tony Brian Albers ---11/15/2016 11:54:35 PM---Hehe, just

[Freeipa-users] where to put computer accounts... ?

.. in order to satisfy classic Samba (which still uses openldap for user db backend but needs computer unix account) which complains: Failed to find a Unix account for yourcomp$ ? many thanks, L. -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] where to put computer accounts... ?

On Thu, 2016-11-24 at 12:59 +, lejeczek wrote: > .. in order to satisfy classic Samba (which still uses > openldap for user db backend but needs computer unix > account) which complains: > Failed to find a Unix account for yourcomp$ > > ? If this is on a client machine for its own computer

Re: [Freeipa-users] where to put computer accounts... ?

On 24/11/16 15:10, Simo Sorce wrote: On Thu, 2016-11-24 at 12:59 +, lejeczek wrote: .. in order to satisfy classic Samba (which still uses openldap for user db backend but needs computer unix account) which complains: Failed to find a Unix account for yourcomp$ ? If this is on a client

[Freeipa-users] ipalib authentication

I'm writing a bit of code using ipalib directly, I'm a little stuck on authentication though. It works fine if grab a Kerberos ticket with kinit then run the code interactively, but I'd like to run this as a daemon which makes maintaining a ticket tricky. What other options are there for

Re: [Freeipa-users] ipalib authentication

On 11/24/2016 04:27 PM, Adam Bishop wrote: I'm writing a bit of code using ipalib directly, I'm a little stuck on authentication though. It works fine if grab a Kerberos ticket with kinit then run the code interactively, but I'd like to run this as a daemon which makes maintaining a ticket

Re: [Freeipa-users] Can't establish a trust to AD

4.2 is a one-way trust, by design. http://www.freeipa.org/page/V4/One-way_trust -Jake From: "Denis Müller" To: "freeipa-users" Sent: Thursday, November 24, 2016 7:48:50 AM Subject: [Freeipa-users] Can't establish a trust to AD Hello Guys,

[Freeipa-users] error; Allocation of a new value

hi I see this: 2 ranges matched Range name: xx.id_range First Posix ID of the range: 195240 Number of IDs in the range: 20 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-1144915091-2252175215-702530032 Range type:

Re: [Freeipa-users] Can't establish a trust to AD

On to, 24 marras 2016, Denis Müller wrote: Hello Guys, we need help to establish a trust from freeipa to ad. Ad users should be able to access to linux environment, but linux users not to ad environment. our setup: AD Domain: domain.com, there we have two AD-Controllers installed wird Windows

Re: [Freeipa-users] ipalib authentication

On 2016-11-24 16:27, Adam Bishop wrote: > I'm writing a bit of code using ipalib directly, I'm a little stuck on > authentication though. > > It works fine if grab a Kerberos ticket with kinit then run the code > interactively, but I'd like to run this as a daemon which makes maintaining a >

Re: [Freeipa-users] ipalib authentication

On 24 Nov 2016, at 16:18, Christian Heimes wrote: > for a service you can use a Kerberos keytab to authenticate. A keytab > can be requested with ipa-getkeytab. The command will replace the > password of the service with a random one. Thanks everyone, I think using a key tab

Re: [Freeipa-users] ipalib authentication

On to, 24 marras 2016, Adam Bishop wrote: I'm writing a bit of code using ipalib directly, I'm a little stuck on authentication though. It works fine if grab a Kerberos ticket with kinit then run the code interactively, but I'd like to run this as a daemon which makes maintaining a ticket

Re: [Freeipa-users] ipalib authentication

On 24.11.2016 16:57, Alexander Bokovoy wrote: On to, 24 marras 2016, Adam Bishop wrote: I'm writing a bit of code using ipalib directly, I'm a little stuck on authentication though. It works fine if grab a Kerberos ticket with kinit then run the code interactively, but I'd like to run this

[Freeipa-users] can(should) IPA issue/manage certificates...

.. for entities outside of it's own domain? Would you use IPA this way? I'm thinking - it would be nice that have one central point(console) and manage all my "virtual" domains certification, but, I'm not an expert on the subject. And if yes then what would be the steps? mthx, L. -- Manage

Re: [Freeipa-users] error; Allocation of a new value

On 24/11/16 17:14, lejeczek wrote: hi I see this: 2 ranges matched Range name: xx.id_range First Posix ID of the range: 195240 Number of IDs in the range: 20 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: