Anybody have any suggestion as how to continue debugging this? The nfs server
resolves usernames by loopkup in free-ipa lda.
After a lot of digging, I see the 4.4 introduced "krbcanonicalname", no idea if
that is relevant. Are there some update ldap procedure I am missing? Just in
case I ran a
On Wed, Dec 07, 2016 at 11:34:12AM -0500, Chris Dagdigian wrote:
>
> Our problem is largely solved but we are using some "do not use in
> production!" settings so I wanted to both recap our solution and ask some
> follow up questions.
>
> Our setup:
> -
> - FreeIPA 4.2 running on Cen
On 08/12/16 08:57, Bjarne Blichfeldt wrote:
Anybody have any suggestion as how to continue debugging this? The nfs server
resolves usernames by loopkup in free-ipa lda.
After a lot of digging, I see the 4.4 introduced "krbcanonicalname", no idea if
that is relevant. Are there some update ldap
On Wed, Dec 7, 2016 at 3:57 PM, Brian Candler wrote:
> The Kerberos realm always has a corresponding DNS domain, so realm
> IPA.LAUTUS.NET has a corresponding DNS domain "ipa.lautus.net".
>
This is the crux of what I find unclear. The docs make it sound as if the
DNS domain that corresponds to t
On to, 08 joulu 2016, Pieter Nagel wrote:
On Wed, Dec 7, 2016 at 3:57 PM, Brian Candler wrote:
The Kerberos realm always has a corresponding DNS domain, so realm
IPA.LAUTUS.NET has a corresponding DNS domain "ipa.lautus.net".
This is the crux of what I find unclear. The docs make it sound a
On Thu, Dec 8, 2016 at 10:59 AM, Alexander Bokovoy
wrote:
> It is really simply: your DNS domain named as your Kerberos realm must
> be under your control, one way or another, to allow automatic discovery
> of resources to work.
>
Thanks, this explanation makes it crystal clear. This exact phras
> -Original Message-
> From: David Kupka [mailto:dku...@redhat.com]
> Sent: 8. december 2016 09:40
> To: Bjarne Blichfeldt ; freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] nfsv4+kerberos: group ID not mapped on newly
> create users, however user id is correct
>
> On 08/12/16 08:57
FreeIPA (4.2.0) was installed with the DNS component enabled, but I want
to pull this out. Is it possible to remove it and clean up the records
which were already there?
e.g. is it sufficient just to delete everything under
cn=dns,dc=example,dc=com ? I notice there are bunch of permissions
e
On (07/12/16 18:19), James Harrison wrote:
>Hi all,
>
>I am trying to authenticate an ubuntu Precise (12.06) fully patched system.
>Its enrolled into a FreeIPA server. The following trace is the output of
>syslog auth sssd/*.log and full debug (-ddd) from the sshd service.
>
Are you able to repro
Hi Simo, I think this is not true, because part of IPA web UI is IPA JSON API
also - and there is problem with loadbalancing, as you can see there
https://www.redhat.com/archives/freeipa-users/2016-October/msg00223.html.
David
--
Manage your subscription for the Freeipa-users mailing list:
htt
On Thu, 2016-12-08 at 12:37 +, Klíma David wrote:
> Hi Simo, I think this is not true, because part of IPA web UI is IPA
> JSON API also - and there is problem with loadbalancing, as you can
> see there
> https://www.redhat.com/archives/freeipa-users/2016-October/msg00223.html.
Sorry David,
it
Pieter,
If you are comfortable with duplicating your external records internally, you
CAN use this domain, however I've always preferred to have internal only and
external only domains (we actually register domains externally that are
internal use only). so for example, lautus.net is your exter
This is an automated message to probe our subscribers email address, in order
to pinpoint the bot harvesting our emails.
Please disregard.
Freeipa-users list administrators.
Sumit Bose wrote:
> Am I being stupid (again?) Obviously the krb5_validate=false setting needs
> to be fixed. Just not sure if I should work on a fix within 4.2 or move to
> 4.4 and see if it gets resolved as part of other changes.
The validation issue might have different reasons. One mig
Hello,
I would like to announce that FreeIPA server docker images have been
migrated to freeipa organization:
* images: https://hub.docker.com/r/freeipa/freeipa-server/
* sources: https://github.com/freeipa/freeipa-container
* additional info: http://www.freeipa.org/page/Docker
Happy hacki
Hi,I would prefer not to compile anything. It means we have to maintain the
package, rather than the distro maintainers.
Trusty has a completely different set of errors to Precise.
Xenial works with no problems.
I run a script that allows the system to join the IPA domain (the same script
r
Hi,An update.
I just got Trusty enrolled into FreeIPA by removing everything in:
/etc/pki/nssdb and running:
/usr/bin/certutil -N --empty-password -d /etc/pki/nssdb
... before the client-install is run.
I get user IDs with Freeipa and AD domains:
root@jamestrusty:/etc/pki/nssdb# id
x_james.harris
James Harrison wrote:
>
> Hi,
> I would prefer not to compile anything. It means we have to maintain the
> package, rather than the distro maintainers.
>
> Trusty has a completely different set of errors to Precise.
>
> Xenial works with no problems.
>
> I run a script that allows the system t
I tried to clone the git repos and I got access right errors
James
From: Lukas Slebodnik
To: James Harrison
Cc: "freeipa-users@redhat.com"
Sent: Thursday, 8 December 2016, 11:22
Subject: Re: [Freeipa-users] Problem with Free IPA Client Ubuntu Precise
(12.04) authenticating with AD ac
Hi,From this URL: https://launchpad.net/~sssd/+archive/ubuntu/updates
i updated sssd on Trusty and I can now ssh to it using a FreeIPA user's
credentials. AD Still doesn't work.
Thanks
From: Lukas Slebodnik
To: James Harrison
Cc: "freeipa-users@redhat.com"
Sent: Thursday, 8 December
On Thu, Dec 08, 2016 at 09:29:34AM -0500, Chris Dagdigian wrote:
>
> Sumit Bose wrote:
> > > > Am I being stupid (again?) Obviously the krb5_validate=false setting
> > > > needs
> > > > to be fixed. Just not sure if I should work on a fix within 4.2 or
> > > > move to
> > > > 4.4 and see if
Massive thank you; will test ASAP.
We mainly have to support CentOS/RHEL-6 and CentOS/RHEL-7 clients. Is
there any established guidance on upgrading SSSD in these environments?
Some sort of trusted repo where RPMs are built? I can hit the wiki and
website but figured I'd ask as well. Not sure
On 08.12.2016 12:01, Brian Candler wrote:
FreeIPA (4.2.0) was installed with the DNS component enabled, but I
want to pull this out. Is it possible to remove it and clean up the
records which were already there?
e.g. is it sufficient just to delete everything under
cn=dns,dc=example,dc=com
On 08/12/2016 17:05, Martin Basti wrote:
I suggest to keep DNS tree there and all permissions, just remove all
zones using IPA API and disable DNS service and dnssyncd service in
LDAP, because removing DNS completely is unsupported and untested
dn: cn=DNS,cn=vm-028.ipa.test,cn=masters,cn=ipa,c
Hello,
I am trying to see if either of the two desktop manager may be able to
work with FreeIPA and I haven't had much luck. It seem like for
example vino should be able to do so - see link below, but I haven't
been able to do it or find article from those who have attemptd it
before
https://fed
Hi all,
I want to make sure I'm understanding how to name my FreeIPA server.
(following names are placeholders)
On my router, I've set the domain to localdomain, so my server
automatically gets the full name as server.localdomain. I want my FreeIPA
domain to be domain.custom.com because I own the
Ah, I think I totally misread the DNS page, the first time...
https://www.freeipa.org/page/DNS
Looks like I should put the router on int.custom.com as a domain, and I can
create the freeipa domain as domain.custom.com
-Harry
On 8 December 2016 at 13:15, Harry Kashouli wrote:
> Hi all,
>
> I w
Hello
I have indirect map that I would like to list the keys but from
command line. I am able to see every key on the home directories map,
but it display just names for the rest of the maps.
Looking at the man page, I believe this would be my solution.
-m, --dumpmaps [ ]
W
William Muriithi wrote:
> Hello
>
> I have indirect map that I would like to list the keys but from
> command line. I am able to see every key on the home directories map,
> but it display just names for the rest of the maps.
>
> Looking at the man page, I believe this would be my solution.
>
>
On 12/6/2016 3:37 PM, Alexander Bokovoy wrote:
On ti, 06 joulu 2016, TomK wrote:
On 12/5/2016 2:02 AM, Alexander Bokovoy wrote:
On su, 04 joulu 2016, TomK wrote:
Could not get much from logs and decided to start fresh. When I run
this:
ipa trust-add --type=ad mds.xyz --admin Administrator --
30 matches
Mail list logo