Re: [Freeipa-users] Dovecot imap authentication with IPA/Kerberos

2012-01-30 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Of course Dmitri Here you go. I was actually trying to resolve this for an automated kickstart process anyway. The details specific to dovecot are in the middle. # Connect server to IPA domain

Re: [Freeipa-users] Dovecot imap authentication with IPA/Kerberos

2012-01-30 Thread Dale Macartney
this helps. Dale On 01/30/2012 01:46 PM, Dmitri Pal wrote: On 01/30/2012 07:16 AM, Dale Macartney wrote: Hi all I'm working on a test lab setup at the moment with RHEL 6.2 running IPA 2.1 and experimenting with simple mail server setups. . I have mail being received base on pam lookups from

Re: [Freeipa-users] Dovecot imap authentication with IPA/Kerberos

2012-01-30 Thread Dale Macartney
dovecot and I was able to retrieve the mail as intended. Does this help clear things up? Dale On 01/30/2012 07:11 PM, Erinn Looney-Triggs wrote: On 01/30/2012 07:42 AM, Dale Macartney wrote: Of course Dmitri Here you go. I was actually trying to resolve this for an automated kickstart

Re: [Freeipa-users] Dovecot imap authentication with IPA/Kerberos

2012-01-30 Thread Dale Macartney
configuration :-) thanks for the positive feedback. Dale On 01/30/2012 07:41 PM, Erinn Looney-Triggs wrote: On 01/30/2012 10:20 AM, Dale Macartney wrote: Hi Erinn I originally asked the question as I was thinking my auth attempts were failing when using ipa, however this was not the case

Re: [Freeipa-users] Dovecot imap authentication with IPA/Kerberos

2012-01-30 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ;-) will do mate. I'm writing a list of items to cover at the moment actually. On 01/30/2012 08:02 PM, Dmitri Pal wrote: On 01/30/2012 02:50 PM, Dale Macartney wrote: Hey Erinn, funny you mention that actually, I was adding service principles

Re: [Freeipa-users] Dovecot imap authentication with IPA/Kerberos

2012-01-31 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 howdy all just another update from me. I have a workable gssapi setup working with dovecot for imap... (i didn't test pop yet). the below setup was tested against rhel6.2 # enable dovecot on startup chkconfig dovecot on # set dovecot to

Re: [Freeipa-users] Dovecot imap authentication with IPA/Kerberos

2012-01-31 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 thanks Siggi, I was just browsing past those mails from earlier today as well... I'll make those changes before it goes on the wiki. On 01/31/2012 04:37 PM, Sigbjorn Lie wrote: On 01/31/2012 05:07 PM, Dale Macartney wrote: sed -i s

Re: [Freeipa-users] Dovecot imap authentication with IPA/Kerberos

2012-01-31 Thread Dale Macartney
to home_root_t instead of user_home_dir_t. once a restorecon was run on /home (restorecon -R /home) the selinux errors disappeared when accessing mail via imap. I'll do a write up of the details for the wiki so it is documented. Dale On 01/31/2012 04:40 PM, Dale Macartney wrote: thanks Siggi

Re: [Freeipa-users] Dovecot IMAP with IPA 2.x?

2012-02-02 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Craig I am actually working on this very thing at the moment. there is a very basic config here (http://freeipa.org/page/Dovecot_Integration), however this is using pam for everything The end goal of course is sso in which I have managed to get

Re: [Freeipa-users] Dovecot IMAP with IPA 2.x?

2012-02-03 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/03/2012 08:02 AM, Natxo Asenjo wrote: On Fri, Feb 3, 2012 at 8:31 AM, Dale Macartney d...@themacartneyclan.com wrote: I have been experimenting with how best to address this, however I am constantly being pushed back to the only way

Re: [Freeipa-users] Dovecot IMAP with IPA 2.x?

2012-02-03 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/03/2012 08:13 AM, Natxo Asenjo wrote: On Fri, Feb 3, 2012 at 9:02 AM, Natxo Asenjo natxo.ase...@gmail.com wrote: On Fri, Feb 3, 2012 at 8:31 AM, Dale Macartney d...@themacartneyclan.com wrote: I have been experimenting with how best

[Freeipa-users] ipa-getkeytab during %post

2012-02-08 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 morning all... i'm dabbling with automated provisioning of ipa client servers, and i'm a little perplexed on how to add a keytab to a system during the %post section of a kickstart... i've run ipa-client-install -U -p admin -w redhat123 which works

Re: [Freeipa-users] ipa-getkeytab during %post

2012-02-08 Thread Dale Macartney
in an environment of their own so far? Dale On 02/08/2012 09:28 AM, Christian Horn wrote: On Wed, Feb 08, 2012 at 11:13:36AM +, Dale Macartney wrote: i'm dabbling with automated provisioning of ipa client servers, and i'm a little perplexed on how to add a keytab to a system during

Re: [Freeipa-users] ipa-getkeytab during %post

2012-02-08 Thread Dale Macartney
running ipa-client-install. Does this help paint a picture? Dale On 02/08/2012 01:49 PM, Simo Sorce wrote: On Wed, 2012-02-08 at 11:13 +, Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 morning all... i'm dabbling with automated provisioning of ipa client servers

Re: [Freeipa-users] ipa-getkeytab during %post

2012-02-08 Thread Dale Macartney
of compensating controls and logging. On Feb 8, 2012, at 6:44 AM, Dale Macartney wrote: Hi Simo ipa-client-install is provided by the ipa-client rpm. Details below Name : ipa-client Arch : x86_64 Version : 2.1.3 Release : 9.el6 Size : 222 k Repo : installed What I am trying to achieve

Re: [Freeipa-users] ipa-getkeytab during %post

2012-02-08 Thread Dale Macartney
service-add HTTP/$(hostname) I will be giving this a go for testing sake tonight. Dale On 02/08/2012 04:00 PM, Rob Crittenden wrote: Dale Macartney wrote: Hi JR I agree with your statement of acceptable risk.. this is my main reason for questioning.. The ideal situation would be to run

[Freeipa-users] Jabber services for IPA

2012-02-09 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Morning all I have a working setup of ejabberd authenticated to pam on an IPA client which works great.. However, unlike my other projects to provide details of integration with IPA, I am struggling with the SSO aspect of it, simply because of a

Re: [Freeipa-users] Jabber services for IPA

2012-02-09 Thread Dale Macartney
-Triggs wrote: On 02/09/2012 06:48 AM, Dale Macartney wrote: Morning all I have a working setup of ejabberd authenticated to pam on an IPA client which works great.. However, unlike my other projects to provide details of integration with IPA, I am struggling with the SSO aspect of it, simply

Re: [Freeipa-users] SELinux error during ipa-server-install

2012-02-10 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Marco I had a very similar issue trying to do the same thing a while back on the day RHEL 6.2 went GA.. My situation was SElinux enforcing, then run ipa-server-install.. it gets half way through the process and it fails then I tried SELinux

[Freeipa-users] Dovecot SSO Authentication HowTo is now available on Wiki

2012-02-10 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All I have added a walk through on configuring Dovecot to use IMAPS with SSO support to the Wiki. http://freeipa.org/page/Dovecot_IMAPS_Integration_with_FreeIPA_using_Single_Sign_On Feed back is more than welcome Dale -BEGIN PGP

Re: [Freeipa-users] Please help: How to restore IPA Master/Replicas from daily IPA Replica setup???

2012-05-22 Thread Dale Macartney
, Dale Macartney wrote: Dmitri, Rob I thought I might reply to you both directly, just in case others on the list vent frustrations on the ongoing discussion of this topic. I've been reading through the archives of the list for hot backup solutions, and this email thread really stood out. I am

[Freeipa-users] RHEL + IPA + Zimbra = ?

2012-05-30 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Evening all Has anyone dabbled with Zimbra integration with IPA as yet? I just had a brief brainstorm moment of thinking Now that would be useful. I'm curious to see if anyone else has tried it? Otherwise I'll give a go and see what docs I can

Re: [Freeipa-users] RHEL + IPA + Zimbra = ?

2012-05-31 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 31/05/12 00:13, Dmitri Pal wrote: On 05/30/2012 06:12 PM, Dale Macartney wrote: Evening all Has anyone dabbled with Zimbra integration with IPA as yet? I just had a brief brainstorm moment of thinking Now that would be useful. I'm

Re: [Freeipa-users] RHEL + IPA + Zimbra = ?

2012-05-31 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 31/05/12 15:10, Simo Sorce wrote: On Thu, 2012-05-31 at 07:55 +0100, Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 31/05/12 00:13, Dmitri Pal wrote: On 05/30/2012 06:12 PM, Dale Macartney wrote: Evening all

Re: [Freeipa-users] token/swipe pass deployments with IPA

2012-06-01 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 31/05/12 23:54, Dmitri Pal wrote: On 05/31/2012 03:03 PM, Dale Macartney wrote: Evening all http://www.youtube.com/watch?v=uvfkj8V6ylM This video was floating around Google plus a few days ago which is brilliant to show off RHEV's VDI

[Freeipa-users] IPA Service accounts (Bind accounts)

2012-06-02 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Evening all What's the recommended method for using service accounts with IPA? For example, using a piece of software that needs to bind to LDAP (aka Zimbra, Moodle, Joomla, etc), having a password expiry on that specific bind user would result in

Re: [Freeipa-users] IPA Service accounts (Bind accounts)

2012-06-02 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/06/12 20:31, Alexander Bokovoy wrote: On Sat, 02 Jun 2012, Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Evening all What's the recommended method for using service accounts with IPA? For example, using a piece

[Freeipa-users] HOWTO: Zimbra Authentication and GAL lookups with FreeIPA backend

2012-06-02 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Morning all Just a quick mail to to let everyone know that I have placed a new wiki page for integrating Zimbra authentication and GAL lookups into IPA. Link is here

Re: [Freeipa-users] SSH Keys?

2012-06-04 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/06/12 18:28, Kline, Sara wrote: Some of my users have expressed concerns about moving to FreeIPA because they prefer to use SSH. The main reason behind that is because they can use agent forwarding and only have to sign on once. I did find

[Freeipa-users] mail entries not populated for users

2012-06-05 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I may be overlooking something here, but from what I can gather, the value in the ipa config of Default e-mail domain for new users should automatically create the mail attribute for said user upon creation? Do I need to do an additional

Re: [Freeipa-users] mail entries not populated for users

2012-06-05 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/06/12 14:09, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I may be overlooking something here, but from what I can gather, the value in the ipa config of Default e-mail domain

Re: [Freeipa-users] mail entries not populated for users

2012-06-05 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/06/12 14:21, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/06/12 14:09, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I may

Re: [Freeipa-users] token/swipe pass deployments with IPA

2012-06-06 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/06/12 23:50, Dmitri Pal wrote: On 06/01/2012 03:14 AM, Dale Macartney wrote: On 31/05/12 23:54, Dmitri Pal wrote: On 05/31/2012 03:03 PM, Dale Macartney wrote: Evening all http://www.youtube.com/watch?v=uvfkj8V6ylM

[Freeipa-users] IPA managed DNS stub-zones

2012-06-09 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Evening all I am trying to set up a stub zone from my IPA domain (example.com) to my Windows domain (nt.example.com. Network details as follows example.com managed by IPA server ds01.example.com 10.0.1.11 nt.example.com managed by Win server

Re: [Freeipa-users] eJabberd authentication with FreeIPA via LDAP with Group member validation

2012-06-14 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14/06/12 18:24, Natxo Asenjo wrote: On Thu, Jun 14, 2012 at 12:54 PM, Dale Macartney d...@themacartneyclan.com mailto:d...@themacartneyclan.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've just placed another wiki article

[Freeipa-users] unable to add service principle from F17

2012-06-25 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I have a RHEL 6.2 ipa domain and I am running through one of my known working kickstarts for kerberised squid but instead of using RHEL i'm setting it up on Fedora 17. I get the following error on the fedora system which has

Re: [Freeipa-users] unable to add service principle from F17

2012-06-25 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/06/12 19:53, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I have a RHEL 6.2 ipa domain and I am running through one of my known working kickstarts for kerberised squid but instead

Re: [Freeipa-users] unable to add service principle from F17

2012-06-26 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/06/12 22:37, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/06/12 19:53, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I have

[Freeipa-users] IPA Backup / Restore - Everyone's favourite problem child!

2012-06-27 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Howdy all We have had quite alot of discussions on the list about this process but I'd like to get some documentation together so we are all speaking the same language. So last night I wrote a script to backup IPA based on the below article.

[Freeipa-users] strange gss failures in RHEL 6.3

2012-06-27 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Evening all I have just updated my local RHEL 6 repositories from 6.2 to 6.3 and installed a new ipa server in a test network. I get the following errors now despite having a valid tgt. This worked perfectly a few hours ago (before I updated the

Re: [Freeipa-users] IPA Backup / Restore - Everyone's favourite problem child!

2012-06-27 Thread Dale Macartney
] on behalf of Dale Macartney [d...@themacartneyclan.com] Sent: Wednesday, 27 June 2012 11:27 p.m. To: freeipa-users@redhat.com Subject: [Freeipa-users] IPA Backup / Restore - Everyone's favourite problem child! Howdy all We have had quite alot of discussions on the list about this process but I'd

Re: [Freeipa-users] strange gss failures in RHEL 6.3

2012-06-28 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/06/12 06:52, Sumit Bose wrote: On Wed, Jun 27, 2012 at 10:35:00PM +0100, Dale Macartney wrote: Evening all I have just updated my local RHEL 6 repositories from 6.2 to 6.3 and installed a new ipa server in a test network. I get

[Freeipa-users] New HowTo Doc: YubiRadius integration with group-validated FreeIPA Users using LDAPS

2012-07-14 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Morning all I've just published a walk through on tapping the YubiRadius virtual appliance into FreeIPA. Target audience level : Beginner Link to page is :

Re: [Freeipa-users] Backup Restore

2012-07-17 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Duncan I spent a substantial amount of time on restorations last week. I was working towards a System State Backup method of backing up IPA. I managed to get a restoration working on a completely clean system by doing a file level restore. What

[Freeipa-users] whats the recommended way to change OU structures in IPA?

2012-08-06 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Afternoon all Although I can use any ldapmodify capable tool to do this, I was wondering what the recommended way that we should be telling customers who want to change OU trees? e.g, say in a high school using IPA, they wished to create a parent

Re: [Freeipa-users] whats the recommended way to change OU structures in IPA?

2012-08-06 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/08/12 16:22, John Dennis wrote: On 08/06/2012 11:07 AM, Dale Macartney wrote: Although I can use any ldapmodify capable tool to do this, I was wondering what the recommended way that we should be telling customers who want to change OU

[Freeipa-users] RHEV-M + service accounts in IPA

2012-09-05 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Afternoon all I have a demo lab set up with RHEV 3.0 and IPA running on RHEL 6.3 ( ipa-server-2.2-16) I have an api script that handles all my deployments and I am trying to set up a role account for my script to run within a jenkins environment.

Re: [Freeipa-users] RHEV-M + service accounts in IPA

2012-09-05 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/09/12 13:39, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Afternoon all I have a demo lab set up with RHEV 3.0 and IPA running on RHEL 6.3 ( ipa-server-2.2-16) I have an api script

Re: [Freeipa-users] Backup and Restore procedures for IPA 2.2.0?

2012-12-19 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/19/2012 09:25 AM, Innes, Duncan wrote: Are there any results you can even talk about at this stage? Although, not offical supported by Red Hat. Here's something I wrote for my own environments. It is just a scripted tool to tar up what I can

[Freeipa-users] Integrating Yubikey tokens into FreeIPA

2012-12-19 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Morning all Heres something I was working on last night with Gavin Spurgeon. If anyone would like to comment on better ways to achieve this, i'd love to here it so I can update my own procedures (and the article of course)

Re: [Freeipa-users] Integrating Yubikey tokens into FreeIPA

2012-12-19 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/19/2012 01:20 PM, Simo Sorce wrote: On Wed, 2012-12-19 at 12:30 +, Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Morning all Heres something I was working on last night with Gavin Spurgeon. If anyone would

[Freeipa-users] Fedora 18 + FreeIPA 3.1

2012-12-29 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Afternoon all using Fedora 18 Beta and attempting to install FreeIPA 3.1 when running through the install of ipa-server-install --setup-dns I end up with a failure with the below output [root@ds01 ~]# ipa-server-install --setup-dns . .

Re: [Freeipa-users] Fedora 18 + FreeIPA 3.1

2012-12-29 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/29/2012 06:38 PM, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Afternoon all using Fedora 18 Beta and attempting to install FreeIPA 3.1 when running through the install of ipa-server

Re: [Freeipa-users] Fedora 18 + FreeIPA 3.1

2013-01-01 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/01/2013 11:42 PM, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/29/2012 06:38 PM, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1

Re: [Freeipa-users] Fedora 18 + FreeIPA 3.1

2013-01-02 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/02/2013 12:42 AM, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/01/2013 11:42 PM, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12

[Freeipa-users] FreeIPA + Yubikey conditional login process

2013-01-12 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Evening all So, basis of my testing environment is as follows RHEL 6 running IPA 2.2 or 3.0 (Will be looking to test on both versions) RHEL 6 and Fedora 18 workstations connected as ipa clients to IPA domain. I am using this article in place with

Re: [Freeipa-users] Fedora 18 - FreeIPA + AD

2013-01-19 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/19/2013 07:16 PM, Dmitri Pal wrote: On 01/19/2013 01:25 PM, MaSch wrote: Hello all, I'm trying to setup FreeIPA on Fedora 18 (Final) with AD integration on a test server. However I do not even get past the initial (local) steps described

Re: [Freeipa-users] Some interrogations about the freeipa deployment

2013-01-22 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/22/2013 09:51 PM, Steven Jones wrote: Hi, I have all done this, so from what you write I think IPA would be a good fit for what you want, except that is the single sign on bit I have not looked to see if that can be done. For http restart

[Freeipa-users] User info lookup via LDAP with Jabber +FreeIPA

2013-02-10 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all So I have started testing more of the end user experience of FreeIPA with my integration docs of different services over the weekend and when I logged in as an IPA test user to Jabber, I noticed that the user details are not being populated.

Re: [Freeipa-users] User info lookup via LDAP with Jabber +FreeIPA

2013-02-10 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/10/2013 04:39 PM, Dmitri Pal wrote: On 02/10/2013 07:15 AM, Dale Macartney wrote: Hi all So I have started testing more of the end user experience of FreeIPA with my integration docs of different services over the weekend and when I

[Freeipa-users] RHEL 6.4 , IPA 3.0 and bind-chroot

2013-02-23 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I've just performed a clean IPA installation and noticed that if you're using integrated DNS, you are still unable to use bind in a chrooted environment with a default IPA install. Basically if its a chrooted environment, named will fail to

[Freeipa-users] RHEL 6.4 ipa-client install on ipa member server

2013-02-23 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Even folks I've verified this both in a kickstart and via manual install to verify any user error on my part. I have a clean installation of RHEL 6.4 for an IPA domain of example.com I also have several clients which are also clean installs of

Re: [Freeipa-users] RHEL 6.4 ipa-client install on ipa member server

2013-02-23 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/23/2013 10:36 PM, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Even folks I've verified this both in a kickstart and via manual install to verify any user error on my part. I have a clean

Re: [Freeipa-users] RHEL 6.4 ipa-client install on ipa member server

2013-02-25 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/25/2013 10:15 AM, Jakub Hrozek wrote: On Sat, Feb 23, 2013 at 10:40:03PM +, Dale Macartney wrote: On 02/23/2013 10:36 PM, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Even folks

Re: [Freeipa-users] RHEL 6.4 ipa-client install on ipa member server

2013-02-25 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/25/2013 10:58 AM, Jakub Hrozek wrote: On Mon, Feb 25, 2013 at 10:30:44AM +, Dale Macartney wrote: What state is your SELinux in? Permissive/Enforcing/Disabled ? Another fail on my part. Works fine in permissive mode. No, the SSSD

Re: [Freeipa-users] RHEL 6.4 ipa-client install on ipa member server

2013-02-25 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/25/2013 11:15 AM, Jakub Hrozek wrote: On Mon, Feb 25, 2013 at 11:06:09AM +, Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/25/2013 10:58 AM, Jakub Hrozek wrote: On Mon, Feb 25, 2013 at 10:30:44AM +

Re: [Freeipa-users] Errors when trying IPA,Dovecot GSSAPI.

2013-03-06 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2013 02:46 PM, M.R Niranjan wrote: On 03/06/2013 08:03 PM, Johan Petersson wrote: Hi, I hope someone here can shed some light on what is wrong in my test environment. The error seem to be that Dovecot on mail server wants to access

[Freeipa-users] Preparing for domain trust breaks IPA services, RHEL 6.4 IPA 3.0

2013-03-07 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I've been trying to document the domain trust process for the past two days and I am seeing the same results no matter the configuration. Basically I have nuked and rebuilt my environment several times and all yields the same results. Steps

Re: [Freeipa-users] Errors when trying IPA,Dovecot GSSAPI.

2013-03-07 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2013 02:33 PM, Johan Petersson wrote: Hi, I hope someone here can shed some light on what is wrong in my test environment. The error seem to be that Dovecot on mail server wants to access mail folder in my home directory on the NFS

Re: [Freeipa-users] Errors when trying IPA,Dovecot GSSAPI.

2013-03-07 Thread Dale Macartney
. - *From:* freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dale Macartney [d...@themacartneyclan.com] *Sent:* Thursday, March 07, 2013 13:35 *To:* freeipa-users@redhat.com *Subject:* Re: [Freeipa-users] Errors when trying IPA,Dovecot

[Freeipa-users] Postfix and FreeIPA in a secure setup

2013-03-08 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I've been reading through threads and threads of mailing lists and google search results on this but most of the documentation isn't very specific and is just vague enough for me not to make any progress. Would anyone be able to assist with

Re: [Freeipa-users] Errors when trying IPA,Dovecot GSSAPI.

2013-03-08 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/08/2013 09:38 AM, Petr Spacek wrote: On 7.3.2013 18:06, Dale Macartney wrote: I have just updated the article to have dovecot automatically creating a maildir in a custom location. http://www.freeipa.org/page

Re: [Freeipa-users] Postfix and FreeIPA in a secure setup

2013-03-08 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/08/2013 12:39 PM, Loris Santamaria wrote: I can help you with items #1 and #2: El vie, 08-03-2013 a las 08:56 +, Dale Macartney escribió: Hi all I've been reading through threads and threads of mailing lists and google search

Re: [Freeipa-users] Postfix and FreeIPA in a secure setup

2013-03-08 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/08/2013 02:34 PM, Anthony Messina wrote: On Friday, March 08, 2013 08:09:20 AM Loris Santamaria wrote: 2. Kerberos / GSSAPI (I heard SASL can be used here as well ) for authenticated SSO mail sending Create the service in ipa, ipa

[Freeipa-users] Discussion: What would be the best way to create service principles via provisioning

2013-03-11 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I'm open to hear some opinions and thoughts on what the best way to auto-provision service principles in an environment with a 100% autonomous build process.. Lets say for example, I wanted to provision a mail server and configure dovecot

Re: [Freeipa-users] Discussion: What would be the best way to create service principles via provisioning

2013-03-11 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/11/2013 11:04 AM, Christian Horn wrote: Hoi, Dale Macartneyさんが書きました: I'm open to hear some opinions and thoughts on what the best way to auto-provision service principles in an environment with a 100% autonomous build process.. Lets

Re: [Freeipa-users] Discussion: What would be the best way to create service principles via provisioning

2013-03-11 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/11/2013 11:39 AM, Christian Horn wrote: Dale Macartneyさんが書きました: On 03/11/2013 11:04 AM, Christian Horn wrote: How about having service-add/ipa-getkeytab done on the server, and having the keytab deployed onto the clientsystem using

Re: [Freeipa-users] Postfix and FreeIPA in a secure setup

2013-03-12 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/08/2013 02:34 PM, Anthony Messina wrote: On Friday, March 08, 2013 08:09:20 AM Loris Santamaria wrote: 2. Kerberos / GSSAPI (I heard SASL can be used here as well ) for authenticated SSO mail sending Create the service in ipa, ipa

Re: [Freeipa-users] Postfix and FreeIPA in a secure setup

2013-03-13 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/12/2013 02:05 PM, Anthony Messina wrote: On Tuesday, March 12, 2013 08:53:59 AM Anthony Messina wrote: On Tuesday, March 12, 2013 01:50:47 PM Dale Macartney wrote: # Import environment for Kerberos v5 GSSAPI import_environment

Re: [Freeipa-users] squid problems when upgrading to 6.4

2013-03-13 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/13/2013 09:20 PM, Natxo Asenjo wrote: hi, following the howto http://freeipa.org/page/Squid_Integration_with_FreeIPA_using_Single_Sign_On I had setup squid. Tonight running the updates the changes to the init script

Re: [Freeipa-users] squid problems when upgrading to 6.4

2013-03-14 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/14/2013 08:07 AM, Martin Kosek wrote: On 03/13/2013 11:02 PM, Natxo Asenjo wrote: On Wed, Mar 13, 2013 at 10:45 PM, Dale Macartney d...@themacartneyclan.com wrote: I've just deployed a RHEL 6.4 proxy and the guide is still accurate

Re: [Freeipa-users] squid problems when upgrading to 6.4

2013-03-14 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/14/2013 08:11 AM, Dale Macartney wrote: On 03/14/2013 08:07 AM, Martin Kosek wrote: On 03/13/2013 11:02 PM, Natxo Asenjo wrote: On Wed, Mar 13, 2013 at 10:45 PM, Dale Macartney d...@themacartneyclan.com wrote: I've just deployed

Re: [Freeipa-users] Postfix and FreeIPA in a secure setup

2013-03-14 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/13/2013 12:48 PM, Anthony Messina wrote: On Wednesday, March 13, 2013 12:41:05 PM Dale Macartney wrote: Silly mistake on my part. Simple perms issue with keytab file. Below is a working config of postfix with IPA user lookups and kerberos

[Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012

2013-03-15 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Morning all I have setup the domain trust set up and have errors when trying to map groups from AD to IPA Environment is IPA 3.0 on RHEL 6.4 and Windows 2012 When adding groups, I get the following. [root@ds01 ~]# ipa group-add --desc='Active

Re: [Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012

2013-03-15 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2013 09:52 AM, Sumit Bose wrote: On Fri, Mar 15, 2013 at 09:38:04AM +, Dale Macartney wrote: Morning all I have setup the domain trust set up and have errors when trying to map groups from AD to IPA Environment is IPA 3.0

Re: [Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012

2013-03-15 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2013 10:03 AM, Dale Macartney wrote: On 03/15/2013 09:52 AM, Sumit Bose wrote: On Fri, Mar 15, 2013 at 09:38:04AM +, Dale Macartney wrote: Morning all I have setup the domain trust set up and have errors when trying to map

Re: [Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012

2013-03-15 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2013 10:06 AM, Dale Macartney wrote: On 03/15/2013 10:03 AM, Dale Macartney wrote: On 03/15/2013 09:52 AM, Sumit Bose wrote: On Fri, Mar 15, 2013 at 09:38:04AM +, Dale Macartney wrote: Morning all I have setup

[Freeipa-users] Adding Display Pictures/Avatars into FreeIPA

2013-12-05 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks Just a quick mail from me before I call it a night. Today I've added user display pictures/avatars into FreeIPA, detailed here. https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/ As well as

Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA

2013-12-06 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/12/13 22:58, Simo Sorce wrote: On Thu, 2013-12-05 at 22:32 +, Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks Just a quick mail from me before I call it a night. Today I've added user display pictures

Re: [Freeipa-users] Adding Display Pictures/Avatars into FreeIPA

2013-12-08 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/12/13 19:22, Dmitri Pal wrote: On 12/06/2013 08:56 AM, Simo Sorce wrote: Maybe you can open a RFE to let the framework support jpegphoto natively ? Simo. Yes, that would be really nice. Here you go folks, first trac ticket so be gentle!!

Re: [Freeipa-users] Dovecot/Postfix Auth, howto not working ?

2014-05-08 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/04/2014 10:22 PM, Matt . wrote: Hi Guys, I'm trying to auth Dovecot agains FreeIPA using this tut: http://www.freeipa.org/page/Dovecot_IMAPS_Integration_with_FreeIPA_using_Single_Sign_On (and also Postfix using this:

[Freeipa-users] Group Policy-like features in FreeIPA

2015-01-11 Thread Dale Macartney
Morning folks I am currently working on a little pet project which I think some would find useful. I would like to introduce some group policy like functionality into a FreeIPA domain. For example: In an environment running FreeIPA Server with Fedora or RHEL based workstations, I would like to