I am trying to understand if it is possible to NAT between a network running
Active Directory (AD) and a network running FreeIPA and have one-way trust from
FreeIPA to the AD.
My hypothesis is that it is not possible, for two reasons. First, I understand
that Kerberos uses several techniques (i
I am seeing inconsistent results configuring a DNS forward zone.
At a bash prompt, as root, after kinit admin, I do:
ipa dnsforwardzone-add domain.internal --forwarder= ww.xx.yy.zz
--forward-policy=only
That works fine and does not warn about DNSSEC.
In a Java webapp running as root under a Je
-enabled and
dnssec-validation are set to 'no' in the /etc/named.conf.
So I'm confused that you say the DNSSEC should always fail.
Thanks for your help!
From: Martin Bašti
Date: Wednesday, April 19, 2017 at 3:59 AM
To: Dan Dietterich , "freeipa-users@redhat.com"
Subject: R
r a subprocess of my Java
webapp ALWAYS gets the warning regardless.
If there really should be a warning, then why don't I see it from the CLI?
And can you help me understand what would be significantly different between an
interactive login and a "su –l root" in salt?
Thank you fo
I have noticed this behavior when setting up an external AD group:
1. create trust
2. create external group
3. add Group@Domain to external group - FAILS: "trusted domain object not
found"
4. retry: add Group@Domain to external group - SUCCESS
Two questions:
1.
With a one-way trust from FreeIPA 4.4 to Active Directory on WinServ2012r2, I
am trying to use FreeIPA LDAP for user authentication.
Is that supposed to work?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://free