[Freeipa-users] revocation of a ssl certificate

sufficient? I didn't see the /var/lib/ipa/pki-ca/publish/MasterCRL.bin changed. I though I should find the revocated certificate inside this binary file? Also, how can I print the content of MasterCRL.bin in a "readable" output? Regards, Nicolas Zin PS: I have to confess that I d

[Freeipa-users] backup procedure : procedure for a lost of primary master

publishing CRLS? I didn't found the procedure. Also do I care to differentiate between the first master and other replica, if my IPA installation use an external root CA certificate (Windows AD in that case)? Regards, Nicolas Zin -- Manage your subscription for the Freeipa-users ma

[Freeipa-users] Centos5 - freeipa - AD trust

not support cross realm? (and indeed, it cannot works) or is it possible to make it working? and my error is somewhere else? Regards, Nicolas Zin nicolas@savoirfairelinux.com Ligne directe: 514-276-5468 poste 135 Fax : 514-276-5465 7275 Saint Urbain Bureau 200 Montréal, QC, H2R 2Y5 -- Man

Re: [Freeipa-users] Centos5 - freeipa - AD trust

7;t have tested yet with putty, from windows, maybe it doesn't matter. Regards, Nicolas Zin - Mail original - De: "Alexander Bokovoy" À: "Nicolas Zin" Cc: freeipa-users@redhat.com Envoyé: Mardi 25 Novembre 2014 16:40:57 Objet: Re: [Freeipa-users] Centos5 -

[Freeipa-users] freeipa-freeipa trust relationship

Hi, I know that it is possible to connect a FreeIPA/idm to an Active Directory forest. But is there a way to have a relationship between 2 freeipa domains, and if yes, is there any documentation. Thanks in advance. Nicolas Zin nicolas@savoirfairelinux.com Ligne directe: 514-276-5468

Re: [Freeipa-users] freeipa-freeipa trust relationship

> - Mail original - > De: "Alexander Bokovoy" > À: "Nicolas Zin" > Cc: freeipa-users@redhat.com > Envoyé: Lundi 1 Décembre 2014 19:28:20 > Objet: Re: [Freeipa-users] freeipa-freeipa trust relationship > > On Mon, 01 Dec 2014, Nicolas Zin wro

[Freeipa-users] sssd uid mapping from an ad trust

Hi, the question of the day I should say. In a Redhat7/FreeIPA 3.3 environment. In an AD trust relationship, when I connect with an AD user to a IDM client, I append to login with a generated uid. Is there a way to provide a custom algorithm to map the uid from Active Directory info. In our AD,

[Freeipa-users] ad trust and default_domain_suffix

nel…) Regards, Nicolas Zin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] ad trust and default_domain_suffix

I answer to myself. (but my problem is not resolved) > - Mail original - > De: "Nicolas Zin" > À: freeipa-users@redhat.com > Envoyé: Jeudi 4 Décembre 2014 18:49:36 > Objet: [Freeipa-users] ad trust and default_domain_suffix > > Hi, > > I have a I

[Freeipa-users] one way AD trust relationship

fine, but when I try kinit administra...@ipawindows.mtl.sfl kinit: KDC reply did not match expectations while getting initial credentials I tried others ways, but I wonder if it is possible to have a one-way trust relationship? Thanks for your help! Nicolas Zin nicolas

[Freeipa-users] bug with ipa-replica and external dns?

DNS record because DNS is not set up. " The message is pretty clear: the DNS is not set up: for sure, it is externally managed. Should I consider it as a bug? Or is there something I did wrong? Regards, Nicolas Zin nicolas@savoirfairelinux.com Ligne directe: 514-276-5468 poste 135 Fax

Re: [Freeipa-users] bug with ipa-replica and external dns?

>- Mail original - >De: "Martin Basti" >À: "Nicolas Zin" , freeipa-users@redhat.com >Envoyé: Mardi 10 Février 2015 14:02:30 >Objet: Re: [Freeipa-users] bug with ipa-replica and external dns? > >On 10/02/15 10:42, Nicolas Zin wrote: >> Hi. &

Re: [Freeipa-users] bug with ipa-replica and external dns?

great! works if I don't add "--ip-address" thanks! - Mail original ----- De: "Nicolas Zin" À: "Martin Basti" Cc: freeipa-users@redhat.com Envoyé: Mardi 10 Février 2015 14:14:13 Objet: Re: [Freeipa-users] bug with ipa-replica and external dns? >

[Freeipa-users] ad relation with winsync

connect via ssl on the 636 port correctly (so the certificate is in place). I don't know how to check it is working properly on port 389, i.e. START_TLS works - I checked that the 2 box have the same time (ntp) - I nearly manage to make it working once, but I got another error during replicati

Re: [Freeipa-users] ad relation with winsync

failed! Status: [-11 - LDAP error: Connect error] So apparently I manage to connect to AD but something went wrong after? How can I debug it? Regards, Nicolas Zin - Mail original - De: "Nicolas Zin" À: freeipa-users@redhat.com Envoyé: Mercredi 11 Février 2015 12:0

Re: [Freeipa-users] ad relation with winsync

Do you have an idea? Are some of the Windows attributs necessary even for a one way (windows to linux) synchronisation? Regards, Nicolas - Mail original - De: "Rich Megginson" À: freeipa-users@redhat.com Envoyé: Mercredi 11 Février 2015 18:57:43 Objet: Re: [Freeipa-use

Re: [Freeipa-users] ad relation with winsync

> The is is treated as the ultimate source so adds should go only from AD > to IPA but you need the modify to work both ways otherwise your account > state will get out of sync. > Whatever is required by docs is the minimal privilege you need to have > to sync users. > > However did you cons

Re: [Freeipa-users] ad relation with winsync

the - Mail original - > De: "Alexander Bokovoy" > À: "Nicolas Zin" > Cc: d...@redhat.com, freeipa-users@redhat.com > Envoyé: Jeudi 12 Février 2015 12:57:07 > Objet: Re: [Freeipa-users] ad relation with winsync > > On Thu, 12 Feb 2015, Nicolas

[Freeipa-users] resolving subdomain AD in a trust relationship

tSID S-1-5-21-blabla-blabla-blabla-496378] to a UNIX ID I have to add: - it is on a Windows 2008R2 - it is a functional Windows 2003 level AD Any idea? Nicolas Zin nicolas@savoirfairelinux.com Ligne directe: 514-276-5468 poste 135 Fax : 514-276-5465 7275 Saint Urbain Bureau 200 Montréal, Q

Re: [Freeipa-users] resolving subdomain AD in a trust relationship

d set ldap_idmap_range_size? and if yes, in which section? :-( thank you - Mail original - De: "Alexander Bokovoy" À: "Nicolas Zin" Cc: freeipa-users@redhat.com, "Francois Cami" Envoyé: Lundi 16 Février 2015 13:50:38 Objet: Re: [Freeipa-users] resolving subdomain AD in a

[Freeipa-users] issues with sudo on RHEL5.8

17 04:35:59 srv-rhel58-01 sudo: pam_sss(sudo-i:auth): authentication success; logname=nzin uid=0 euid=0 tty=/dev/pts/3 ruser= rhost= user=nzin Feb 17 04:35:59 srv-rhel58-01 sudo: nzin : user NOT in sudoers ; TTY=pts/3 ; PWD=/home/nzin ; USER=root ; COMMAND=/bin/bash Regard

Re: [Freeipa-users] issues with sudo on RHEL5.8

Thanks, that helps! I mistyped binddn and bindpw - Mail original - De: "Lukasz Jaworski" À: "Nicolas Zin" Cc: freeipa-users@redhat.com Envoyé: Mardi 17 Février 2015 13:31:20 Objet: Re: [Freeipa-users] issues with sudo on RHEL5.8 > > With a RHEL7 IDM instal

Re: [Freeipa-users] issues with sudo on RHEL5.8

sure. Let me come back on that matter a bit later on next week. - Mail original - De: "Dmitri Pal" À: freeipa-users@redhat.com Envoyé: Mardi 17 Février 2015 19:39:40 Objet: Re: [Freeipa-users] issues with sudo on RHEL5.8 On 02/17/2015 05:18 AM, Nicolas Zin wrote: > Tha

Re: [Freeipa-users] ad relation with winsync

te "cn=Users,DC=company,DC=com" I have users replicated. but I'm not sure that all are replicated. - Mail original - De: "Nicolas Zin" À: "Rich Megginson" Cc: freeipa-users@redhat.com Envoyé: Jeudi 12 Février 2015 09:37:26 Objet: Re: [Freeipa-user