sufficient?
I didn't see the /var/lib/ipa/pki-ca/publish/MasterCRL.bin changed. I though I
should find the revocated certificate inside this binary file?
Also, how can I print the content of MasterCRL.bin in a "readable" output?
Regards,
Nicolas Zin
PS: I have to confess that I d
publishing CRLS? I didn't found the procedure.
Also do I care to differentiate between the first master and other replica, if
my IPA installation use an external root CA certificate (Windows AD in that
case)?
Regards,
Nicolas Zin
--
Manage your subscription for the Freeipa-users ma
not support cross realm? (and indeed, it cannot works)
or is it possible to make it working? and my error is somewhere else?
Regards,
Nicolas Zin
nicolas@savoirfairelinux.com
Ligne directe: 514-276-5468 poste 135
Fax : 514-276-5465
7275 Saint Urbain
Bureau 200
Montréal, QC, H2R 2Y5
--
Man
7;t have tested yet with putty, from windows, maybe it doesn't matter.
Regards,
Nicolas Zin
- Mail original -
De: "Alexander Bokovoy"
À: "Nicolas Zin"
Cc: freeipa-users@redhat.com
Envoyé: Mardi 25 Novembre 2014 16:40:57
Objet: Re: [Freeipa-users] Centos5 -
Hi,
I know that it is possible to connect a FreeIPA/idm to an Active Directory
forest.
But is there a way to have a relationship between 2 freeipa domains, and if
yes, is there any documentation.
Thanks in advance.
Nicolas Zin
nicolas@savoirfairelinux.com
Ligne directe: 514-276-5468
> - Mail original -
> De: "Alexander Bokovoy"
> À: "Nicolas Zin"
> Cc: freeipa-users@redhat.com
> Envoyé: Lundi 1 Décembre 2014 19:28:20
> Objet: Re: [Freeipa-users] freeipa-freeipa trust relationship
>
> On Mon, 01 Dec 2014, Nicolas Zin wro
Hi,
the question of the day I should say. In a Redhat7/FreeIPA 3.3 environment.
In an AD trust relationship, when I connect with an AD user to a IDM client, I
append to login with a generated uid.
Is there a way to provide a custom algorithm to map the uid from Active
Directory info.
In our AD,
nel…)
Regards,
Nicolas Zin
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
I answer to myself. (but my problem is not resolved)
> - Mail original -
> De: "Nicolas Zin"
> À: freeipa-users@redhat.com
> Envoyé: Jeudi 4 Décembre 2014 18:49:36
> Objet: [Freeipa-users] ad trust and default_domain_suffix
>
> Hi,
>
> I have a I
fine, but when I try
kinit administra...@ipawindows.mtl.sfl
kinit: KDC reply did not match expectations while getting initial credentials
I tried others ways, but I wonder if it is possible to have a one-way trust
relationship?
Thanks for your help!
Nicolas Zin
nicolas
DNS record because DNS is not set up.
"
The message is pretty clear: the DNS is not set up: for sure, it is externally
managed.
Should I consider it as a bug? Or is there something I did wrong?
Regards,
Nicolas Zin
nicolas@savoirfairelinux.com
Ligne directe: 514-276-5468 poste 135
Fax
>- Mail original -
>De: "Martin Basti"
>À: "Nicolas Zin" , freeipa-users@redhat.com
>Envoyé: Mardi 10 Février 2015 14:02:30
>Objet: Re: [Freeipa-users] bug with ipa-replica and external dns?
>
>On 10/02/15 10:42, Nicolas Zin wrote:
>> Hi.
&
great!
works if I don't add "--ip-address"
thanks!
- Mail original -----
De: "Nicolas Zin"
À: "Martin Basti"
Cc: freeipa-users@redhat.com
Envoyé: Mardi 10 Février 2015 14:14:13
Objet: Re: [Freeipa-users] bug with ipa-replica and external dns?
>
connect via ssl on the 636 port correctly (so the certificate is in place). I
don't know how to check it is working properly on port 389, i.e. START_TLS works
- I checked that the 2 box have the same time (ntp)
- I nearly manage to make it working once, but I got another error during
replicati
failed! Status: [-11 - LDAP error:
Connect error]
So apparently I manage to connect to AD but something went wrong after?
How can I debug it?
Regards,
Nicolas Zin
- Mail original -
De: "Nicolas Zin"
À: freeipa-users@redhat.com
Envoyé: Mercredi 11 Février 2015 12:0
Do you have an idea? Are some of the
Windows attributs necessary even for a one way (windows to linux)
synchronisation?
Regards,
Nicolas
- Mail original -
De: "Rich Megginson"
À: freeipa-users@redhat.com
Envoyé: Mercredi 11 Février 2015 18:57:43
Objet: Re: [Freeipa-use
> The is is treated as the ultimate source so adds should go only from AD
> to IPA but you need the modify to work both ways otherwise your account
> state will get out of sync.
> Whatever is required by docs is the minimal privilege you need to have
> to sync users.
>
> However did you cons
the
- Mail original -
> De: "Alexander Bokovoy"
> À: "Nicolas Zin"
> Cc: d...@redhat.com, freeipa-users@redhat.com
> Envoyé: Jeudi 12 Février 2015 12:57:07
> Objet: Re: [Freeipa-users] ad relation with winsync
>
> On Thu, 12 Feb 2015, Nicolas
tSID S-1-5-21-blabla-blabla-blabla-496378] to a UNIX ID
I have to add:
- it is on a Windows 2008R2
- it is a functional Windows 2003 level AD
Any idea?
Nicolas Zin
nicolas@savoirfairelinux.com
Ligne directe: 514-276-5468 poste 135
Fax : 514-276-5465
7275 Saint Urbain
Bureau 200
Montréal, Q
d set ldap_idmap_range_size? and if yes, in
which section? :-(
thank you
- Mail original -
De: "Alexander Bokovoy"
À: "Nicolas Zin"
Cc: freeipa-users@redhat.com, "Francois Cami"
Envoyé: Lundi 16 Février 2015 13:50:38
Objet: Re: [Freeipa-users] resolving subdomain AD in a
17 04:35:59 srv-rhel58-01 sudo: pam_sss(sudo-i:auth): authentication
success; logname=nzin uid=0 euid=0 tty=/dev/pts/3 ruser= rhost= user=nzin
Feb 17 04:35:59 srv-rhel58-01 sudo: nzin : user NOT in sudoers ; TTY=pts/3
; PWD=/home/nzin ; USER=root ; COMMAND=/bin/bash
Regard
Thanks,
that helps!
I mistyped binddn and bindpw
- Mail original -
De: "Lukasz Jaworski"
À: "Nicolas Zin"
Cc: freeipa-users@redhat.com
Envoyé: Mardi 17 Février 2015 13:31:20
Objet: Re: [Freeipa-users] issues with sudo on RHEL5.8
>
> With a RHEL7 IDM instal
sure.
Let me come back on that matter a bit later on next week.
- Mail original -
De: "Dmitri Pal"
À: freeipa-users@redhat.com
Envoyé: Mardi 17 Février 2015 19:39:40
Objet: Re: [Freeipa-users] issues with sudo on RHEL5.8
On 02/17/2015 05:18 AM, Nicolas Zin wrote:
> Tha
te "cn=Users,DC=company,DC=com" I have users replicated. but I'm
not sure that all are replicated.
- Mail original -
De: "Nicolas Zin"
À: "Rich Megginson"
Cc: freeipa-users@redhat.com
Envoyé: Jeudi 12 Février 2015 09:37:26
Objet: Re: [Freeipa-user
24 matches
Mail list logo