On Thu, Oct 29, 2009 at 10:54:01PM -0600, Jason Gerard DeRose wrote:
On Thu, 2009-10-29 at 17:56 -0400, Dan Scott wrote:
Hi,
I'm trying to integrate FreeIPA with a Java webapp using JAAS. I have
the login module configured properly and it is working fine.
However, I have a problem
On Sun, May 02, 2010 at 08:41:14PM +0200, Oliver Burtchen wrote:
Am Sonntag, 2. Mai 2010 04:43:22 schrieb Rob Crittenden:
Oliver Burtchen wrote:
Hi Stephen,
I nailed the problem now a little bit down. I think it's HBAC with it's
empty rules in the standard configuration. For me it
On Thu, Jul 22, 2010 at 11:19:44AM -0400, Scott Duckworth wrote:
On Thu, Jul 22, 2010 at 11:07 AM, Sumit Bose sb...@redhat.com wrote:
On Thu, Jul 22, 2010 at 10:19:37AM +0200, Sumit Bose wrote:
On Wed, Jul 21, 2010 at 03:22:29PM -0400, Scott Duckworth wrote:
...
something
On Wed, Feb 16, 2011 at 09:28:10AM -0500, Peter Doherty wrote:
On Feb 16, 2011, at 04:10 , Sumit Bose wrote:
On Tue, Feb 15, 2011 at 06:30:51PM -0500, Peter Doherty wrote:
On Feb 15, 2011, at 14:45 , Simo Sorce wrote:
On Tue, 15 Feb 2011 14:09:07 -0500
Peter Doherty dohe
On Fri, Dec 09, 2011 at 02:15:18AM +, Steven Jones wrote:
Hi
From the HNAS manual
8-
Kerberos Configuration
Configuring the NAS server requires three steps:
1. Create the principal and key of the service (the EVS) on the KDC (Key
Distribution Center).
2. Export a keytab
On Tue, Feb 07, 2012 at 11:49:07AM +0100, Sigbjorn Lie wrote:
Hi,
This error occurs when starting Acrobat Reader. This occured with version 8,
and I just downloaded
AdobeReader_enu-9.4.7-1 to see if that would make a difference. Same problem.
This is a Red Hat 5 machine running
On Mon, May 14, 2012 at 07:57:06PM -0700, David Copperfield wrote:
Hi all,
The online manual says that the '--usercat' means 'User category the rule
applies to'; '--hostcat' has the similar explanation. But I still don't
understand how that could be used in real life and when/where to
On Wed, Jun 27, 2012 at 10:35:00PM +0100, Dale Macartney wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Evening all
I have just updated my local RHEL 6 repositories from 6.2 to 6.3 and
installed a new ipa server in a test network.
I get the following errors now despite having a
On Mon, Oct 22, 2012 at 08:57:56PM +0200, Fred van Zwieten wrote:
Hello,
I have a problem. My setup:
- IPA server for domain example.com on ipa.example.com
- DNS server sub.example.com on host.sub.example.com
- client.example.com with IP-nr off ipa.example.com in resolv.conf
- an A
On Tue, Dec 18, 2012 at 03:16:47PM -0500, John Dennis wrote:
On 12/18/2012 01:26 PM, Andre Rodrigues wrote:
Hi all,
I'm testing AD trust following this how to:
http://www.freeipa.org/page/IPAv3_testing_AD_trust
but when I set ipa dnszone-add I get this:
[root@m ~] ipa dnszone-add AD.DOMAIN
On Wed, Dec 19, 2012 at 09:13:21AM +0100, Petr Spacek wrote:
On 12/18/2012 09:56 PM, John Dennis wrote:
ipa: ERROR: unable to parse cookie header
'ipa_session=f963e8e4006fdcd79e1a2a5a989b4d01; Domain=IPA.DOMAIN;
Path=/ipa; Expires=Thu, 18 Dec 2012 13:54:33 GMT; Secure; HttpOnly':
unable to
On Tue, Dec 18, 2012 at 03:56:27PM -0500, John Dennis wrote:
On 12/18/2012 03:30 PM, Sumit Bose wrote:
On Tue, Dec 18, 2012 at 03:16:47PM -0500, John Dennis wrote:
On 12/18/2012 01:26 PM, Andre Rodrigues wrote:
Hi all,
I'm testing AD trust following this how to:
http://www.freeipa.org/page
On Fri, Jan 04, 2013 at 04:14:36PM +0100, Han Boetes wrote:
You are absolutely right; the credentials aren't forwarded.
I have enabled the option allow gssapi credential delegation. So one
would expect that it should work.
I just installed the mit kerberos tools and I can see all the
01/04/13 14:52:49 01/05/13 14:52:49 krbtgt/REALM@REALM
[fh@test-server-ipa ~]$
That's does provide a valid ticket but not a passwordless login. Actually I
have to enter a pass twice here!
On Fri, Jan 4, 2013 at 4:25 PM, Sumit Bose sb...@redhat.com wrote:
On Fri, Jan 04, 2013
On Mon, Jan 07, 2013 at 09:15:41AM +0100, Han Boetes wrote:
On Fri, Jan 4, 2013 at 6:52 PM, Sumit Bose sb...@redhat.com wrote:
About delegating credentials, you might need to set the ok_as_delegate
flag on the host/* service ticket. To do this you can call kadmin.local
on the IPA server
On Mon, Jan 07, 2013 at 09:56:42AM +0100, Han Boetes wrote:
There was something going on with a firewall blocking something and that
windows host didn't have a cert yet. But still:
Using Kerberos authentication
Using principal fh@REALM
Got host ticket host/test-server-ipa.domain@REALM
On Mon, Jan 07, 2013 at 05:00:09PM +0100, Han Boetes wrote:
I just had a long and fruitfull debugging session with Sumit and this is
what we discovered.
Thank you for your patience and help to debug this issue.
The default settings do run fine for linux machines but for windows hosts
they
On Tue, Feb 19, 2013 at 03:29:03PM -0700, ninib...@worldd.org wrote:
?
?
Actually
i'd like to take that back now, it works fine when running kpasswd, but if
user password is expired when SSH to client, during the reset it only
tried UDP same if issuing passwd command as well.
Both use
On Mon, Mar 11, 2013 at 01:21:26AM -0400, Tim Hildred wrote:
It definately wasn't a policy problem. I couldn't even use ipa passwd as
admin from the command line, there was a connection error. The upgrade meant
my IPA server was straight borked. The solution? Revert to a previous
snapshot,
On Fri, Mar 15, 2013 at 09:38:04AM +, Dale Macartney wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Morning all
I have setup the domain trust set up and have errors when trying to map
groups from AD to IPA
Environment is IPA 3.0 on RHEL 6.4 and Windows 2012
When adding
On Tue, Mar 26, 2013 at 07:05:20PM -0400, Rob Crittenden wrote:
David Redmond wrote:
Hi,
I've setup FreeIPA for the first time and am using it successfully with
Linux and Solaris 10 clients. On 8 separate Solaris 9 clients I'm
running into an issue where 'kinit USER', for any user, fails
On Wed, Mar 27, 2013 at 10:44:53AM +0100, Martin Kosek wrote:
On 03/27/2013 02:11 AM, David Redmond wrote:
Hi again,
I've got a bit more information. I've found that I can successfully kinit on
the Solaris 9 clients if, on the server, I change the user's password by:
ipa-getkeytab
On Fri, Apr 19, 2013 at 11:03:02AM +0200, Natxo Asenjo wrote:
hi,
while following the instructions in
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html
I run step 9:
smbclient -L kdc.ipa.asenjo.nx -k
On Fri, Apr 19, 2013 at 11:45:47AM +0200, Natxo Asenjo wrote:
I saw there is a log in /var/log/samba/log.wb-IPA
The log complains about missing keys for the spn for the hostname (not the
fqdn, just the hostname):
Connection to LDAP server failed for the 15 try!
[2013/04/19
feature. It was always
recommended because also other services like sshd, httpd, sssd might
have problems finding the right Kerberos keys from their keytabs.
bye,
Sumit
Thanks!
--
groet,
natxo
--
Groeten,
natxo
On Fri, Apr 19, 2013 at 12:11 PM, Sumit Bose sb...@redhat.com wrote
On Fri, Apr 19, 2013 at 12:47:47PM +0200, Natxo Asenjo wrote:
hi,
just a little 'but'.
when verifying the trust (point 12
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html)
# kinit user
Password
On Fri, Apr 19, 2013 at 10:14:36PM +0200, Natxo Asenjo wrote:
hi,
a bit puzzled now. I have joined another 2k8r2 host to the AD domain that
is trusted by the ipa domain.
As AD\administrator I can ssh to the linux host.
I create a bunch of AD users, standard members of 'Domain Users'.
On Thu, Apr 25, 2013 at 12:38:18PM +0200, Pavel Březina wrote:
On 04/24/2013 07:20 PM, Aly Khimji wrote:
(Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd..com]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0, NULL)
[Success]
(Wed Apr 24 13:07:35 2013)
On Mon, Jun 03, 2013 at 09:22:21PM -0400, Aly Khimji wrote:
Hey guys,
Just wanted to say thank you for all your support with everything and
answering all my questions.
Just wanted to show you something, maybe you can shed some light..
Below is my self running the ID command on 2 different
On Mon, Jun 03, 2013 at 04:30:19PM -0400, Dmitri Pal wrote:
On 06/03/2013 02:23 PM, Aly Khimji wrote:
Quick questions guys,
can you advise if there is a particular place(s) successful and failed
users authentication is logged? I know from local users I can go
through the 389 access
On Tue, Jun 04, 2013 at 09:40:21AM -0400, Aly Khimji wrote:
I re-logged in this morning into the server and i see the following on the
server
Any thoughts?
Thx again.
SERVER:
-sh-4.1$ id
uid=59401108(akhi...@corpnonprd..com) gid=59401108(
akhi...@corpnonprd..com)
On Wed, Jun 12, 2013 at 02:04:33PM +0200, Leah Zimmermann wrote:
Am 12.06.2013 12:03, schrieb Sumit Bose:
On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote:
Dear List Members,
I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted
relationship to an AD-Domain
On Thu, Jun 13, 2013 at 01:49:30PM +0200, Leah Zimmermann wrote:
Hello Sumit,
Hello List Members,
Am 13.06.2013 09:18, schrieb Sumit Bose:
On Wed, Jun 12, 2013 at 02:04:33PM +0200, Leah Zimmermann wrote:
Am 12.06.2013 12:03, schrieb Sumit Bose:
On Wed, Jun 12, 2013 at 11:42:23AM +0200
On Tue, Jun 18, 2013 at 08:00:02AM +0200, Leah Zimmermann wrote:
On 06/14/2013 09:08 AM, Sumit Bose wrote:
On Thu, Jun 13, 2013 at 01:49:30PM +0200, Leah Zimmermann wrote:
Hello Sumit,
Hello List Members,
Am 13.06.2013 09:18, schrieb Sumit Bose:
On Wed, Jun 12, 2013 at 02:04:33PM +0200
On Thu, Jun 20, 2013 at 04:04:06PM +0200, Leah Zimmermann wrote:
On 06/19/2013 03:01 PM, Sumit Bose wrote:
On Tue, Jun 18, 2013 at 08:00:02AM +0200, Leah Zimmermann wrote:
On 06/14/2013 09:08 AM, Sumit Bose wrote:
On Thu, Jun 13, 2013 at 01:49:30PM +0200, Leah Zimmermann wrote:
Hello Sumit
On Wed, Jul 03, 2013 at 10:17:19AM -0400, Michael Mercier wrote:
Hello,
I tried to login (ssh) to one (of three) freeipa systems running on CentOS
yesterday without success.
Running 'ssh root@service-2', the server would reply with a password prompt
and then hang. I went to the system
On Tue, Jul 30, 2013 at 03:01:18PM -0500, KodaK wrote:
Ok, so, yeah -- my first question stands. This works when it falls
back to LDAP, but it does not honor a kerberos ticket. Is there a way
to do that in the same circumstances?
Thanks again,
--Jason
On Tue, Jul 30, 2013 at 2:58 PM,
On Wed, Jul 31, 2013 at 11:09:43AM -0500, KodaK wrote:
On Wed, Jul 31, 2013 at 6:56 AM, Sumit Bose sb...@redhat.com wrote:
I think that's the issue. You have to make sure that host.domain.com has
a DNS entry somewhere, it does not have to be the IPA DNS but the DNS
setup must
On Wed, Jul 31, 2013 at 11:12:47AM -0500, KodaK wrote:
On Wed, Jul 31, 2013 at 11:09 AM, KodaK sako...@gmail.com wrote:
On Wed, Jul 31, 2013 at 6:56 AM, Sumit Bose sb...@redhat.com wrote:
I think that's the issue. You have to make sure that host.domain.com has
a DNS entry
On Wed, Jul 31, 2013 at 01:57:50PM -0500, KodaK wrote:
On Wed, Jul 31, 2013 at 1:28 PM, KodaK sako...@gmail.com wrote:
On Wed, Jul 31, 2013 at 11:24 AM, Sumit Bose sb...@redhat.com wrote:
On Wed, Jul 31, 2013 at 11:12:47AM -0500, KodaK wrote:
On Wed, Jul 31, 2013 at 11:09 AM, KodaK sako
On Wed, Jul 31, 2013 at 03:03:04PM -0500, KodaK wrote:
On Wed, Jul 31, 2013 at 1:28 PM, KodaK sako...@gmail.com wrote:
On Wed, Jul 31, 2013 at 11:24 AM, Sumit Bose sb...@redhat.com wrote:
On Wed, Jul 31, 2013 at 11:12:47AM -0500, KodaK wrote:
On Wed, Jul 31, 2013 at 11:09 AM, KodaK sako
On Fri, Aug 02, 2013 at 12:55:12PM -0500, KodaK wrote:
First, before we go any further: is it supported to use
sssd when the client machines domain differs from
the realm name? If not, then the rest of this is moot.
Client box is a RHEL 5.something. I didn't do ipa-client-install
because
On Wed, Aug 14, 2013 at 09:19:17AM -0400, Brian Lee wrote:
Hi All,
Our current account management policy requires that users change their AD
passwords via a special portal, however I've noticed that this can be
bypassed by issuing passwd on a Linux system while logged in with AD
On Tue, Sep 24, 2013 at 01:39:28PM +0400, Михаил А wrote:
Hello.
freeipa-server-3.3fedora19
ipa-replica1-fedora19
ipa-replica2 ferdora19
ssh auth with windows accounts on ipa-replica1-fedora19 is OK
ssh auth with windows accounts on ipa-replica1-fedora19 is acces denied
id
On Wed, Sep 25, 2013 at 10:17:04AM +0200, Martin Kosek wrote:
On 09/24/2013 04:40 PM, Alexander Bokovoy wrote:
On Tue, 24 Sep 2013, Alexandre Ellert wrote:
Hi,
I've successfully setup a testing environment with an IPA server (RHEL 6.4)
and a cross realm trust with my Active Directory
On Wed, Sep 25, 2013 at 12:01:38PM +0300, Alexander Bokovoy wrote:
On Wed, 25 Sep 2013, Sumit Bose wrote:
On Wed, Sep 25, 2013 at 10:17:04AM +0200, Martin Kosek wrote:
On 09/24/2013 04:40 PM, Alexander Bokovoy wrote:
On Tue, 24 Sep 2013, Alexandre Ellert wrote:
Hi,
I've successfully
On Thu, Sep 26, 2013 at 02:58:43PM +0100, Innes, Duncan wrote:
Sorry,
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: 26 September 2013 14:29
To: Innes, Duncan
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Force IPA to accept password?
On Fri, Sep 27, 2013 at 10:27:30AM +0200, Martin Kosek wrote:
On 09/27/2013 09:31 AM, Innes, Duncan wrote:
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Sumit Bose
Sent: 26 September 2013 17:36
To: freeipa-users
On Mon, Sep 30, 2013 at 03:20:46PM +0100, Mohan Cheema wrote:
Hi,
We are trying to authenticate from Windows machine and getting below error.
Sep 30 14:07:34 kdc1.domain.com krb5kdc[10105](info): AS_REQ (7 etypes {18
17 23 3 1 24 -135}) 10.43.2.45:
On Wed, Nov 13, 2013 at 08:19:18PM +0100, Nicklas Björk wrote:
On 2013-11-13 20:00, Simo Sorce wrote:
On Tue, 2013-11-12 at 21:50 +0100, Nicklas Björk wrote:
On 2013-11-12 21:39, Simo Sorce wrote:
On Tue, 2013-11-12 at 21:11 +0100, Nicklas Björk wrote:
In our evironment we have very
On Mon, Nov 25, 2013 at 09:23:22AM +1000, Matt Bryant wrote:
All,
Was wondering if anyone can help out or point us the in right
direction. Ever since we updated from IPA v2.1 to IPA v3.0 have been
seeing some intermittent errors when trying to change passwords etc.
Getting the error cannot
On Tue, Nov 26, 2013 at 03:07:30PM +1000, Matt Bryant wrote:
OK so been running some tcpdumps on this issue and the wierd thing is ..
can see the initial sasl bind request followed by ack from ldap ...
then nothing ldap/gssapi related until the unbind request post the
6s timeout period ...
On Fri, Nov 29, 2013 at 12:03:58PM +0100, Martin Kosek wrote:
On 11/29/2013 11:27 AM, Natxo Asenjo wrote:
hi,
just came accross Erinn Looney-Triggs's excellent writeup on using
kerberos voor relaying e-mail
On Fri, Jan 24, 2014 at 04:32:33PM +, Zulkifal Ahmad wrote:
Hi List , I want an update on this bug .
https://bugzilla.samba.org/show_bug.cgi?id=9618
I just re-tested with the python script from the ticket and Samba-4.1.3
and it seems to be fixed.
HTH
bye,
Sumit
Thanks
Best
On Tue, Jan 28, 2014 at 02:29:07PM -0800, Steve Severance wrote:
Hi Everyone,
I have deployed freeipa inside our production network. I want to be able to
access the web ui so I am attempting to add it to our nginx edge machine. I
can pass the requests upstream just fine but I am unable to
On Wed, Feb 05, 2014 at 01:44:13PM -0500, Mark Gardner wrote:
Okay,
Spent some time on this one...
Some users can login SSO no problem, others have to put in their password.
Strange as it seems, if the length of the username was greater than 4, the
SSO worked.
So markg@test.local works,
On Thu, Feb 06, 2014 at 04:31:49PM +0800, barry...@gmail.com wrote:
Hi:
I can make it show on ldap browser or the ui but finding where to add it in
command base.
ipa user-mod ---employeenumber no such parameter.
There is no specific option for employeenumber, but you can set the
On Mon, Feb 10, 2014 at 10:55:33AM -0500, Steve Dainard wrote:
I've setup RHEL 7 beta IPA with a trust to an AD domain.
When I use an AD domain login it takes roughly 9-14 seconds to get to a
shell after entering a password. Is there any way to speed this process up?
I thought supplemental
On Tue, Feb 11, 2014 at 08:29:43PM +0200, Genadi Postrilko wrote:
I work in environment where the AD is the DC of the windows machines ,
while the linux machines (RHEL 5\6) are not centrally managed.
I would like to create an IPA server to manage the linux machines while
creating a trust with
On Wed, Feb 12, 2014 at 11:45:50AM +0100, Petr Spacek wrote:
On 12.2.2014 11:32, Alexander Bokovoy wrote:
On Wed, 12 Feb 2014, Genadi Postrilko wrote:
What about adding alias DNS record of hostname.ipa.zone.corp to all linux
machines, so they will keep the old FQDM.
What would it give to you?
On Mon, Feb 10, 2014 at 02:08:22PM -0500, Steve Dainard wrote:
Sure:
...
(0x0400): Attempting kinit for realm [MIOVISION.CORP]
(Mon Feb 10 10:14:58 2014) [[sssd[krb5_child[9879 [validate_tgt]
(0x0400): TGT verified using key for
[host/snapshot-test.miolinux.c...@miolinux.corp].
(Mon
On Sat, Feb 15, 2014 at 12:14:58AM +0200, Genadi Postrilko wrote:
I have seen threads where opened on trust issues:
AD - Freeipa trust confusion
Cross domain trust
Cannot loging via SSH with AD user TO IPA Domain - which I opened.
It looks like after creation of trust, TGT ticket can be
On Tue, Feb 18, 2014 at 01:11:38AM +0200, Genadi Postrilko wrote:
Thank you for the help!
I have preformed downgrade:
yum downgrade samba4*
[root@ipaserver1 ~]# rpm -qa | grep samb
samba4-python-4.0.0-58.el6.rc4.x86_64
samba4-winbind-4.0.0-58.el6.rc4.x86_64
11:38 GMT+02:00 Sumit Bose sb...@redhat.com:
On Tue, Feb 18, 2014 at 01:11:38AM +0200, Genadi Postrilko wrote:
Thank you for the help!
I have preformed downgrade:
yum downgrade samba4*
[root@ipaserver1 ~]# rpm -qa | grep samb
samba4-python-4.0.0-58.el6.rc4.x86_64
samba4
On Fri, Feb 21, 2014 at 11:17:38PM +0200, Genadi Postrilko wrote:
I would like to clarify myself, i wasn't accurate when i compared it to :
https://bugzilla.redhat.com/show_bug.cgi?id=878564.
...
*But kinit with AD users failed:*
[root@ipaserver1 ~]# kinit gen...@adexample.com
kinit:
On Mon, Feb 24, 2014 at 10:46:19AM -0500, Pavel Brezina wrote:
Hi,
I wasn't able to reproduce with membership setup exactly like this. I
have already seen similar problem once, unfortunately the user stopped
responding before we could reach the root cause. I think it is correct
from the
On Thu, Mar 06, 2014 at 07:39:15AM -0500, Bret Wortman wrote:
Strange behavior now with our passwords (and we still haven't solved
our problem with the ipa command, but at least with script, we
have a workaround):
I noticed yesterday morning that my password, which has the
following policy,
On Mon, Mar 10, 2014 at 05:23:59PM +0100, Jitse Klomp wrote:
On 10-03-14 17:03, Lukas Slebodnik wrote:
On (10/03/14 16:58), Lukas Slebodnik wrote:
On (10/03/14 16:35), Jitse Klomp wrote:
On 10-03-14 16:10, Lukas Slebodnik wrote:
On (10/03/14 15:19), Jitse Klomp wrote:
On 10-03-14 14:59,
On Mon, Mar 10, 2014 at 07:56:07PM +0100, Jitse Klomp wrote:
On 10-03-14 18:57, Sumit Bose wrote:
On Mon, Mar 10, 2014 at 05:23:59PM +0100, Jitse Klomp wrote:
On 10-03-14 17:03, Lukas Slebodnik wrote:
On (10/03/14 16:58), Lukas Slebodnik wrote:
On (10/03/14 16:35), Jitse Klomp wrote:
On 10
On Mon, Mar 31, 2014 at 11:05:18PM +, Todd Maugh wrote:
[root@black-62 sssd]# tail -f sssd_ops.boingo.com.log
(Mon Mar 31 22:58:01 2014) [sssd[be[ops.boingo.com]]]
[be_resolve_server_done] (4): Found address for server
idm-master-els.ops.boingo.com: [172.22.170.46] TTL 7200
(Mon Mar
On Thu, Apr 10, 2014 at 11:55:05AM -0400, rashard.ke...@sita.aero wrote:
I can run commands after changing the permissions on the files, but why is
it generating files that are not world readable?
[rkelly@replicahostname ~]$ ll
total 84
-rw-r--r-- 1 rootroot 2428 Apr 9 22:34
.
SELINUXTYPE=targeted
Thank You,
Rashard Kelly
From: Sumit Bose sb...@redhat.com
To: rashard.ke...@sita.aero
Cc: freeipa-users@redhat.com
Date: 04/10/2014 12:31 PM
Subject:Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos
credentials
On Thu, Apr 10
,
Sumit
Thank You,
Rashard Kelly
From: Alexander Bokovoy aboko...@redhat.com
To: rashard.ke...@sita.aero
Cc: Sumit Bose sb...@redhat.com, freeipa-users@redhat.com
Date: 04/11/2014 09:06 AM
Subject:Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos
for the file and
id
will show yours.
HTH
bye,
Sumit
Thank You,
Rashard Kelly
SITA Senior Linux Specialist
From: Sumit Bose sb...@redhat.com
To: rashard.ke...@sita.aero
Cc: Alexander Bokovoy aboko...@redhat.com, freeipa-users@redhat.com
Date: 04/11/2014 09:54 AM
Subject
On Fri, May 16, 2014 at 04:29:33PM +0530, Supratik Goswami wrote:
Yes DNS is working fine and is able to return the IP address of the AD
server.
[root@master samba]# dig SRV _ldap._tcp.ad.idm.example.com
; DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 SRV _ldap._
tcp.ad.idm.example.com
;;
On Mon, May 19, 2014 at 04:29:24PM +0530, Supratik Goswami wrote:
Hi
Let me start from the beginning once again. Let me explain you what steps I
followed during the setup.
I am setting up the environment in Amazon AWS, both Windows AD server and
Linux IPA configured in EC2.
For
files in a tar/zip archive and send the
archive. If you think the archive is too large for a mailing-list fell
free to send them to me directly.
bye,
Sumit
On Mon, May 19, 2014 at 4:45 PM, Sumit Bose sb...@redhat.com wrote:
On Mon, May 19, 2014 at 04:29:24PM +0530, Supratik Goswami wrote:
Hi
20, 2014 at 12:38 PM, Sumit Bose sb...@redhat.com wrote:
On Mon, May 19, 2014 at 05:40:49PM +0530, Supratik Goswami wrote:
Initially after configuring the setup I rebooted once and I was thinking
that it worked before the reboot but unfortunately it didn't work the
first
time itself
On Tue, May 20, 2014 at 02:00:18PM +0100, Dylan Evans wrote:
Hello,
I need some help with getting Samba and FreeIPA working together.
I’ve been following the guide at
http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration but
that seems quite out of date for IPAv3 and I need
On Wed, May 28, 2014 at 10:47:13AM -0300, tizo wrote:
I would like to know, if having configured trusts services between FreeIPA
and Active Directory, allow AD users to authenticate in services that are
only configured to authenticate against FreeIPA.
For example, having configured the
On Thu, May 29, 2014 at 11:20:37AM -0700, Scott Allen wrote:
Hi,
Having a particularly weird problem. We have moved from AD to freeIPA
recently and while there have been some bumps, most of the CentOS 6.2 boxes
make the transition successfully. Some background.
The Linux boxes were joined
On Fri, May 30, 2014 at 09:23:58PM -0300, tizo wrote:
On Fri, May 30, 2014 at 6:40 PM, Dmitri Pal d...@redhat.com wrote:
On 05/30/2014 05:00 PM, tizo wrote:
From: Alexander Bokovoy abokovoy redhat com
To: Sumit Bose sbose redhat com
Cc: freeipa-users redhat com
On Wed, Jun 04, 2014 at 12:24:11PM +, Johan Petersson wrote:
Mail got posted before I was finished sorry.
I found one clue to the issue after increasing autofs logging to debug and as
i thought it has to do with id-mapping.
From /var/log/messages:
Nfsidmap[1696]: nss_getpwnam: name
, Sumit Bose wrote:
On Tue, May 20, 2014 at 02:00:18PM +0100, Dylan Evans wrote:
Hello,
I need some help with getting Samba and FreeIPA working together.
I’ve been following the guide at
http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration but
that seems quite out
:
Hi,
I didn't migrate the passwords. All users started with a new default on
IPA.
The new user foo doesn't exist on the AD system but can login successfully
using IPA credentials on a migrated system.
On Fri, May 30, 2014 at 12:35 AM, Sumit Bose sb...@redhat.com wrote:
On Thu
On Sat, Jun 07, 2014 at 09:21:29PM +, Nordgren, Bryce L -FS wrote:
Dimitri, thanks for the reply! Pls forgive my lateness.
I fear I am not currently up to fighting with MS Outlook to convince it to
let me respond inline. It wants to block quote your entire message and if I
type in the
On Mon, Jun 16, 2014 at 12:28:09AM -0400, Dmitri Pal wrote:
On 06/16/2014 12:20 AM, barry...@gmail.com wrote:
dear all:
Is it possible to quiry freeipa 's account password and displan in plain
txt ?
or convert krbExtraData to plaintxt. rather than reset it.
Regards
barry
On Wed, Jun 25, 2014 at 08:36:49AM -0400, Mark Gardner wrote:
Since this information isn't in the Web Interface.
How do I find query the ipa ldap server to proof that IPA is talking to
our AD server in order to get identity and authorization information.
Yes we know we've established a
On Fri, Jun 27, 2014 at 02:23:47PM -0400, Mark Gardner wrote:
Was trying to add an external ad group to IPA, it kept failing with unable
to connect to server.
Figured I'd reboot to clear things up. Oops.
Now wbinfo --online-status shows are AD as offline.
wbinfo -u shows blank
wbinfo
On Sun, Sep 07, 2014 at 11:41:16PM +0200, Gregor Bregenzer wrote:
Hi!
I have an AD trust with FreeIPA 4.0.1 and defined a HBAC rule for a
specific user group (=ad_users which is an posix group that has an
external group as member) to login on a specific client
(=linux1.linux.intern).
The
I used the following command to create the AD trust:
ipa trust-add --type=ad aaa.intern --admin Administrator
--password --range-type ipa-ad-trust-posix
Do you need any other debug information?
Thanks!
Gregor
2014-09-08 9:17 GMT+02:00 Sumit Bose sb...@redhat.com
On Tue, Sep 16, 2014 at 01:39:41AM +0300, Genadi Postrilko wrote:
Hello all !
I have deployed test environment for AD trust feature, the environment
contains :
Windows Server 2008 - AD Server.
RHEL 7 - IPA 3.3 Server.
RHEL 6.2 - IPA Client.
I have established the trust as IPA in the
On Wed, Oct 08, 2014 at 02:42:47AM +0200, Genadi Postrilko wrote:
Hello.
I am attempting to create trust between AD and IPA.
I have deployed AD environment as follows:
I have created domain RED.COM
Then i add new domain tree root - BLUE.COM.
Now i would like to establish trust with
On Tue, Oct 07, 2014 at 08:01:48PM -0400, Dmitri Pal wrote:
On 10/07/2014 05:03 PM, Licause, Al (CSC AMS BCS - UNIX/Linux Network
Support) wrote:
I've been following the steps outlined in section 7.3.5 of the manual
entitled
Integrating OpenShift Enterprise
with Identity Management
On Wed, Oct 15, 2014 at 04:31:55PM +0200, crony wrote:
Alex,
thank you. Now it works, but not completely:
1.
[leszek@ipa1 ~]$ ssh ipatst03.linux.acme.example.com -l
us...@acme.example.com
Password:
Last login: Wed Oct 15 16:11:27 2014
-sh-4.1$ id
On Tue, Oct 21, 2014 at 07:49:11AM -0430, Loris Santamaria wrote:
El lun, 20-10-2014 a las 21:19 -0400, Dmitri Pal escribió:
On 10/20/2014 09:15 AM, Loris Santamaria wrote:
[...]
Trying to join the server to the domain (net rpc join -U domainadmin -S
ipaserver) fails, and it
On Thu, Nov 06, 2014 at 10:28:34PM -0500, Dmitri Pal wrote:
On 11/06/2014 08:20 PM, Thomas Lau wrote:
?Hi,
Is it possible to renew ticket once in a while for cronjob to run on
certain users? How do you guys run cronjob on Kerberos user without
getting ticket expire?
Sent from my
On Wed, Nov 19, 2014 at 09:55:51PM -0500, Richard Betel wrote:
I suddenly started getting errors when I try to use ipa-getkeytab:
[root@ipa1 kerberize]# ipa-getkeytab -s jn01 -p hdfs/jn01 -k
jn01.hdfs.keytab
SASL Bind failed Can't contact LDAP server (-1) !
Please try to use the fully
On Thu, Nov 20, 2014 at 07:42:30PM -0500, Dmitri Pal wrote:
On 11/20/2014 07:38 PM, William Muriithi wrote:
?Hi guys,
I am wondering how one would go about allowing both ad users and FreeIPA
user to work in harmony.
I recently was able to get FreeIPA to use trust to service unix systems.
On Wed, Nov 26, 2014 at 06:04:21PM +0100, Petr Spacek wrote:
Hello,
Simo, do you have an idea what may be causing the problem?
Maybe there is a version mismatch between the keys on the server and on
the client?
On the IPA server you can check with
#kadmin.local
getprinc
1 - 100 of 373 matches
Mail list logo
