[Freeipa-users] IPA Trust AD and Illegal cross-realm ticket

2014-10-15 Thread crony
Hi, I've been following the AD integration guide for IPAv3: http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup My setup is: • 5 domain controllers with Windows 2008 R2 AD DC - example.com as Forest Root Domain and acme.example.com as transitive child domain • RHEL7 as IPA server with domain:

Re: [Freeipa-users] IPA Trust AD and Illegal cross-realm ticket

2014-10-15 Thread crony
Bokovoy aboko...@redhat.com: On Wed, 15 Oct 2014, crony wrote: Hi, I've been following the AD integration guide for IPAv3: http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup My setup is: • 5 domain controllers with Windows 2008 R2 AD DC - example.com as Forest Root Domain

[Freeipa-users] FreeIPA 3.3.3 and sssd segfault

2014-10-23 Thread crony
Hi, I have a FreeIPA 3.3.3 in transitive trust with AD2008. Today I saw a lot of sssd segfaults on the server side: [ 420.412011] sssd_be[734]: segfault at 8 ip 7fa54fa73334 sp 7fff62b2ec40 error 4 in libldb.so.1.1.16[7fa54fa66000+2c000] [ 421.763035] sssd_be[2666]: segfault at 8 ip

[Freeipa-users] IPA 3.3.3 in transitive trust and random group assignment

2014-10-23 Thread crony
Hi List, On IPA server I added one external group for AD group. When I log in to IPA client I can see that group: 97687(trustlinuxgroup_from_ad2posix) but also I see few different groups came directly from Active Directory like 127310615(trustlinuxgr...@acme.example.com) or

Re: [Freeipa-users] FreeIPA 3.3.3 and sssd segfault

2014-10-23 Thread crony
Already sent directly to your email. /lm 2014-10-23 13:45 GMT+02:00 Lukas Slebodnik lsleb...@redhat.com: On (23/10/14 12:23), crony wrote: Hi, I have a FreeIPA 3.3.3 in transitive trust with AD2008. Today I saw a lot of sssd segfaults on the server side: [ 420.412011] sssd_be[734

[Freeipa-users] IPA+AD (transitive trust) - s2n exop request failed

2014-10-23 Thread crony
Hi All, I've found another problem with my setup: What could be the reason of such errors on FreeIPA client side: /var/log/sssd/sssd_linux.acme.example.com.log:(Thu Oct 23 09:49:23 2014) [sssd[be[linux.acme.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.

Re: [Freeipa-users] IPA+AD (transitive trust) - s2n exop request failed

2014-10-23 Thread crony
Probable yes. 2014-10-23 15:59 GMT+02:00 Sumit Bose sb...@redhat.com: On Thu, Oct 23, 2014 at 03:47:31PM +0200, crony wrote: Hi All, I've found another problem with my setup: What could be the reason of such errors on FreeIPA client side: /var/log/sssd

Re: [Freeipa-users] FreeIPA 3.3.3 and sssd segfault

2014-10-23 Thread crony
yes, sure, it would be great to see if it works in upstream version. thank you 2014-10-23 16:10 GMT+02:00 Lukas Slebodnik lsleb...@redhat.com: On (23/10/14 14:44), crony wrote: Already sent directly to your email. Thank you for coredump. It is a known bug (https://fedorahosted.org/sssd

Re: [Freeipa-users] FreeIPA 3.3.3 and sssd segfault

2014-10-23 Thread crony
...@redhat.com: On (23/10/14 16:31), crony wrote: yes, sure, it would be great to see if it works in upstream version. thank you Here you are https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-11/ LS -- Pozdrawiam Leszek Miś www: http://cronylab.pl www: http://emerge.pl Nothing

Re: [Freeipa-users] FreeIPA 3.3.3 and sssd segfault

2014-10-23 Thread crony
Oh, sorry Lukas, now its my mistake + tiredness.. I was testing on the wrong machine.Thank you. /lm 2014-10-23 18:30 GMT+02:00 Lukas Slebodnik lsleb...@redhat.com: On (23/10/14 18:12), crony wrote: Thank you! I prepared repo for epel6, epel7 and fedora 19 Error: Package: sssd-client

[Freeipa-users] IPA with Cross Realm Trust + AIX/Solaris/HPUX

2014-12-12 Thread crony
Hi List! Our setup is: • 2 domain controllers with Windows 2008 R2 AD DC • 2x RHEL7 as IPA server with domain: linux.acme.example.com • example.com as Forest Root Domain and acme.example.com as transitive child domain We have established a cross realm trust between linux.acme.example.com and

[Freeipa-users] AD Cross Realm Trust + AIX

2015-02-12 Thread crony
Hi All, can I ask you for some advice? My setup is: - updated RHEL7 as IPA server (UX.EXAMPLE.COM) in trust with Active Directory 2008R2 domain (EXAMPLE.COM) - AIX 7 as IPA client I'm using compat tree for connecting AIX as client. A lot of things work correctly: # /usr/krb5/bin/kinit leszek

[Freeipa-users] Adding external CA

2015-03-12 Thread crony
Hi FreeIPA Users, I have a fresh new FreeIPA 4.1 on RHEL7.1 with self-sign CA and I would like to change the self-sign CA to the external CA Do you have any step by step document for do it correctly on 4.1 version? /lm -- Manage your subscription for the Freeipa-users mailing list:

Re: [Freeipa-users] Adding external CA

2015-03-12 Thread crony
Thank you David, I'll check it out. 2015-03-12 12:36 GMT+01:00 David Kupka dku...@redhat.com: On 03/12/2015 10:37 AM, crony wrote: Hi FreeIPA Users, I have a fresh new FreeIPA 4.1 on RHEL7.1 with self-sign CA and I would like to change the self-sign CA to the external CA Do you have any

[Freeipa-users] SSH GSSAPI + FreeIPA with Windows 2008 Trust

2015-05-25 Thread crony
Hi All, we have setup FreeIPA 4.1 (Centos 7) Trust with Windows 2008R2. All (HBAC, SUDO) works pretty well except SSH SSO using GSSAPI from Windows AD clients (ex. putty) to Linux client machines (Centos 6). Password authentication works, just gssapi fails. Actually, there is one scenario where

[Freeipa-users] Web interface session timeout

2015-05-25 Thread crony
Hi All, Is there any way we can change web interface session timeout? I am using form based auth. /lm -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project