Re: [Freeipa-users] AD Trust Issues
Rough FreeIPA 4.2.1 equivalent should be in RHEL-7.2 - Beta is already out: https://www.redhat.com/en/about/blog/red-hat-enterprise-linux-72-beta-now-available On 09/14/2015 04:13 PM, Matt Wells wrote: > Is the fix in CentOS or RHEL yet? > > On Fri, Sep 11, 2015 at 1:34 PM, Alexander Bokovoy > wrote: > >> On Fri, 11 Sep 2015, Matt Wells wrote: >> >>> I've been working on an AD trust with our freeipa servers but have run >>> into >>> some of the same issues others have had. >>> It's well documented here however I feel I've mitigated these - >>> https://bugzilla.redhat.com/show_bug.cgi?id=1219832 >>> >>> Freeipa Servers are Fedora 22 / freeipa-server-4.2.0 >>> The Samba version i'm on is well past the patched version. It seems the >>> patch is in samba-4.2.1-7.fc22 and I'm on samba-4.2.3-0 (assuming the >>> patch >>> is in this version). >>> >>> I run >>> # echo Password123 | ipa trust-add --type=ad ad.example.com >>> --trust-secret >>> ipa: ERROR: CIFS server configuration does not allow access to >>> \\pipe\lsarpc >>> >> This was looking like a partial fix. The full fix is in Fedora 23 with >> FreeIPA 4.2.1 release (we didn't yet officially announced it). >> >> We were all busy at FreeIPA/SSSD gathering in Brno this week so there >> wasn't really time to do Fedora 22 backport of the fixes yet. >> >> -- >> / Alexander Bokovoy >> > > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] AD Trust Issues
Is the fix in CentOS or RHEL yet? On Fri, Sep 11, 2015 at 1:34 PM, Alexander Bokovoy wrote: > On Fri, 11 Sep 2015, Matt Wells wrote: > >> I've been working on an AD trust with our freeipa servers but have run >> into >> some of the same issues others have had. >> It's well documented here however I feel I've mitigated these - >> https://bugzilla.redhat.com/show_bug.cgi?id=1219832 >> >> Freeipa Servers are Fedora 22 / freeipa-server-4.2.0 >> The Samba version i'm on is well past the patched version. It seems the >> patch is in samba-4.2.1-7.fc22 and I'm on samba-4.2.3-0 (assuming the >> patch >> is in this version). >> >> I run >> # echo Password123 | ipa trust-add --type=ad ad.example.com >> --trust-secret >> ipa: ERROR: CIFS server configuration does not allow access to >> \\pipe\lsarpc >> > This was looking like a partial fix. The full fix is in Fedora 23 with > FreeIPA 4.2.1 release (we didn't yet officially announced it). > > We were all busy at FreeIPA/SSSD gathering in Brno this week so there > wasn't really time to do Fedora 22 backport of the fixes yet. > > -- > / Alexander Bokovoy > -- Matt Wells Chief Systems Architect RHCA, RHCVA - #110-000-353 (702) 808-0424 matt.we...@mosaic451.com Las Vegas | Phoenix | Portland Mosaic451.com CONFIDENTIALITY NOTICE: This transmittal is a confidential communication or may otherwise be privileged. If you are not intended recipient, you are hereby notified that you have received this transmittal in error and that any review, dissemination, distribution or copying of this transmittal is strictly prohibited. If you have received this communication in error, please notify this office, and immediately delete this message and all its attachments, if any. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] AD Trust Issues
On Fri, 11 Sep 2015, Matt Wells wrote: I've been working on an AD trust with our freeipa servers but have run into some of the same issues others have had. It's well documented here however I feel I've mitigated these - https://bugzilla.redhat.com/show_bug.cgi?id=1219832 Freeipa Servers are Fedora 22 / freeipa-server-4.2.0 The Samba version i'm on is well past the patched version. It seems the patch is in samba-4.2.1-7.fc22 and I'm on samba-4.2.3-0 (assuming the patch is in this version). I run # echo Password123 | ipa trust-add --type=ad ad.example.com --trust-secret ipa: ERROR: CIFS server configuration does not allow access to \\pipe\lsarpc This was looking like a partial fix. The full fix is in Fedora 23 with FreeIPA 4.2.1 release (we didn't yet officially announced it). We were all busy at FreeIPA/SSSD gathering in Brno this week so there wasn't really time to do Fedora 22 backport of the fixes yet. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project