-users] Cross Domain Trust
On Mon, Jan 18, 2016 at 06:02:43PM +0100, Lukas Slebodnik wrote:
> On (12/01/16 11:11), Lukas Slebodnik wrote:
> >On (12/01/16 08:25), Zoske, Fabian wrote:
> >>We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far
> >>no diffe
: freeipa-users@redhat.com
Betreff: Re: [Freeipa-users] Cross Domain Trust
On (12/01/16 11:11), Lukas Slebodnik wrote:
>On (12/01/16 08:25), Zoske, Fabian wrote:
>>We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far no
>>differences.
>>
>Then please provi
On Mon, Jan 18, 2016 at 06:02:43PM +0100, Lukas Slebodnik wrote:
> On (12/01/16 11:11), Lukas Slebodnik wrote:
> >On (12/01/16 08:25), Zoske, Fabian wrote:
> >>We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far
> >>no differences.
> >>
> >Then please provide sssd logfiles (1
On (12/01/16 11:11), Lukas Slebodnik wrote:
>On (12/01/16 08:25), Zoske, Fabian wrote:
>>We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far no
>>differences.
>>
>Then please provide sssd logfiles (1.13.3) from client
>and also log files from sssd on freeipa server (sssd on f
On (12/01/16 08:25), Zoske, Fabian wrote:
>We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far no
>differences.
>
Then please provide sssd logfiles (1.13.3) from client
and also log files from sssd on freeipa server (sssd on freeipa
server is used indirectly by extop plugin i
We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far no
differences.
Best regards,
Fabian
> On 11 Jan 2016, at 19:37, Lukas Slebodnik wrote:
>
> On (11/01/16 14:56), Zoske, Fabian wrote:
>> I looked deeper into the problem and tested it with ubuntu 16.04 Alpha which
>> in
On (11/01/16 14:56), Zoske, Fabian wrote:
>I looked deeper into the problem and tested it with ubuntu 16.04 Alpha which
>includes SSSD 1-13-3.
>Now I have the same problem on Ubuntu.
>On Ubuntu 14.04 I have installed the shipped SSSD-1.11.5 and everything works.
>
It might be issue on ipa server.
[mailto:sb...@redhat.com]
Gesendet: Dienstag, 15. Dezember 2015 13:38
An: Zoske, Fabian
Cc: freeipa-users@redhat.com
Betreff: Re: [Freeipa-users] Cross Domain Trust
On Tue, Dec 15, 2015 at 10:58:09AM +, Zoske, Fabian wrote:
> I’ve setup an IPA-Server with a handful of clients and AD-Trust.
&g
In the Ubuntu krb5.conf are 2 lines more:
udp_preference_limit = 0
default_ccache_name = KEYRING:persistent:%{uid}
The nameservers on both system types are identical and pointing to our
AD-Domain Controller.
On the AD-Servers the ipa-domain.com is a conditional forwarder to the
IPA-Server.
I ch
On Tue, Dec 15, 2015 at 10:58:09AM +, Zoske, Fabian wrote:
> I’ve setup an IPA-Server with a handful of clients and AD-Trust.
> The server is a CentOS7.1 with IPA4.1 and the clients are mostly Ubuntu
> Server 14.04 LTS.
> Our IPA-Domain is like ipa-domain.com and our AD-Domain is like
> ad-do
On Thu, 06 Feb 2014, Steve Dainard wrote:
On Thu, Feb 6, 2014 at 12:42 PM, Alexander Bokovoy wrote:
On Thu, 06 Feb 2014, Steve Dainard wrote:
In newer versions (FreeIPA 3.3+, SSSD 1.11+) this is done on IPA master
automatically by setting ipa_master_mode = True
On RHEL 6.x on
On Thu, Feb 6, 2014 at 12:42 PM, Alexander Bokovoy wrote:
> On Thu, 06 Feb 2014, Steve Dainard wrote:
>
>>In newer versions (FreeIPA 3.3+, SSSD 1.11+) this is done on IPA master
>>>automatically by setting ipa_master_mode = True
>>>
>>>On RHEL 6.x one needs to add the parameters
On Thu, 06 Feb 2014, Steve Dainard wrote:
In newer versions (FreeIPA 3.3+, SSSD 1.11+) this is done on IPA master
automatically by setting ipa_master_mode = True
On RHEL 6.x one needs to add the parameters manually.
2. /etc/krb5.conf has to contain auth_to_local rules that map AD
On Thu, Feb 6, 2014 at 11:14 AM, Alexander Bokovoy wrote:
> On Thu, 06 Feb 2014, Steve Dainard wrote:
>
>> So I've completed the setup, and can see the trust on the Windows side.
>>
>> I've joined a client to the IPA realm, and can login with a IPA user. When
>> I try to login (console, ssh, su -)
On Thu, 06 Feb 2014, Steve Dainard wrote:
So I've completed the setup, and can see the trust on the Windows side.
I've joined a client to the IPA realm, and can login with a IPA user. When
I try to login (console, ssh, su -) as a domain user I get:
CLIENT SIDE
[root@rhel6-clien
So I've completed the setup, and can see the trust on the Windows side.
I've joined a client to the IPA realm, and can login with a IPA user. When
I try to login (console, ssh, su -) as a domain user I get:
CLIENT SIDE
[root@rhel6-client ~]# su - sdainard@miovision
su: user sdain
I didn't have the firewall on my IPA server down while forming the trust.
All seems to be working now.
Thanks for your help.
Steve
>
>
> --
> / Alexander Bokovoy
>
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/
On Wed, 05 Feb 2014, Alexander Bokovoy wrote:
On Wed, 05 Feb 2014, Steve Dainard wrote:
After the initial setup of a trust I'm attempting to get kerberos tickets
against the AD domain.
Step 12 in this document:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/I
On Wed, 05 Feb 2014, Steve Dainard wrote:
After the initial setup of a trust I'm attempting to get kerberos tickets
against the AD domain.
Step 12 in this document:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains
On Tue, 2012-08-07 at 16:36 +0100, Johnathan Phan wrote:
> Hi Simo,
>
> This document here implies that this does it.
>
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/Setting_Up_Cross_Realm_Authentication.html#basic-trust
This document do not apply to Id
On Tue, 2012-08-07 at 14:54 +0100, Johnathan Phan wrote:
> Hi everyone,
>
> Is it possible to create a cross domain trust between two IPA servers?
> I would have thought FreeIPA would have dealt with this use case first
> rather than jump directly into integrating with AD.
Not yet, the reason we
21 matches
Mail list logo
