Hi team,
We have plan to integrate windows ad and openshift origin with freeipa. We
have doubt about that DNS working between those. And also needs
configuration details of replication between those. If guys you provide any
kind of information for above, I am really would like to go for with
The /var/log/sssd/ldap_child.log have one line repeated:
[[sssd[ldap_child[9738 [ldap_child_get_tgt_sync] (0x0010): Failed to
init credentials: Cannot contact any KDC for realm UNIX.CO.ORG.AU
All other log files are 0 size.
cheers
L.
--
The most dangerous phrase in the language is,
On 01/22/2016 11:04 AM, Nathan Peters wrote:
Wow, strange stuff, the search I linked in the last email for our non working
dev environment seems short some entries.
For comparison, here is the same search run against our currently working prod
environment.
As you can see, our prod
On 01/22/2016 04:48 AM, Nathan Peters wrote:
Here are the results for that aci search using a non gssapi bind by directory
manager on the old master that we are attempting to join agains. I don't see
anything in this list that would indicate that some users should or should not
have access
- Original Message -
> Hi all,
>
> I configured an IPA client using de FreeIPA 4.2 KDC Proxy something like
> this:
>
> ~
> dns_lookup_realm = false
> dns_lookup_kdc = false
> ~
> [realms]
> LINUX.EXAMPLE.COM = {
> pkinit_anchors = FILE:/etc/ipa/ca.crt
> http_anchors =
On 2016-01-22 11:57, Alexander Bokovoy wrote:
> - Original Message -
>> Hi all,
>>
>> I configured an IPA client using de FreeIPA 4.2 KDC Proxy something like
>> this:
>>
>> ~
>> dns_lookup_realm = false
>> dns_lookup_kdc = false
>> ~
>> [realms]
>> LINUX.EXAMPLE.COM = {
>> pkinit_anchors
Hi.
I have a been successful using Freeipa 4.1 configuring active directory users
and with sudo. The problem I am having is that the HBAC rules are not applying
to my active directory users. They have access to all systems even if I
disable my Allow_ALL rule. Is there something special I
On 01/21/2016 05:54 PM, Terry John wrote:
I've been trying to tidy the security on my FreeIPA and this is
causing me some problems. I'm using OpenVAS vulnerability scanner and
it is coming up with this issue
EXPORT_RSA cipher suites supported by the remote server:
TLSv1.0:
On 2016-01-21 17:54, Terry John wrote:
> Thanks for the info. I have tried nearly all the NSSCipherSuite settings in
> that ticket but none so far has eliminated the FREAK report.
> Christian thanks for the heads up on the syntax, I wasn't sure of what I was
> doing
>
> Each time I've made a
Hi all,
I configured an IPA client using de FreeIPA 4.2 KDC Proxy
something like this:
~
dns_lookup_realm = false
dns_lookup_kdc = false
~
[realms]
LINUX.EXAMPLE.COM = {
pkinit_anchors = FILE:/etc/ipa/ca.crt
On 2016-01-22 11:25, Winfried de Heiden wrote:
> Now, is it possible to use the IPA-server as a proxy for the trusted
> Windows Domain? How...?
I haven't tried yet it but it should be possible. MS-KKDCP requests are
prefixed with the requested realm name. You have to configure the
mapping from
On Fri, 22 Jan 2016, John Obaterspok wrote:
Hello,
I'm running F23 and now IPA fails to start due to crash in smb:
-- Unit smb.service has begun starting up.
jan 22 08:38:52 ipa.win.lan audit[7037]: ANOM_ABEND auid=4294967295 uid=0
gid=0 ses=4294967295 subj=system_u:system_r:smbd_t:s0
On Fri, Jan 22, 2016 at 09:27:40AM +, Birnbaum, Warren (ETW) wrote:
> Hi.
>
> I have a been successful using Freeipa 4.1 configuring active directory users
> and with sudo. The problem I am having is that the HBAC rules are not
> applying to my active directory users. They have access to
[root@dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b
"cn=config" "(aci=*)" aci
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
Thanks for you reply. I understand what you are saying but don¹t see how
this would work because Allow_All is my current situation (even with this
rule disabled). My understand is you can¹t restrict through a rule, only
limit. I am missing something?
On 1/22/16, 1:51 PM,
On Fri, 22 Jan 2016, Birnbaum, Warren (ETW) wrote:
Thanks for you reply. I understand what you are saying but don¹t see how
this would work because Allow_All is my current situation (even with this
rule disabled). My understand is you can¹t restrict through a rule, only
limit. I am missing
On Fri, 22 Jan 2016, Christian Heimes wrote:
On 2016-01-22 11:57, Alexander Bokovoy wrote:
- Original Message -
Hi all,
I configured an IPA client using de FreeIPA 4.2 KDC Proxy something like
this:
~
dns_lookup_realm = false
dns_lookup_kdc = false
~
[realms]
LINUX.EXAMPLE.COM = {
On 01/21/2016 08:48 PM, Nathan Peters wrote:
Here are the results for that aci search using a non gssapi bind by directory
manager on the old master that we are attempting to join agains. I don't see
anything in this list that would indicate that some users should or should not
have access
No, I've not updated to 1.13.0-41 - I do the "yum upgrades" relatively
frequently, I don't think it's in the repos yet.
cheers
L.
--
The most dangerous phrase in the language is, "We've always done it this
way."
- Grace Hopper
On 20 January 2016 at 19:42, Jakub Hrozek
On Fri, 22 Jan 2016, Alexander Bokovoy wrote:
On Fri, 22 Jan 2016, John Obaterspok wrote:
Hello,
I'm running F23 and now IPA fails to start due to crash in smb:
-- Unit smb.service has begun starting up.
jan 22 08:38:52 ipa.win.lan audit[7037]: ANOM_ABEND auid=4294967295 uid=0
gid=0
On 01/22/2016 10:15 AM, Nathan Peters wrote:
[root@dc2-ipa-dev-nvan ~]# ldapsearch -D "cn=directory manager" -W -b "cn=config"
"(aci=*)" aci
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
On Sat, 23 Jan 2016, William Brown wrote:
Hi,
I'm wondering about what the freeipa support policy is on adding an
extra OU to the root of my domain, as well as my own acis. Will FreeIPA
ignore this? Or will it potentially cause future issues?
IE adding ou=contacts,dc=ipa,dc=example,dc=com
Hi,
I'm wondering about what the freeipa support policy is on adding an
extra OU to the root of my domain, as well as my own acis. Will FreeIPA
ignore this? Or will it potentially cause future issues?
IE adding ou=contacts,dc=ipa,dc=example,dc=com
--
Sincerely,
William Brown
Software
23 matches
Mail list logo