Re: [Freeipa-users] Please Provide the IPA Client Configuration Doc for Ubuntu 12.04, 14.04

Hi, first case: As per your direction, things are going well even if we are facing some issues as well. even like once logged in to ipa-client machine with ipa user with certain privilege after that while using terminal " TAB" and " Arrow " keys have not working. due to the same we can not use

Re: [Freeipa-users] Unable to ssh after establishing trust

From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of pgb205 Sent: Wednesday, 20 July 2016 5:28 AM To: Sumit Bose Cc: Freeipa-users Subject: Re: [Freeipa-users] Unable to ssh after establishing trust well...I'm not sure what I changed, if anything, but I

Re: [Freeipa-users] HBAC and AD users

On 19 July 2016 at 16:40, Jakub Hrozek wrote: > On Tue, Jul 19, 2016 at 11:26:02AM +1000, Lachlan Musicman wrote: > > I think the thing that frustrates the most is that id u...@domain.com is > > returning correct data on both but they can't loginand I can't even > > show

Re: [Freeipa-users] IPA certificates expired, please help!

Great! That worked, and I was successfully renewed the certificates on the IPA server and I was trying to create a IPA replica server and got an error, [root@neit-lab ~]# ipa-replica-install --setup-ca --setup-dns --no-forwarders --skip-conncheck /var/lib/ipa/replica-info-neit-lab.teloip.net.gpg

Re: [Freeipa-users] ipa trust-fetch-domains failing.

Alexander,  regarding your comment about putting stanza on each client.In our case clients are not on the same network as the Active Directory domain controller.My plan was to have the Freeipa server as the bridge-head server  AD DC <-> FIPA server  <-> Linux clients as it sits on the network

Re: [Freeipa-users] FreeIPA SSL certificates installed to multiple hosts

Jeremy Utley wrote: Hello all! We're looking at replacing a lot of our currently self-signed internal SSL certificates in our infrastructure with certificates generated by the FreeIPA CA. However, I've run into something that I haven't been able to find documented as of yet, and I'm hoping

[Freeipa-users] FreeIPA SSL certificates installed to multiple hosts

Hello all! We're looking at replacing a lot of our currently self-signed internal SSL certificates in our infrastructure with certificates generated by the FreeIPA CA. However, I've run into something that I haven't been able to find documented as of yet, and I'm hoping some of you can point me

Re: [Freeipa-users] Unable to ssh after establishing trust

well...I'm not sure what I changed, if anything, but I am able to login with my AD credentials. I have restarted ipa server and cleared sss_cache, so maybe that helped. A few other things still remain though: right now im logging in as jsmith@ADDOMAIN.LOCALI would want it to be either

Re: [Freeipa-users] AD trust with POSIX attributes

Hello, When adding the AD trust using 'ipa-ad-trust-posix' range type then IPA will search AD for the ID space of existing POSIX attributes to automatically create a suitable ID range inside IPA. You can check the exact steps and attributes searched by looking at the add_range function

Re: [Freeipa-users] Unable to ssh after establishing trust

Sorry, I typed things out instead of copy/paste my etc hosts looks like: search  ad.local127.0.0.1       localhost # The following lines are desirable for IPv6 capable hosts::1     localhost ip6-localhost ip6-loopbackff02::1 ip6-allnodesff02::2 ip6-allrouters 10.10.10.1        

[Freeipa-users] Struggling to remove redundant RUV records

Hi, We had to replace a failed replica "ipa003.mgmt.prod.local". Unfortunately, deleting the old copy prior to creating the replacement doesn't seem to have worked and we're getting lots of errors like :- attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa003.mgmt.prod.local:389 ...

Re: [Freeipa-users] IPA certificates expired, please help!

Linov Suresh wrote: I have followed Redhat official documentation, https://access.redhat.com/solutions/643753 for certificate renewal, which says *add: usercertificate. (step 12)* * * While on the other hand FreeIPA official documentaion http://www.freeipa.org/page/IPA_2x_Certificate_Renewal ,

Re: [Freeipa-users] User Permissions Related Doubts

Zeal Vora wrote: Hi! I was planning to have a user who will have access to the below set of permissions :- 1. kinit 2. ipa host-add 3. ipa-host-add-managedby 4. ipa-getkeytab I was wondering on what would be the minimum required permission for this user? I was planning to use specific user

Re: [Freeipa-users] IPA certificates expired, please help!

I have followed Redhat official documentation, https://access.redhat.com/solutions/643753 for certificate renewal, which says *add: usercertificate. (step 12)* While on the other hand FreeIPA official documentaion http://www.freeipa.org/page/IPA_2x_Certificate_Renewal , say to *add:

Re: [Freeipa-users] AD trust with POSIX attributes

Hi, I am still fighting with storing user's POSIX attributes in AD. Please can anybody provide some simple reference settings of IPA-AD trust where users are able to get uid from AD - not from IPA ID pool ? I have tried to set values of attributes before and after creating trust, I have

Re: [Freeipa-users] IPA certificates expired, please help!

We have cloned and created another virtual server from the template. Surprisingly this server certificates were also expired at the same time as the previous, just lasted for a day. This issue has something to do with the kerberos tickets? I new to IPA and your help is highly appreciated. On

Re: [Freeipa-users] OS migration from Fedora to CentOS?

I was in the exact same situation. Had to upgraded from FC21 (4.1.4) to CentOS 7.2 (4.2.0). Upgrade went thru fine thanks to this thread :-) For migrating the DNA ranges, I used this link https://blog-rcritten.rhcloud.com/?p=50 Is this fine? Thanks. On 10 February 2016 at 15:02, Martin Kosek

[Freeipa-users] User Permissions Related Doubts

Hi! I was planning to have a user who will have access to the below set of permissions :- 1. kinit 2. ipa host-add 3. ipa-host-add-managedby 4. ipa-getkeytab I was wondering on what would be the minimum required permission for this user? I was planning to use specific user other then the

Re: [Freeipa-users] non-authoritative tricks for DNS resolution

On 18.7.2016 23:06, Brendan Kearney wrote: > On 07/18/2016 06:12 AM, Petr Spacek wrote: >> On 18.7.2016 03:25, Sullivan, Daniel [AAA] wrote: >>> Would a DNS view (bind) work? >>> >>> http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch10_06.htm >>> >>> Also, depending on what you are using for

Re: [Freeipa-users] Unable to ssh after establishing trust

On Mon, Jul 18, 2016 at 09:21:07PM +, pgb205 wrote: > Sumit, > > I have set the names of all the Domain Controllers to be resolvable to the IP > of the one reachable Domain Controller in /etc/hosts > > /etc/hosts: > Reachable_IP_BOX 172.10.10.1 > DC1172.10.10.1

Re: [Freeipa-users] HBAC and AD users

On Tue, Jul 19, 2016 at 11:26:02AM +1000, Lachlan Musicman wrote: > I think the thing that frustrates the most is that id u...@domain.com is > returning correct data on both but they can't loginand I can't even > show that this is the case because now they can login. Difficult to > reproduce