[Freeipa-users] login problem after set trust
Hi all, I'm testing trust Freeipa-AD follow the how to http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup After set ipa trust-add users from AD domain can logon on ipa domain using ssh (ssh -l user@AD.DOMAIN linux.ipa), but FreeIPA users can't logon on Windows machine (winserver 2008) (using IPA.DOMAIN\user or user@IPA.DOMAIN as username): “The name or security ID (SID) of the domain specified is inconsistent with the trust information for that domain” Sometimes another error appears: “There are no logon servers available to service the logon request” Both errors seems to be from samba4, but I don't find a solution yet. Some users reported that after update samba this problem was solved, but my samba is updated. Someone has gone through this error or can help me? Att, andre rodrigues ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] testing AD trust on Fedora 18
Hi all, I'm testing AD trust following this how to: http://www.freeipa.org/page/IPAv3_testing_AD_trust but when I set ipa dnszone-add I get this: [root@m ~] ipa dnszone-add AD.DOMAIN --name-server=AD.NAME --admin-email=MY.EMAIL --force --forwarder=AD.IP –forward-policy=only ipa: ERROR: unable to parse cookie header 'ipa_session=f963e8e4006fdcd79e1a2a5a989b4d01; Domain=IPA.DOMAIN; Path=/ipa; Expires=Thu, 18 Dec 2012 13:54:33 GMT; Secure; HttpOnly': unable to parse expires datetime 'Thu, 18 Dec 2012 13:54:33' and when I set ipa trust-add I get the following error: [root@m ~] ipa trust-add --type=ad AD.DOMAIN --admin Adminstrator --password Active directory domain administrator's password: ipa: ERROR: unable to parse cookie header 'ipa_session=7d6aeb2c92ff3197a9d3c04421f6ba15; Domain=IPA.DOMAIN; Path=/ipa; Expires=Tue, 18 Dec 2012 18:32:05 GMT; Secure; HttpOnly': unable to parse expires datetime 'Tue, 18 Dec 2012 18:32:05' ipa: ERROR: Cannot perform join operation without Samba 4 support installed. Make sure you have installed server-trust-ad sub-package of IPA but I have the server-trust-ad installed: [root@m ~]# rpm -qa | grep freeipa freeipa-client-3.1.0-1.fc18.x86_64 freeipa-server-3.1.0-1.fc18.x86_64 freeipa-python-3.1.0-1.fc18.x86_64 freeipa-server-strict-3.1.0-1.fc18.x86_64 freeipa-server-trust-ad-3.1.0-1.fc18.x86_64 freeipa-admintools-3.1.0-1.fc18.x86_64 freeipa-server-selinux-3.1.0-1.fc18.x86_64 so... any ideas? ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] replica read-only
Hi, I'm trying to setup replicas from my ipa server and ipa-replica-install is based on multimaster replication. Is there a way to set a ipa replica to be a slave/read-only? -- Thanks a lot, -Andre ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Fwd: replica read-only
thanks for the info Simo! I work at a university and the current structure is: a meta-directory that feeds a master 389-ds, and the master replicates the data to two read-only directories, that are accessible to customers. any changes in the directory should be sent to the meta-directory, which will apply the changes on the master. Now I'm studying FreeIPA to see a possible exchange of 389DS for FreeIPA (primarily by trust with ad). This is not an appropriate structure for FreeIPA(nor a directory actually) but a read-only FreeIPA would be best for us. -- Thanks a lot, -Andre On Wed, Nov 14, 2012 at 12:07 PM, Simo Sorce s...@redhat.com wrote: On Wed, 2012-11-14 at 11:54 -0200, Andre Rodrigues wrote: Hi, I'm trying to setup replicas from my ipa server and ipa-replica-install is based on multimaster replication. Is there a way to set a ipa replica to be a slave/read-only? No,at the moment replicas are full masters, we are investigating how to create read-only replicas in the future, but it will be a while. What is the reason you'd like a read-only replica ? Knowing use cases will help us decide how read-only replicas will need to behave in general. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users