[Freeipa-users] Re: keytab usage?

2017-06-06 Thread Rob Crittenden via FreeIPA-users
Simo Sorce via FreeIPA-users wrote: > On Mon, 2017-06-05 at 09:59 -0500, Kat via FreeIPA-users wrote: >> Never mind -- if I use ipa-getkeytab, it works perfectly. >> >> What is the difference between what getkeytab and ktutil by hand >> does? >> Is it documented? > > In FreeIPA we generate a

[Freeipa-users] Re: Scripting a SSSD client to add SIDtoUIDnumbers from ad Trust into custom LDAP schema.

2017-06-06 Thread Frank Rey via FreeIPA-users
Ok where and when does the compat tree get populated? When I dump my look over my ldif I do not see any accounts from the AD trust. With the exception of the mapping groups which do no have uidnumbers listed with them only gid On Jun 6, 2017 4:46 AM, "Sumit Bose via FreeIPA-users" <

[Freeipa-users] Re: IPA-clients fail to update DNS: "response to GSS-TSIG query was unsuccessful"

2017-06-06 Thread Martin Bašti via FreeIPA-users
On 06.06.2017 13:00, Martin Bašti via FreeIPA-users wrote: On 05.06.2017 20:39, Josh Pavel via FreeIPA-users wrote: I have a setup with 2 zones: My IPA realm is mob.nuance.com My first IPA server was built out with the DNS zone prod.mcs.som.mob.nuance.com

[Freeipa-users] Re: IPA-clients fail to update DNS: "response to GSS-TSIG query was unsuccessful"

2017-06-06 Thread Martin Bašti via FreeIPA-users
On 05.06.2017 20:39, Josh Pavel via FreeIPA-users wrote: I have a setup with 2 zones: My IPA realm is mob.nuance.com My first IPA server was built out with the DNS zone prod.mcs.som.mob.nuance.com My second IPA server is in a DNS

[Freeipa-users] IPA-clients fail to update DNS: "response to GSS-TSIG query was unsuccessful"

2017-06-06 Thread Josh Pavel via FreeIPA-users
I have a setup with 2 zones: My IPA realm is mob.nuance.com My first IPA server was built out with the DNS zone prod.mcs.som.mob.nuance.com My second IPA server is in a DNS zone of dev.mcs.az-eastus2.mob.nuance.com I can successfully add client to my first IPA server, and everything works as

[Freeipa-users] Re: Scripting a SSSD client to add SIDtoUIDnumbers from ad Trust into custom LDAP schema.

2017-06-06 Thread Sumit Bose via FreeIPA-users
On Fri, Jun 02, 2017 at 12:02:04PM -0600, Frank Rey via FreeIPA-users wrote: > I have a Netapp that does not support SSSD or Windbind and i want to use > IDM ldap to do permission/name mapping. would using a Script on a SSSD > client to populate a custom ldap schema in IPA with the SSSD uidnumber

[Freeipa-users] Re: keytab usage?

2017-06-06 Thread Simo Sorce via FreeIPA-users
On Mon, 2017-06-05 at 09:59 -0500, Kat via FreeIPA-users wrote: > Never mind -- if I use ipa-getkeytab, it works perfectly. > > What is the difference between what getkeytab and ktutil by hand > does?  > Is it documented? In FreeIPA we generate a random salt instead of using the old "principal