Well I've come up with a multi-pronged solution, after much
experimentation, that keeps load in the single digits throughout the entire
certmonger startup process.
First, I've learned more about zram swap, namely that the size
specification is not the physical ram used but the virtual swap size
cr
Actually, i think there should be someway to sync everything to AD
programatically, as i have more than 10k users, 390 groups, 1400 linux hosts
using sssd i can't migrate my environment to AD as primary data, than i should
by MS cal licenses also. This is a mess, i'll look for a workaround someh
You don’t need to setup a DNS server or Route 53 Zone, you can use the
route53resolver. It allows a conditional forwarder for any domain you wish and
you can point it straight at an IPA DNS server.
It’s built in to AWS:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-getting-s
After a lot of replies I see that using VPN tunnels to reach servers is the
best option.
But, there is DNS issue also.
I see two options with private zone (both are unwanted for us):
- set up DNS forwarding to our private DNS server in each AWS account (using
bind9 for example);
- create in Rou
The only option right now is a cross-forest trust with AD where AD is the
primary data store for users and groups.
On Thu, May 23, 2019 at 7:36 AM LUCAS GUILHERME DIEDRICH via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Yes, it would be awesome, as i use Freeipa as the responsi
On Thu, May 23, 2019 at 04:17:08PM +0100, lejeczek via FreeIPA-users wrote:
> On 23/05/2019 14:56, Rob Crittenden wrote:
> > lejeczek via FreeIPA-users wrote:
> >> hi guys,
> >>
> >> reading official guide one may assume - I do - that "Using SSH Without
> >> Passwords" should work out-of-box (cento
Hi Striker,
the output of error_log when trying to login is:
[Wed May 22 22:43:50.791861 2019] [wsgi:error] [pid 21731:tid 2937889584]
[remote 192.168.1.22:43548] ipa: DEBUG: Starting new HTTP connection (1):
ipa3.roth.net:80
[Wed May 22 22:43:50.807169 2019] [wsgi:error] [pid 21731:tid 2937889
On 23/05/2019 14:56, Rob Crittenden wrote:
> lejeczek via FreeIPA-users wrote:
>> hi guys,
>>
>> reading official guide one may assume - I do - that "Using SSH Without
>> Passwords" should work out-of-box (centos 7.6) - is such assumption valid?
>>
>> For me this does not work - ssh still asks for
I suspect OP is enquiring about ssh keys.
You need to tell your SSH client about your SSH private key (keep it safe) and
paste the public component of your key pair into the SSH key field in the
FreeIPA web admin screen for the user (the field is about a third of the way
down the screen on the
lejeczek via FreeIPA-users wrote:
> hi guys,
>
> reading official guide one may assume - I do - that "Using SSH Without
> Passwords" should work out-of-box (centos 7.6) - is such assumption valid?
>
> For me this does not work - ssh still asks for passwords.
>
> If this is due to some failure/pr
hi guys,
reading official guide one may assume - I do - that "Using SSH Without
Passwords" should work out-of-box (centos 7.6) - is such assumption valid?
For me this does not work - ssh still asks for passwords.
If this is due to some failure/problem, then where to look and how to
troubleshoot?
Yes, it would be awesome, as i use Freeipa as the responsible for handling user
and groups information, it would be nice to trust this to AD ad i just want to
use it to authentication.
What should be the workaround about this? sync users and groups to AD?
Thanks.
__
That’s mostly for general redundancy and speed. Speed is both for load
balancing and querying local servers first.
Say you don’t talk to IPA often and your cross-continental latency isn’t an
issue, then running 1 server in Iceland would fit.
For us, the redundancy part is relatively important be
Hello
Best practises say to deploy 2 - 3 IPA server per site (Deployment
Recommendations) however I've never really understood why. We run 2 IPA servers
in each of our primary DCs and then connect our smaller remote sites to those
IPA servers over IPSEC VPNs. For example, IPA clients in a small
That’s not too bad.
We have a similar setup somewhere, about 39 AWS accounts, some with multiple
VPCs, three physical locations, one with two separate DCs (the others have one).
For AWS we simply add PCXes where possible with sg source rules, makes it
pretty secure. For other accounts we run Ope
Thanks a lot for this Information Kristian.
I would be a great thing if FreeIPA have this option.
Regard
Dirk
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.o
16 matches
Mail list logo
