Thanks. So if we’re going to continue using FAST, it would be nice to get
“kinit -n” working properly.
We currently use external certificates. The KDC generates certificates for
kinit -n if we don’t supply an external cert, and they work, but then I have to
get them on all the clients, and upd
Charles Hedrick via FreeIPA-users
writes:
> I’d like to avoid having to use a second cache to armor 2FA
> requests. My impression was that SPAKE was supposed to fix this. I
> just installed a new kdc (replica of an old one) in Centos 8. It
> understands SPAKE, offering it as preauthebtication for
I’d like to avoid having to use a second cache to armor 2FA requests. My
impression was that SPAKE was supposed to fix this. I just installed a new kdc
(replica of an old one) in Centos 8. It understands SPAKE, offering it as
preauthebtication for normal users. But a user with 2FA is not offered
Kristian Petersen wrote:
> OK I must have missed that and I think I have the root cert now. I ran
> ipa-cacert-manage -n Digicert_Root -t C,, install
> DigiCert_Global_Root_CA.crt
> The message I got back said that this cert was installed successfully.
>
> So now I tried adding the others using
On Thu, Oct 17, 2019 at 11:36 PM Alexander Bokovoy
wrote:
> On to, 17 loka 2019, Stephen Ingram via FreeIPA-users wrote:
> >I'm trying to setup service discovery for our printers on the network
> using
> >a CUPS bonjour tutorial. Specifically the record I'm trying to create is:
> >
> >_ipp._tcp
OK I must have missed that and I think I have the root cert now. I ran
ipa-cacert-manage -n Digicert_Root -t C,, install
DigiCert_Global_Root_CA.crt
The message I got back said that this cert was installed successfully.
So now I tried adding the others using the same command as above (with a
diff
Hello,
I'm currently running into an issue when trying to do the ipa-replica-install.
I did the ipa-replica-prepare command and copied the replica gpg file to the
new replica server and run the following command to do the install
Ipa-replica-install -setup-ca -setup-dns -no-forwarders
/var/lib/
On pe, 18 loka 2019, Pieter Baele wrote:
>By adding a domain_realm mapping to a windows client, also describe on
>FreeIPA-users before, the routing problem is solved. But I (and especially
>the AD admins ;-) ) would prefer to solve the underlying issue.
Don't use external trust, use forest trust.
On Fri, Oct 18, 2019 at 8:26 AM Alexander Bokovoy
wrote:
> On pe, 18 loka 2019, Pieter Baele wrote:
> >All Windows clients are properly enrolled into the AD domain.
> >
> >We can't use two-way trust because of reasons you explained here before. A
> >one-way external trust is used. All perfectly e
