Assuming it's fairly chaotic across your systems. You may just need to
brute-force it. Before adding to IPA, you'll just need to map
oldGID->newGID, then do something like find/exec/chown. You can do the same
with groups. If you want to get fancier, have the script do the mapping.
On Wed, Oct 23,
Oh yes, it's clear, but I just don't know if I'm setting myself up for
problems if I set a freeipa gid or uid to a value that already existed on
the host before it was turned into a freeipa client. That's already a
problem with my users since they have different uids on the hosts if they
were user
You can specify the GID when you create user groups in freeIPA.
In the GUI it's very clear (Group name[required], Description, Group Type,
GID).
CLI it's something like # ipa group-add --gid=
On Wed, Oct 23, 2019 at 3:12 PM Jason Dunham via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wr
On Wed, Oct 23, 2019 at 10:31 PM Amos via FreeIPA-users
wrote:
>
> When enrolling a host, an error was presented:
>
> root: INFO Joining realm failed: RPC failed at server. invalid
> 'hostname': invalid domain-name: only letters, numbers, '-' are allowed. DNS
> label may not start o
When enrolling a host, an error was presented:
root: INFO Joining realm failed: RPC failed at server. invalid
'hostname': invalid domain-name: only letters, numbers, '-' are allowed.
DNS label may not start or end with '-'
Where does this error originate from? Is it truly impossible
Hi I'm trying to figure out the best practice for groups on my client servers.
I have several computation workstation hosts that have been added as freeipa
clients, and several engineers who want to run docker on them
Members of the 'docker' group (gid=999 on some machines, for example) can run
d
Hello I have setup ansible to use install freeipa client on my CentOS 7/8
machines. I am
able to get the packages installed however when it goes through the
configuration I am
getting the following:
TASK [ipaclient : Install - Ensure that IPA client packages are installed]
*
actually I found a solution to this. You can use a normal commercial cert for
PKINIT. You just need a couple of extra lines in /etc/krb5.conf. The only
disadvantage is that you have to have a line in /etc/krb5.conf for each KDC.
That means you lose the ability to add a KDC and depend upon DNS di
Charles Hedrick writes:
> Thanks. So if we’re going to continue using FAST, it would be nice to
> get “kinit -n” working properly.
>
> We currently use external certificates. The KDC generates certificates
> for kinit -n if we don’t supply an external cert, and they work, but
> then I have to get
On ke, 23 loka 2019, Charles Hedrick wrote:
The kdc doesn’t supply the remote address to the policy plugin, unless
I’m totally misreading the source code. I’m currently investigating
ways of doing it externally, whether ebpf or something else.
Ok.
The interface (krb5_kdc_req struct) still has a
On ma, 21 loka 2019, Matthias Salzmann via FreeIPA-users wrote:
Hello together
I'am a newby in Freeipa
I have a ( one-side ) cross-forrest trust with an Active Directory Domain.
AD user are able to login with ssh on the linux server. That works fine.
With sssd i am able to override the homedir.
hi everybody
when I install a replica and have DNS use cname records to a
classless zone I see:
Configuring DNS (named)
[1/8]: generating rndc key file
[2/8]: setting up our own record
[error] ValidationError: invali
12 matches
Mail list logo