To add:
If mounted with -S (no sssd) upon login the mount is not accepted and error:
key has expired: /home/foo.org/foouser
though with klist:
non expired krb5 key.
SH
On 10/08/2022 09:33, Sami Hulkko via FreeIPA-users wrote:
I can add that with:
ipa-client-automount -S (no sssd)
it works
I can add that with:
ipa-client-automount -S (no sssd)
it works.
On 10/08/2022 09:23, Sami Hulkko wrote:
Hi,
I have a home folders shared at server.foo.org on folder
/srv/home/foo.org and I can mount this share on client.foo.org with
kerberos security.
/etc/export is:
/srv/home/foo.org
Hi,
I have a home folders shared at server.foo.org on folder
/srv/home/foo.org and I can mount this share on client.foo.org with
kerberos security.
/etc/export is:
/srv/home/foo.org
*(rw,sec=krb5:krb5i:krb5p,sync,no_root_squash,no_subtree_check)
On Freeipa server under Network Services I
Hello all,
I have an issue configuring both systems Keycloak and FreeIPA to work with
User Federation. Configuration on Keycloak side for the ldap (FreeIPA
server) is as follows:
- LDAPs configuration
- Keytab from FreeIPA generated with admin user
The below screenshot is from the Keycloak
Hi,
We have a problem connecting with CA REST API (403).
Any ideas how to troubleshoot?
Setup: IPA 4.9.8 on CentOS Stream 8, two IPA CA servers
Only looking at the CA renewal master (ipa1.example.com)
# ipa cert-show 1
ipa: DEBUG: trying https://ipa1.example.com/ipa/session/json
ipa: ERROR: Cer