So, I ran across an article on how to install the client manually on the Red
Hat site.
https://access.redhat.com/articles/2622831
Thank you Red Hat technical writing team. Without it we would've had to dump
FreeIPA on our project.
As far as I can tell, what was missing was the correct configu
>>>What do any of the logs say?
I found something interesting in the secure log.
Failed password for invalid user admin(a)XYZ.COM from >>>Server
address> port 50203 ssh2
I was wrong. My network guys are telling me it's the ip address of the machine
I am trying to login from.
It's impossible to say without any details.
What details do you need?
What does login mean? It seems to mean ssh but it's unclear.
A ssh login. A local machine login. All of the above.
What output do you get?
Invalid password. But I know it's the correct password, and I try with
Steve Reed via FreeIPA-users wrote:
> Also, I get the same response on clients that I cannot login with the FreeIPA
> (LDAP accounts) , but i can login to Kerberos with my fixed krb5.conf file.
>
> So I still have the problem even with that command returning what I reported
> above. Kerberos is
Also, I get the same response on clients that I cannot login with the FreeIPA
(LDAP accounts) , but i can login to Kerberos with my fixed krb5.conf file.
So I still have the problem even with that command returning what I reported
above. Kerberos is working fine, but I can't login as admin on t
Steve Reed via FreeIPA-users wrote:
> Where would that be? Which file for Centos 7?
This is DNS. It is not server-specific. It is handled by who/whatever
handles DNS for your zone(s).
rob
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahost
Where would that be? Which file for Centos 7?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/
This shows the records you *should* have available. Compare this to
those that actually exist.
rob
Steve Reed via FreeIPA-users wrote:
> [root@ozservices installer]# ipa dns-update-system-records --dry-run
> IPA DNS records:
> _kerberos-master._tcp.cs.ssds. 86400 IN SRV 0 100 88 ozservices.
[root@ozservices installer]# ipa dns-update-system-records --dry-run
IPA DNS records:
_kerberos-master._tcp.cs.ssds. 86400 IN SRV 0 100 88 ozservices.cs.ssds.
_kerberos-master._udp.cs.ssds. 86400 IN SRV 0 100 88 ozservices.cs.ssds.
_kerberos._tcp.cs.ssds. 86400 IN SRV 0 100 88 ozservi
Also, dig xyz.com returns the server information.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-
Ah, after I did a kinit login.
It came back with the information on the server.
It won't work on the clients because they didn't install properly.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to fr
It says:
ipa: ERROR: did not receive Kerberos credentials
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraprojec
Please keep responses on the list.
Scott Reed wrote:
> Hi Rob,
>
>
>
> The FreeIPA accounts are using LDAP for logins to clients, right?
> That’s what I’ve understood. Is that wrong?
SSSD uses the host keytab to authenticate so if Kerberos isn't working
then that would be affected.
> The r
Hi Steve,
I'm not sure if I understand exactly what's happening but it sound's like a DNS
issue. The records FreeIPA/IdM needs are fairly extensive. you can print them
out with the following command:
ipa dns-update-system-records --dry-run
You might need to go through and systematically add th
Hi Rob,
The FreeIPA accounts are using LDAP for logins to clients, right? That’s what
I’ve understood. Is that wrong?
The reason that I am forcing Kerberos realm is that the discovery does not
properly configure the krb5.conf, and it fails because it says it can’t contact
the KDC for the Rea
Steve Reed via FreeIPA-users wrote:
> Hi all,
>
> I am running Versions 4.8 of the client installations. I have one machine
> that installed except it failed to configure the krb5.conf file properly and
> it fails saying that it can't find the KDC for the realm xyz.com. I can fix
> Kerberos b
16 matches
Mail list logo