Re: [Freeipa-users] need info on AD / IPA coexistence

>is abcd.ca your windows domain ? yes in this example ipa-server-install -a xx \ --hostname=ipa1.unix.abcd.ca \ -n unix.abcd.ca \ -p xxx \ -r UNIX.ABCD.CA \ --subject=subject_DN \ #Sets the base element for the subject DN of the issued certif

Re: [Freeipa-users] need info on AD / IPA coexistence

Hi Again Our current Linux/AIX servers fqdn should remain on abcd.ca domain I need an advice: Should the ipa server fqdn be ipa.abcd.ca or ipa.unix.abcd.ca? and on the Linux/AIX server, should we add entry of both dns (ipa and Microsoft AD) in resolv.conf? domain unix.abcd.ca search unix.abcd.ca

Re: [Freeipa-users] need info on AD / IPA coexistence

On Thu, 2012-03-08 at 09:46 -0500, Sylvain Angers wrote: > Hi Again > Our current Linux/AIX servers fqdn should remain on abcd.ca domain > > I need an advice: Should the ipa server fqdn be ipa.abcd.ca or > ipa.unix.abcd.ca? You can have machines on a different DNS domain with FreeIPA. So you ca

Re: [Freeipa-users] need info on AD / IPA coexistence

Alright! I am now requesting to our DNS team please delegate dns zone "unix.abcd.ca" to ??? Question: is the ipa server fqdn, be ipaserver.unix.abcd.ca or ipaserver.abcd.ca? does it matter? thanks 2012/3/8 Simo Sorce > On Thu, 2012-03-08 at 09:46 -0500, Sylvain Angers wrote: > > Hi Again > >

Re: [Freeipa-users] need info on AD / IPA coexistence

On Thu, 2012-03-08 at 11:54 -0500, Sylvain Angers wrote: > Alright! > > I am now requesting to our DNS team > > please delegate dns zone "unix.abcd.ca" to ??? the ip address of your ipa server, they will know what questions to ask :) > Question: is the ipa server fqdn, be ipaserver.unix.abcd.ca

Re: [Freeipa-users] need info on AD / IPA coexistence

If your AD realm is ABCD.CA and you want your unix realm to be UNIX.ABCD.CA then your FQDN should be ipaserver.unix.abcd.ca When you delegate the zone from AD, you should have at least two IPA servers running bind listed. ipaserver1.unix.abcd.ad ipaserver2.unix.abcd.ad That way if one is dow

Re: [Freeipa-users] need info on AD / IPA coexistence

Also, I would not use 'delegation record' from AD, use conditional forwarding for *.unix.abcd.ca. Your AD admins should know how to do it. --- Brian Cook Solutions Architect, Red Hat, Inc. 407-212-7079 On Mar 8, 2012, at 9:04 AM, Simo Sorce wrote: > On Thu, 2012-03-08 at 11:54 -0500, Sylvai

[Freeipa-users] IPA clashing with selinux on users home directories

Hi, I am setting up some IPA users what I have noticed is if I or they type startx to start a gui locking the .Xauthority fails, if I setenforce 0 then it works fine.I have never seen this behaviour before and googling suggests its an IPA and selinux conflict. and in fact when I create a l

Re: [Freeipa-users] IPA clashing with selinux on users home directories

On Thu, 2012-03-08 at 20:14 +, Steven Jones wrote: > Hi, > > I am setting up some IPA users what I have noticed is if I or they type > startx to start a gui locking the .Xauthority fails, if I setenforce 0 > then it works fine.I have never seen this behaviour before and > googling suggests

Re: [Freeipa-users] IPA clashing with selinux on users home directories

Hi, I used ipa-client-install --mkhomedir How do I change that so it will do so properly? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users

Re: [Freeipa-users] IPA clashing with selinux on users home directories

On Thu, 2012-03-08 at 21:27 +, Steven Jones wrote: > Hi, > > I used ipa-client-install --mkhomedir > > How do I change that so it will do so properly? > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > _

Re: [Freeipa-users] IPA clashing with selinux on users home directories

Thanks, I can put that in Sat. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Simo Sorce [s...@redhat.com] Sent: Friday, 9 March 2012 10:35 a.m. To: Steven Jones Cc: freeipa-users@redhat