[Freeipa-users] Trying to renew the CA cert, but NEWLY_ADDED_NEED_KEYINFO_READ_PIN

So, ongoing saga of a FreeIPA 2.x system with an expired cert for the CA server: ca-error: Server failed request, will retry: 907 (RPC failed at server. cannot connect to 'https://ipa0.lab.whamcloud.com:9443/ca/agent/ca/displayBySerial': [Errno -8181] (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Cert

Re: [Freeipa-users] FreeIPA install fails on config. of certificate server with "Required parameter -client_token_name is not specified."

Andrew Wasielewski wrote: Hello everyone, I am trying to install FreeIPA 2.2.2 on Fedora 17 (kernel 3.8.13-100.fc17.x86_64). Each time it fails in step 2/17 of "Configuring certificate server". The relevant portion of the log is appended below. It looks like the specific cause of the error is "R

[Freeipa-users] FreeIPA install fails on config. of certificate server with "Required parameter -client_token_name is not specified."

Hello everyone, I am trying to install FreeIPA 2.2.2 on Fedora 17 (kernel 3.8.13-100.fc17.x86_64). Each time it fails in step 2/17 of "Configuring certificate server". The relevant portion of the log is appended below. It looks like the specific cause of the error is "Required parameter -cl

[Freeipa-users] possible to use a different kerberos server for some users?

Hello! So here's the situation I'm in. The university has its AD domain locked down pretty tight -- getting a trust is out of the question, creating new users isn't allowed, and they seem to have no interest in supporting linux management. I'd like to be able to leverage the AD kerberos se

Re: [Freeipa-users] Auto-Mount Home Directory for Local Users?

Only automounter... Odesláno ze Samsung Mobile Původní zpráva Od: Dean Hunter Datum: Komu: Rob Crittenden Kopie: freeipa-users@redhat.com Předmět: Re: [Freeipa-users] Auto-Mount Home Directory for Local Users? On Wed, 2013-06-19 at 14:00 -0400, Rob Crittenden wrote: Jak

Re: [Freeipa-users] Auto-Mount Home Directory for Local Users?

On Thu, Jun 20, 2013 at 12:36:16PM -0500, Dean Hunter wrote: > On Wed, 2013-06-19 at 14:00 -0400, Rob Crittenden wrote: > > > Jakub Hrozek wrote: > > > On Wed, Jun 19, 2013 at 02:42:55PM +0200, Jakub Hrozek wrote: > > >> On Tue, Jun 18, 2013 at 06:49:05PM -0500, Dean Hunter wrote: > > >>> Thank yo

Re: [Freeipa-users] Auto-Mount Home Directory for Local Users?

On Wed, 2013-06-19 at 14:00 -0400, Rob Crittenden wrote: > Jakub Hrozek wrote: > > On Wed, Jun 19, 2013 at 02:42:55PM +0200, Jakub Hrozek wrote: > >> On Tue, Jun 18, 2013 at 06:49:05PM -0500, Dean Hunter wrote: > >>> Thank you for your response. As you suggested I > >>> checked /etc/nsswitch.conf.

Re: [Freeipa-users] Trusted AD Users login via gdm

On 06/19/2013 03:01 PM, Sumit Bose wrote: On Tue, Jun 18, 2013 at 08:00:02AM +0200, Leah Zimmermann wrote: On 06/14/2013 09:08 AM, Sumit Bose wrote: On Thu, Jun 13, 2013 at 01:49:30PM +0200, Leah Zimmermann wrote: Hello Sumit, Hello List Members, Am 13.06.2013 09:18, schrieb Sumit Bose: On W

Re: [Freeipa-users] Auto-Mount Home Directory for Local Users?

Just move the home directory out of /home if you don't want it auto mounted at all. # usermod -m -d /export/home/local local That will move it out of /home and copy the contents to the new location of /export/home. Since /export/home isn't in the auto.home map it will skip auto mounting. Or if

Re: [Freeipa-users] ipa-client-install "Cannot resolve network address for KDC" problem

>Is KDC resolvable from the client? yes, there is DNS resolving for "serv02.prod.example.com" on client. >Do you have an AD DNS that might be actually serving records? no, I don't AD DNS for prod.example.com >What version of the client and what OS are you using? On the client: ipa-client-2.0-10.e