Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

2014-11-12 Thread Petr Spacek
On 13.11.2014 02:17, Simo Sorce wrote: > On Wed, 12 Nov 2014 15:54:14 +0100 > Andreas Ladanyi wrote: > >> Hi, >> >> I set up the 389 LDAP server to support des-cbc-crc enctype. >> >> I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4 >> (single-DES). I created the principal with: >> >

Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

2014-11-12 Thread Simo Sorce
On Wed, 12 Nov 2014 15:54:14 +0100 Andreas Ladanyi wrote: > Hi, > > I set up the 389 LDAP server to support des-cbc-crc enctype. > > I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4 > (single-DES). I created the principal with: > > kadmin.local -x ipa-setup-override-restrictions

Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

2014-11-12 Thread Dmitri Pal
On 11/12/2014 09:54 AM, Andreas Ladanyi wrote: Hi, I set up the 389 LDAP server to support des-cbc-crc enctype. I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4 (single-DES). I created the principal with: kadmin.local -x ipa-setup-override-restrictions The result is: Principal:

Re: [Freeipa-users] Unable to Login until Trust is Repaired

2014-11-12 Thread Dmitri Pal
On 11/12/2014 08:44 AM, Jonathan Bradford wrote: This is my first post on the IPA mailing list. Hey guys :) I've successfully walked through the IdM Red Hat document on "Integrating with Active Directory Through Cross-Realm Kerberos Trusts" using separate DNS domains. I've reached the part wher

[Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

2014-11-12 Thread Andreas Ladanyi
Hi, I set up the 389 LDAP server to support des-cbc-crc enctype. I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4 (single-DES). I created the principal with: kadmin.local -x ipa-setup-override-restrictions The result is: Principal: afs/cellname@Realm Key: vno 1, des-cbc-crc, no s

Re: [Freeipa-users] FreeIPA unresponsive - Causes DOS situations

2014-11-12 Thread Rich Megginson
On 11/12/2014 05:42 AM, Walter van Lille wrote: Thanks again for the assistance guys. I have saved two files and included it here. Hope it tells you more than it does me. These stack traces contain no useful symbols. Please read http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes

[Freeipa-users] Unable to Login until Trust is Repaired

2014-11-12 Thread Jonathan Bradford
This is my first post on the IPA mailing list. Hey guys :) I've successfully walked through the IdM Red Hat document on "Integrating with Active Directory Through Cross-Realm Kerberos Trusts" using separate DNS domains. I've reached the part where you test the trust using SSH via PuTTY, and I have

Re: [Freeipa-users] certmonger question

2014-11-12 Thread Natxo Asenjo
hi, On Tue, Nov 11, 2014 at 7:14 PM, Nalin Dahyabhai wrote: > On Tue, Nov 11, 2014 at 11:13:12AM -0500, Nalin Dahyabhai wrote: >> Since you mention that this seems to be specific to 32-bit boxes, I >> think I need to switch to that one to try to sort out what's happening >> here, since I'm on a 6