Re: [Freeipa-users] Support status of additional OU's / acis in ipa ds

2016-01-24 Thread Alexander Bokovoy
On Sun, 24 Jan 2016, William Brown wrote: On Sat, 2016-01-23 at 09:55 -0500, Rob Crittenden wrote: Alexander Bokovoy wrote: > On Sat, 23 Jan 2016, William Brown wrote: > > Hi, > > > > I'm wondering about what the freeipa support policy is on adding > > an > > extra OU to the root of my domain,

Re: [Freeipa-users] Default shell for AD-domain accounts

2016-01-24 Thread Alexander Bokovoy
On Sun, 24 Jan 2016, Rob Verduijn wrote: Hello, I'm trying to get an ipa server to trust a microsoft AD-domain. So far I've managed to get the trust to work and I can login with an active directory user on the ipa clients. Now I see the default shell is set to /bin/sh. Since the preffered

[Freeipa-users] Default shell for AD-domain accounts

2016-01-24 Thread Rob Verduijn
Hello, I'm trying to get an ipa server to trust a microsoft AD-domain. So far I've managed to get the trust to work and I can login with an active directory user on the ipa clients. Now I see the default shell is set to /bin/sh. Since the preffered shel is bash for me I wish to change this. It

Re: [Freeipa-users] IPA KDC Proxy

2016-01-24 Thread Alexander Bokovoy
- Original Message - > Great, > > Changing > > /etc/ipa/kdcproxy/kdcproxy.conf > [global] > configs = mit > use_dns = false > > to > > # cat /etc/ipa/kdcproxy/kdcproxy.conf > [global] > configs = mit > use_dns = true > > along with adding the windows realm to krb5.conf on the

Re: [Freeipa-users] IPA KDC Proxy

2016-01-24 Thread Winfried de Heiden
Great, Changing /etc/ipa/kdcproxy/kdcproxy.conf [global] configs = mit use_dns = false to # cat /etc/ipa/kdcproxy/kdcproxy.conf [global] configs = mit use_dns = true along with adding

Re: [Freeipa-users] Default shell for AD-domain accounts

2016-01-24 Thread Rob Verduijn
Doing this on a per user basis is nice when you have only a few users. Since I expect this to become a source of frustration in the future for new users., is there any way to automate this with a workaround ? ie somehow pull the groups from the ad and automagically create the user view override ?

Re: [Freeipa-users] Default shell for AD-domain accounts

2016-01-24 Thread Jakub Hrozek
> On 24 Jan 2016, at 12:00, Rob Verduijn wrote: > > Hello, > > I'm trying to get an ipa server to trust a microsoft AD-domain. > > So far I've managed to get the trust to work and I can login with an > active directory user on the ipa clients. > > Now I see the

Re: [Freeipa-users] Default shell for AD-domain accounts

2016-01-24 Thread Rob Verduijn
Hi, H microsoft removes the UI, but leaves the schema extension. Does not really make sense, but after some googling this does seem to be the case. Your comment made me check google with some different keywords and I found that there was this irritation that was solved by somebody. (at

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-24 Thread Peter Pakos
Hi, I now have 3rd party SSL certificate successfully installed for LDAP and HTTP but I'm having issues with joining new clients to FreeIPA servers. When I run "ipa-client-install --mkhomedir" on Centos 6 machine I get the following error: "Joining realm failed: libcurl failed to execute