Re: [Freeipa-users] Can't establish trust with 2008 AD

2016-06-09 Thread pgb205
Sorry about replying privately. dig provides ipv4 addresses as expected. For example : r...@ipaserver.ipadomain.com:~#  dig SRV _ldap._tcp.addomain.com#this is run on the FreeIPA where idm is installed as well as integrated DNS with the addomain.com stub zone that points to #dc.addomain.com;;

Re: [Freeipa-users] Can't establish trust with 2008 AD

2016-06-09 Thread Alexander Bokovoy
Please don't answer directly, use mailing list. On Thu, 09 Jun 2016, pgb205 wrote: Alexander, As far as I can say ipv6 is enabled in the kernel, as the tutorial suggests, although none of the interfaces have ipv6 addresses. For example,  ip a | grep inet6     inet6 ::1/128 scope host and ip

Re: [Freeipa-users] How to implement password expiration notifications?

2016-06-09 Thread Alexander Bokovoy
On Thu, 09 Jun 2016, Anthony Messina wrote: On Wednesday, June 08, 2016 03:17:28 PM Eivind Olsen wrote: Now I guess the next step is figuring out how to tell "ldapsearch" to work with gssproxy (unless I've made some other glaring mistake In your script... export GSS_USE_PROXY="yes"

Re: [Freeipa-users] How to implement password expiration notifications?

2016-06-09 Thread Anthony Messina
On Wednesday, June 08, 2016 03:17:28 PM Eivind Olsen wrote: > Now I guess the next step is figuring out how to tell "ldapsearch" to > work with gssproxy (unless I've made some other glaring mistake In your script... export GSS_USE_PROXY="yes" ldapsearch -Y GSSAPI ... -- Anthony -

[Freeipa-users] Password sync settings not working

2016-06-09 Thread Joshua J. Kugler
Howdy! We are trying to set up password sync. I have read this: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#password-sync I have added that attribute: echo -e 'dn: cn=ipa_pwd_extop,cn=plugins,cn=config\nchangetype:

[Freeipa-users] ipa-client-install

2016-06-09 Thread David Zabner
Occassionally in our system we will see a failure in ipa-client-install script and the cleanup will leave around the host in ipa. This means that all future client installs fail because the host already exists. Is there any way to make sure that failure’s cause the host to be cleaned up? Is

Re: [Freeipa-users] Can't establish trust with 2008 AD

2016-06-09 Thread Alexander Bokovoy
On Thu, 09 Jun 2016, pgb205 wrote: The setup is:AD 2008 domain,Latest version of FreeIpa with integrated DNS,As the AD domain is not known to any DNS servers on the network I have created a stub zone in Freeipa integrated dns server addomain.com,and created A-record for DC.addomain.comas well as

[Freeipa-users] Can't establish trust with 2008 AD

2016-06-09 Thread pgb205
The setup is:AD 2008 domain,Latest version of FreeIpa with integrated DNS,As the AD domain is not known to any DNS servers on the network I have created a stub zone in Freeipa integrated dns server addomain.com,and created A-record for DC.addomain.comas well as _ldap.tcp.addomain.com and

Re: [Freeipa-users] FreeOTP

2016-06-09 Thread Sumit Bose
On Thu, Jun 09, 2016 at 08:42:59AM -0400, Nathaniel McCallum wrote: > On Thu, 2016-06-09 at 10:46 +0200, Sumit Bose wrote: > > On Thu, Jun 09, 2016 at 08:16:13AM +0200, Winfried de Heiden wrote: > > > Hi all, > > > > > > I can install libvert-libev but removing libverto-tevent will > > > remove

Re: [Freeipa-users] FreeIPA 4.4

2016-06-09 Thread Martin Kosek
On 06/08/2016 12:18 PM, Winfried de Heiden wrote: > Hi all, > > Any news/progress about FreeIPA 4.4? > > On http://www.freeipa.org/page/Roadmap: *FreeIPA 4.4*: feature release. > Release > planned for end of May 2016. > > Any updated release date...? The new estimate is rather June, there

Re: [Freeipa-users] SSH login to client

2016-06-09 Thread Sumit Bose
On Thu, Jun 09, 2016 at 08:43:57AM -0400, Pavel Picka wrote: > > > - Original Message - > From: "David Kupka" > To: "Pavel Picka" , freeipa-users@redhat.com > Sent: Thursday, June 9, 2016 1:45:26 PM > Subject: Re: [Freeipa-users] SSH login to client

[Freeipa-users] ldapsearch in cron job woes about no credentials

2016-06-09 Thread Harald Dunkel
Hi folks, Platform: freeipa 4.2 (Centos7) Problem: My cron job needs a ticket to run ldapsearch. The error message is: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified

Re: [Freeipa-users] SSH login to client

2016-06-09 Thread Lukas Slebodnik
On (09/06/16 08:43), Pavel Picka wrote: > > >- Original Message - >From: "David Kupka" >To: "Pavel Picka" , freeipa-users@redhat.com >Sent: Thursday, June 9, 2016 1:45:26 PM >Subject: Re: [Freeipa-users] SSH login to client > >On 09/06/16 13:18, Pavel

Re: [Freeipa-users] SSH login to client

2016-06-09 Thread Pavel Picka
- Original Message - From: "David Kupka" To: "Pavel Picka" , freeipa-users@redhat.com Sent: Thursday, June 9, 2016 1:45:26 PM Subject: Re: [Freeipa-users] SSH login to client On 09/06/16 13:18, Pavel Picka wrote: > Hi, > > Have anyone experience,

Re: [Freeipa-users] FreeOTP

2016-06-09 Thread Nathaniel McCallum
On Thu, 2016-06-09 at 10:46 +0200, Sumit Bose wrote: > On Thu, Jun 09, 2016 at 08:16:13AM +0200, Winfried de Heiden wrote: > > Hi all, > > > > I can install libvert-libev but removing libverto-tevent will > > remove 123 > > dependencies also. (wget, tomcat and much more...) > > > > Hence, I

Re: [Freeipa-users] SSH login to client

2016-06-09 Thread David Kupka
On 09/06/16 13:18, Pavel Picka wrote: Hi, Have anyone experience, when create user on ipa-server, and want to login on client with this user I get : Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

Re: [Freeipa-users] SSH login to client

2016-06-09 Thread Sumit Bose
On Thu, Jun 09, 2016 at 07:18:19AM -0400, Pavel Picka wrote: > Hi, > > Have anyone experience, when create user on ipa-server, and want to login on > client with this user I get : > > Permission denied, please try again. > Permission denied, please try again. > Permission denied

Re: [Freeipa-users] SSH login to client

2016-06-09 Thread Jakub Hrozek
On Thu, Jun 09, 2016 at 07:18:19AM -0400, Pavel Picka wrote: > Hi, > > Have anyone experience, when create user on ipa-server, and want to login on > client with this user I get : > > Permission denied, please try again. > Permission denied, please try again. > Permission denied

[Freeipa-users] SSH login to client

2016-06-09 Thread Pavel Picka
Hi, Have anyone experience, when create user on ipa-server, and want to login on client with this user I get : Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). (with kinit [1st time change] was

Re: [Freeipa-users] FreeOTP

2016-06-09 Thread Sumit Bose
On Thu, Jun 09, 2016 at 08:16:13AM +0200, Winfried de Heiden wrote: > Hi all, > > I can install libvert-libev but removing libverto-tevent will remove 123 > dependencies also. (wget, tomcat and much more...) > > Hence, I installed libverto-libev, but dit not remove libverto-tevent to give > it a

Re: [Freeipa-users] FreeOTP

2016-06-09 Thread Winfried de Heiden
Hi all, I can install libvert-libev but removing libverto-tevent will remove 123 dependencies also. (wget, tomcat and much more...) Hence, I installed libverto-libev, but dit not remove libverto-tevent to give it a try. After ipactl restart still