On Wed, 23 Nov 2011, Josh Geisser wrote:
> Thanks for the answer will check soon.
>
> Joining the machine actually works as far as I understand: it creates the
> computer object in LDAP and is visible in the AD management utility.
>
> But it doesn't write any local /etc/krb5.keytab, which I assum
Thanks for the answer will check soon.
Joining the machine actually works as far as I understand: it creates the
computer object in LDAP and is visible in the AD management utility.
But it doesn't write any local /etc/krb5.keytab, which I assume SSSD or the
krb5-tools will use, not?
Want to
On Wed, 23 Nov 2011, Josh Geisser wrote:
> Hi list
>
> I'm sure I have gabs of understanding of how to use SSSD without using plain
> binding-user credentials in the configfile. I followed the guide for Win2008
> allthough I only have 2003 SFU - would that work?
AFAIK, yes. I've certainly contri
Hi list
I'm sure I have gabs of understanding of how to use SSSD without using plain
binding-user credentials in the configfile. I followed the guide for Win2008
allthough I only have 2003 SFU - would that work?
- I see it right that GSSAPI should enable looking up stuff in the LDAP using a
ma
On Wed, 2011-11-23 at 16:23 +0100, Jan Zelený wrote:
> > On Fri, 2011-11-18 at 16:13 +0100, Jan Zeleny wrote:
> > > don't fetch all host groups if this option is set to false
> > > https://fedorahosted.org/sssd/ticket/1078
> >
> > Nack.
Nack again.
> >
> > I don't like setting the srchost eleme
On Mon, 2011-11-14 at 14:28 +0100, Jan Zelený wrote:
> > > > > > #54
> > > > > > Some new config options, please focus on this patch, I'm not
> > > > > > entirely sure if my approach was the correct one.
> >
> > Nack.
> >
> > Looks mostly good, except that when you added the new host search base
On 11/23/2011 12:01 PM, Marko Myllynen wrote:
> This sounds backwards to me. I think we should regard Samba/Winbind as
> the gold standard in this area and if anything related gets added to
> SSSD it should follow Winbind conventions.
This sounds exactly right. SSSD supports multiple domains and ne
Hi,
>> this simple patch allows using AD objectSid as uid source making it
>> possible to use SSSD against AD instances which do not have Identity
>> Management for Unix Role Service enabled. The mapping matches winbind's
>> idmap_rid(8) behaviour. If ldap_user_uid_number is not objectSid then
>>
Thank you very much. it worked.
a.
On Wed, Nov 23, 2011 at 6:30 PM, Stephen Gallagher wrote:
> On Wed, 2011-11-23 at 18:25 +0200, Aziz Sasmaz wrote:
> > Hi,
> >
> >
> > We have two oracle cluster nodes running in a rac environment
> > (active/passive). Crs and oracle services are running and th
On Wed, 2011-11-23 at 18:25 +0200, Aziz Sasmaz wrote:
> Hi,
>
>
> We have two oracle cluster nodes running in a rac environment
> (active/passive). Crs and oracle services are running and these two
> nodes has SAN disks presented to them
> We are using sssd perfectly on these two nodes. Nscd is a
Hi,
We have two oracle cluster nodes running in a rac environment
(active/passive). Crs and oracle services are running and these two nodes
has SAN disks presented to them
We are using sssd perfectly on these two nodes. Nscd is also disabled on
primary active node and everything is perfect with ss
Dne 22.11.2011 14:14, Pavel Březina napsal(a):
> There is probably one bug, when you have several search bases when one
> is a generalization of the other but with more restrictive filter.
>
> For example (LDIF attached):
> ldap_group_search_base =
> cn=QA,ou=Groups,dc=brq,dc=redhat,dc=com?sub??
>
On Fri, 2011-09-30 at 10:21 +0300, Marko Myllynen wrote:
> Hi,
>
> this simple patch allows using AD objectSid as uid source making it
> possible to use SSSD against AD instances which do not have Identity
> Management for Unix Role Service enabled. The mapping matches winbind's
> idmap_rid(8) beh
> On Fri, 2011-11-18 at 16:13 +0100, Jan Zeleny wrote:
> > don't fetch all host groups if this option is set to false
> > https://fedorahosted.org/sssd/ticket/1078
>
> Nack.
>
> I don't like setting the srchost element to NULL and checking for that.
> Technically, we're violating the HBAC design
On Tue, 2011-11-15 at 14:09 -0500, Stephen Gallagher wrote:
> On Tue, 2011-11-08 at 14:53 +0100, Pavel Zuna wrote:
> > This patch adds the whole Winbind provider. We agreed with Summit, that it
> > would
> > be better to submit as a single patch as splitting it wouldn't make review
> > any
> >
On Wed, 2011-11-16 at 14:11 +0100, Jan Zelený wrote:
> > On Thu, 2011-11-03 at 23:22 +0100, Jan Zeleny wrote:
> > > Stephen Gallagher wrote:
> > > > On Wed, 2011-10-19 at 00:42 +0200, Jan Zeleny wrote:
> > > > > Jan Zelený wrote:
> > > > > > I'm sending couple patches which add support for IPA ne
16 matches
Mail list logo