Replies inline ...
And our setup is strange as we could never get the global AD admins to make DNS
entries for us among other issues so we ended up choosing a totally new
TLD domain name to run IPA on and bind our servers against; this works
fine except we can't leverage kerberos based features
Hi Rafael,
>
> Once I had to setup an IPA master and a few clients on AWS, and have issues
> with its DNS, since the external name do not match the internal name, hence,
> clients could not enroll (which I believe is similar to what you are facing
> with replicas).
>
> What I did, using Ansible
Hello Chris,
> I run a 4-node IPA cluster on AWS spanning a few global regions and tied
> into a particularly complex AD forest -- never had the DNS issues you
> mention but I've never had to talk to IPA on-prem either.
Okay, may be I will have to investigate this.
> And our setup is strange as
William,
Once I had to setup an IPA master and a few clients on AWS, and have issues
with its DNS, since the external name do not match the internal name,
hence, clients could not enroll (which I believe is similar to what you are
facing with replicas).
What I did, using Ansible (and ansible-free
I run a 4-node IPA cluster on AWS spanning a few global regions and tied
into a particularly complex AD forest -- never had the DNS issues you
mention but I've never had to talk to IPA on-prem either. And our setup
is strange as we could never get the global AD admins to make DNS
entries for us
Hello everyone
We want to move some of the systems for a co-location into AWS. IPA
systems are some of our candidate servers.
I have attempted to get this working by setting up a replica server in
the cloud and attempting to setup replication - over VPN - and its not
working. This is due to D
Hello,
Pardon me if this reply is off the mark, but I've only glanced at this
thread and noticed that there was a similar vein with our legacy IPA
clients (RHEL 6.x).
Our AD logins also were failing and it was traced down to the two
quoted items below.
> > > Unfortunately, setting ldap_user_prin
Thanks for the clarification. I'll dig deeper into all that.
On Wed, 2020-05-27 at 11:28 +0300, Alexander Bokovoy wrote:
> On ke, 27 touko 2020, Monkey Bizness via FreeIPA-users wrote:
> > Thanks for the quick response Alexander.
> > AD1 and AD2 will be seperate forests. So an external trust...Bu
On ke, 27 touko 2020, Monkey Bizness via FreeIPA-users wrote:
Thanks for the quick response Alexander.
AD1 and AD2 will be seperate forests. So an external trust...But be
reading the docs, it seems to be possible to create a trnasitive
external one-way trust between the 2 ADs.
But that allow user
On Tue, May 26, 2020 at 09:49:23AM -0700, Suchismita Panda via FreeIPA-users
wrote:
> Thanks Sumit for the quick reply.
>
> Yes it is using sssd 1.13.4.
Hi,
domain resolution order support is not available in this version.
There is the deprecated option 'default_domain_suffix', see man
sssd.co
Thanks for the quick response Alexander.
AD1 and AD2 will be seperate forests. So an external trust...But be
reading the docs, it seems to be possible to create a trnasitive
external one-way trust between the 2 ADs.
But that allow user from AD2 to access ressources enrolled in
freeipa?Or have I mis
11 matches
Mail list logo
