[Freeipa-users] Re: How far I can take the use of short unqualified names/groups with an AD integrated FreeIPA setup?

> Thanks all, the suggestions were incredibly helpful and are working well! > > That strikes wishlist item #1 off my list, now on to the next "wish" -- > seeing if FreeIPA's LDAP service can be used to authenticate AD users > for scenarios where we can't provide a full IPA client enrollment opti

[Freeipa-users] Re: hide domain of AD users on Solaris clients?

FQDN's are not required for systems using the compat tree when using domain resolution order, but it's not clear if you have it on or not. With that said, I've never tried to drop the domain off users when using the compat tree and id views without domain resolution order enabled. In theory, an

[Freeipa-users] Re: How far I can take the use of short unqualified names/groups with an AD integrated FreeIPA setup?

Thanks all, the suggestions were incredibly helpful and are working well! That strikes wishlist item #1 off my list, now on to the next "wish" -- seeing if FreeIPA's LDAP service can be used to authenticate AD users for scenarios where we can't provide a full IPA client enrollment option. Reg

[Freeipa-users] Re: Another Expired Certs Issue

Sean McLennan via FreeIPA-users wrote: > >> What version of python-pyasn1 and pyasn1-modules is installed? You might >> try upgrading/downgrading them to see if that helps. > > There are two versions: > python-pyasn1(-modules) > python3-pyasn1(-modules) > > I tried to uninstall the first with ap

[Freeipa-users] Re: How far I can take the use of short unqualified names/groups with an AD integrated FreeIPA setup?

On Mon, Oct 26, 2020 at 8:04 PM Louis Abel via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > > > * Like in the comments, don't add that on the IPA server's sssd.conf, only > to the clients enrolled to the IPA domain. > * I cannot remember if it also drops the @domain for the group

[Freeipa-users] hide domain of AD users on Solaris clients?

Our IPA servers are in a one-way AD trust. Since all of our users are in AD, I take advantage of the SSSD settings on the clients to hide the @AD_REALM from their login names, and use AD_REALM as the default_realm. This works nicely. Solaris clients, however, do not have the convenience of SSSD.

[Freeipa-users] Re: Another Expired Certs Issue

> What version of python-pyasn1 and pyasn1-modules is installed? You might > try upgrading/downgrading them to see if that helps. There are two versions: python-pyasn1(-modules) python3-pyasn1(-modules) I tried to uninstall the first with apt—doing so was also going to remove all of freeipa(!) s