[Freeipa-users] Re: FreeIPA integration with Azure AD

Hi Alexander, Thanks for your feedback what would be the best way forward to help test and work towards having azure AD connectivity with FreeIPA? From: Alexander Bokovoy Sent: 11 March 2021 08:51 To: FreeIPA users list Cc: Ronald Wimmer ; Jonathan Aquilina Su

[Freeipa-users] Re: POSIX attributes and Trusts in FreeIPA

On Thu, Mar 11, 2021 at 02:53:27AM -, Lachlan Musicman via FreeIPA-users wrote: > Can I please get clarification on a FreeIPA instance (as IdM in RHEL8.3) and > AD's POSIX attributes? > > From what I can see, the POSIX attributes - are ignored? > > Specifically, when I run > > $ id u...@a

[Freeipa-users] Re: FreeIPA integration with Azure AD

On to, 11 maalis 2021, Jonathan Aquilina via FreeIPA-users wrote: Hi Ronald, What kind of work would need to be done to get it to talk to an Azure AD tenant? A lot. This is not implemented and not supported yet. Regards, Jonathan From: Ronald Wimmer via Fre

[Freeipa-users] Re: FreeIPA integration with Azure AD

Hi Ronald, What kind of work would need to be done to get it to talk to an Azure AD tenant? Regards, Jonathan From: Ronald Wimmer via FreeIPA-users Sent: 11 March 2021 08:22 To: freeipa-users@lists.fedorahosted.org Cc: Ronald Wimmer Subject: [Freeipa-users] Re:

[Freeipa-users] Re: FreeIPA integration with Azure AD

On 11.03.21 06:53, Jonathan Aquilina via FreeIPA-users wrote: Hi Guys, Is it possible to integrate free IPA with Azure AD? Afaik no. The only thing AD and Azure AD have in common is the name. There is no Kerberos for example... Cheers, Ronald ___

[Freeipa-users] FreeIPA integration with Azure AD

Hi Guys, Is it possible to integrate free IPA with Azure AD? Regards, Jonathan ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: ht

[Freeipa-users] POSIX attributes and Trusts in FreeIPA

Can I please get clarification on a FreeIPA instance (as IdM in RHEL8.3) and AD's POSIX attributes? From what I can see, the POSIX attributes - are ignored? Specifically, when I run $ id u...@ad.domain.com $ id -u u...@ad.domain.com $ id -g u...@ad.domain.com The POSIX attribute values are no

[Freeipa-users] Re: Old users cannot login to new freeIPA client machine

In addition, I am attaching the krb5kdc log for successful authentication on older client machine: Mar 11 11:11:07 xpsserver.freeipa.lab krb5kdc[1225](info): AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19

[Freeipa-users] Re: How to set IPA RA key length

On Wed, Mar 10, 2021 at 07:26:52PM -0500, Rob Crittenden via FreeIPA-users wrote: > Yevhen Syvachenko via FreeIPA-users wrote: > > Hi, > > > > Pease help me to install FreeIPA that uses a 8192 bit key length for IPA RA > > and the hosts' certificates. > > > > Having all the rumor about quantum

[Freeipa-users] Re: Old users cannot login to new freeIPA client machine

Thanks for the suggestion. I tried changing the password of one of the old user. It didn't help and the issue is still there. I can login to server(ver. 4.9.2) and older clients with the changed password, but not to the new client machine. The older clients are actually not that old. They run Ubu

[Freeipa-users] Re: How to set IPA RA key length

Yevhen Syvachenko via FreeIPA-users wrote: > Hi, > > Pease help me to install FreeIPA that uses a 8192 bit key length for IPA RA > and the hosts' certificates. > > Having all the rumor about quantum computers and being a certified paranoid I > need to configure a backbone FreeIPA instance with

[Freeipa-users] Re: How to set IPA RA key length

Hi All, While your paranoia might be making you do it you're doing a lot of work and not providing yourself with much protection. Basically RSA- 2048 provides 25 bits of quantum protection and RSA-15360 only provides 31 bits. https://techbeacon.com/security/waiting-quantum-computing-why-encryptio

[Freeipa-users] Re: ipausers unable to sudo

Hi Albert, Did you by any chance find a solution to this issue? We are having the same issue over here. Thanks, Anestis ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fed

[Freeipa-users] How to set IPA RA key length

Hi, Pease help me to install FreeIPA that uses a 8192 bit key length for IPA RA and the hosts' certificates. Having all the rumor about quantum computers and being a certified paranoid I need to configure a backbone FreeIPA instance with CA key length equal to 15360. Other keys should be no l

[Freeipa-users] Re: [EXTERNAL] FreeIPA Enterprise or Paid Support

This would be Red Hat Enterprise Linux Identity Manager __ Daniel E. White daniel.e.wh...@nasa.gov NASCOM Linux Engineer NASA Goddard Space Flight Center Science Applications

[Freeipa-users] FreeIPA Enterprise or Paid Support

HI, I am new to FreeIPA & planning to implement it my organization. I am not sure do FreeIPA have Enterprise or paid support. Please let me know if any one have idea about this. Regards, Ron ___ FreeIPA-users mailing list -- freeipa-users@lists.fedora

[Freeipa-users] Re: IPA-Resetup

Ronald Wimmer via FreeIPA-users wrote: > Hi, > > is there a way to export all IPA configuration and import it on a new > server? For instance to resetup everything from scratch or if purchasing > forces us to switch to a completely different distro. The typical way to move an IPA installation to

[Freeipa-users] Re: Old users cannot login to new freeIPA client machine

On Wed, Mar 10, 2021 at 12:05:27PM -, Sam Bell via FreeIPA-users wrote: > Yeah the password is right. > On a separate note, on the client machine I had login problem on both > Ubuntu(installed before) > and Fedora. So the problem could be with server. > > For pre-authentication I used follow

[Freeipa-users] Re: Replication broken

On 3/9/21 10:59 AM, Antoine Gatineau via FreeIPA-users wrote: I could rebuild my cluster from backup before the upgrade to CentOS Stream. So I'll be able to work from there. On Mon, 2021-03-08 at 17:41 +0100, Antoine Gatineau via FreeIPA-users wrote: Hello, I'm on freeipa 4.9.0 on CentOS Strea

[Freeipa-users] Re: Old users cannot login to new freeIPA client machine

Thanks for the comment. I did it after checking the logs showing pre-authentication error. While searching online, I found this thread (https://sssd-users.fedorahosted.narkive.com/JkDs5m3z/sssd-authentication-fails-with-cannot-read-password-after-upgrading-to-1-14). However, it doesn't help, a

[Freeipa-users] Re: Old users cannot login to new freeIPA client machine

On ke, 10 maalis 2021, Sam Bell via FreeIPA-users wrote: Yeah the password is right. On a separate note, on the client machine I had login problem on both Ubuntu(installed before) and Fedora. So the problem could be with server. For pre-authentication I used following commands: # kadmin.local k

[Freeipa-users] Re: FreeIPA Active Directory trust configuration issues

On ke, 10 maalis 2021, iulian roman via FreeIPA-users wrote: On ti, 09 maalis 2021, iulian roman via FreeIPA-users wrote: Han Boetes (Han on #freeipa) did build Samba against MIT Keberos some time ago to experiment with a similar stuff but he runs IPA DC on Fedora and only needs Samba domain mem

[Freeipa-users] Re: Old users cannot login to new freeIPA client machine

Yeah the password is right. On a separate note, on the client machine I had login problem on both Ubuntu(installed before) and Fedora. So the problem could be with server. For pre-authentication I used following commands: # kadmin.local kadmin.local: modprinc +requires_preauth testuser Principal

[Freeipa-users] Re: Old users cannot login to new freeIPA client machine

On Wed, Mar 10, 2021 at 07:06:34AM -, Sam Bell via FreeIPA-users wrote: > Thanks for the reply. > Following are the details: > Server ip: 192.168.0.245 > Client : 192.168.0.248 > krb5_child.log content: ... > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067

[Freeipa-users] Re: FreeIPA Active Directory trust configuration issues

> On ti, 09 maalis 2021, iulian roman via FreeIPA-users wrote: > > Han Boetes (Han on #freeipa) did build Samba against MIT Keberos some > time ago to experiment with a similar stuff but he runs IPA DC on Fedora > and only needs Samba domain members on Ubuntu: > https://launchpad.net/~hboetes/+arc

[Freeipa-users] IPA-Resetup

Hi, is there a way to export all IPA configuration and import it on a new server? For instance to resetup everything from scratch or if purchasing forces us to switch to a completely different distro. Cheers, Ronald ___ FreeIPA-users mailing list --