[Freeipa-users] Re: IPA and AD users

On Wed, Mar 5, 2025 at 6:16 PM Ronald Wimmer via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > > We have a trust between the ipa domain (ipa.mydomain.at) and some AD > domain (windows.mydomain.at). > > A user 'userxy' exists in both domains. > > use...@windows.mydomain.at is not ma

[Freeipa-users] IPA and AD users

We have a trust between the ipa domain (ipa.mydomain.at) and some AD domain (windows.mydomain.at). A user 'userxy' exists in both domains. use...@windows.mydomain.at is not mapped into IPA as described in https://access.redhat.com/solutions/1506103 ipadomainresolutionorder is set to windows

[Freeipa-users] freeipa server authentication for samba

freeipa server (hub) = RHEL7 compute and disk server (node0) = RHEL8 secondary comuter server (node1) = RHEL7 Both node0 and node1 have been enrolled as ipa-clients. Users can login with thier credentials. Now I want to start a samba share on node0 and have users authenticate with the credentia

[Freeipa-users] Re: Proper Approach to Extending LDAP Schema for GPC Storage in FreeIPA

On 05/03/2025 12:47, Данила Скачедубов via FreeIPA-users wrote: I am trying to replicate the Organizational Unit (OU) structure similar to Samba in my LDAP database by adding attributes such as distinguishedName, gPLink, and others. Using ldapmodify, I was able to add these attributes to the or

[Freeipa-users] Re: ipa: ERROR: No valid Negotiate header in server response

Le 05/03/2025 à 14:57, Florence Blanc-Renaud a écrit : Hi, On Wed, Mar 5, 2025 at 11:55 AM Frederic Ayrault mailto:f...@lix.polytechnique.fr>> wrote: Bonjour, Sorry I explained myself badly, I was thinking of the "final" step after - ipa-getkeytab -r -p 'HTTP/ipa4.lix.p

[Freeipa-users] Re: ipa: ERROR: No valid Negotiate header in server response

Hi, On Wed, Mar 5, 2025 at 11:55 AM Frederic Ayrault wrote: > Bonjour, > > Sorry I explained myself badly, I was thinking of the "final" step after > - ipa-getkeytab -r -p 'HTTP/ipa4.lix.polytechnique...@lix.polytechnique.fr' > -D cn=directory\ manager -w Secret123 -k /tmp/gssproxy.keytab > - kl

[Freeipa-users] Re: Proper Approach to Extending LDAP Schema for GPC Storage in FreeIPA

I don't know why, but my message was sent as an attached html file lol, I'm attaching the text again, sorry. Thanks. Hello FreeIPA users, I am trying to replicate the Organizational Unit (OU) structure similar to Samba in my LDAP database by adding attributes such as distinguishedName, gPLink, and

[Freeipa-users] Re: Deadlock in directory server,

Hello Thierry, No, I'm not sure it's related to a version upgrade. In fact, what happens is that I change my network topology last week. And because of that, reinstall the freeipa server to have a clean installation. Current version after the reinstallation was : 389-ds-base-libs-3.1.1-3.fc41.x

[Freeipa-users] Re: Button placement of automembership rebuild in GUI

Hi Ronald, According to the documentation, the `automember_rebuid` API command can take a list of hosts and users as arguments to perform the operation. So I guess it was originally placed in those pages to keep consistency w

[Freeipa-users] Re: ipa: ERROR: No valid Negotiate header in server response

Bonjour, Sorry I explained myself badly, I was thinking of the "final" step after - ipa-getkeytab -r -p 'HTTP/ipa4.lix.polytechnique...@lix.polytechnique.fr' -D cn=directory\ manager -w Secret123 -k /tmp/gssproxy.keytab - klist -kte /tmp/gssproxy.keytab - KRB5_TRACE=/dev/stderr  kinit -kt /var

[Freeipa-users] Re: Deadlock in directory server,

Hello Laurent, I opened an upstream ticket [1]. Please feel free to update it with technical details. That is a good news that there is valid workaround. My understanding is that the topology was quite stable and you started to see deadlocks after an upgrade (specifically 389-ds-base). Do you

[Freeipa-users] Re: ipa: ERROR: No valid Negotiate header in server response

Hi, On Fri, Feb 28, 2025 at 2:40 PM Frederic Ayrault wrote: > Bonjour, > > Sorry for the late answer, look like it is working (I put the log > hereafter) > > One of my replica is down because of electrical problems so I prefer to > wait before replacing /var/lib/ipa/gssproxy/http.keytab > > To a