with these corresponding nfsidmap messages: Listing my directory as myself on the Ubuntu client, I see:ĭrwx- 18 nobody 4294967294 4096 Oct 25 15:18 rns I have mounted the NFS volume on the clients with a simple: The NFS server (RHEL7) and clients (Ubu16.04, RHEL7) are both enrolled to IPA (with 'Domain=ipa.localdomain’ in /etc/nf). AD forest has domains ‘localdomain’ and ‘student.localdomain’ (my user identity is IPA domain is ‘ipa.localdomain’ RHEL7 clients seem to working fine with a very similar configuration (as far as I can tell). Files and directories show up as ‘nobody’ or an incorrect numerical ID when listed with ‘ls’. I’m running into a problem trying to get Ubuntu (16.04) clients to resolve names/ids on an NFS-mounted filesystem from an NFS server using NFSv4/krb5. We have IPA setup in an AD trust to support our Linux fleet. rverCertSet.12.default.name=Copy Common Name to Subject rverCertSet.12.default.class_id=commonNameToSANDefaultImpl rverCertSet.12.constraint.name=No Constraint rverCertSet.12.constraint.class_id=noConstraintImpl This is the only section in the profile that contains SAN: To sign a CSR that contains *. and *. in the Modified (or cloned and changed in a new profile) that would allow the CA 'caIPAserviceCert', but I'm having some trouble determining what can be
It seems that the default CAACL enforces a profile named When I try to submit this CSR with 'ipa-getcert request' the IPA serverĭenies with: "The service principal for subject alt name
The dns for ' ' is handled by active directory which my IPAĬertificate: CN =, SAN = ,
I'd like to beĪble to add SAN's for a different dns domain than exists in the IPA realm. I have a RHEL7 IPA server installed as a subordinate CA.
0 kommentar(er)
