On ke, 12 loka 2016, Robert Sturrock wrote:
Hi All.
We’re attempting to setup an IPA (4.2) service on RHEL7.2 to provide
better connectivity to our (large) organisational AD service for Linux
clients.
We have setup IPA and configured a suitable AD trust (with SID POSIX
mapping) in the hope
On 12 October 2016 at 15:23, Robert Sturrock wrote:
> Hi All.
>
> We’re attempting to setup an IPA (4.2) service on RHEL7.2 to provide
> better connectivity to our (large) organisational AD service for Linux
> clients.
>
> We have setup IPA and configured a suitable AD trust
Hi All.
We’re attempting to setup an IPA (4.2) service on RHEL7.2 to provide better
connectivity to our (large) organisational AD service for Linux clients.
We have setup IPA and configured a suitable AD trust (with SID POSIX mapping)
in the hope that users will be able to access IPA resources
If you just need to join a handful of windows machines to a freeIPA
domain, try with these instructions:
https://www.redhat.com/archives/freeipa-users/2013-September/msg00226.h
tml
Best regards
El mar, 11-10-2016 a las 17:43 -0700, Alan Latteri escribió:
> > > > > I am trying to get this to
Thank you, Rob.
For reference, my full log can be found here: http://pastebin.com/6VLaQjYw
But I would postulate that the interesting bit is this:
> 2016-10-11T22:10:15Z DEBUG stdout=Outgoing update query:
>
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
>
> ;; flags:; ZONE: 0,
I am trying to get this to work, but our Samba server is not the same machine
as out IPA server, and these instructions seem to assume that. Any ideas? All
I need is the 1 windows machine in our network to be able to access our linux
based server, using the same user/pass as that of our IPA
First off... new to the list, thank you in advance for your assistance!
My server is Fedora 24 Server, running in a VirtualBox virtual machine. I
have FreeIPA Server 4.3.2-2.fc24, installed from the standard repositories,
and dnf says it's up to date. FreeIPA has a trust set up with an Windows
Things have been working better (so far) after taking some steps I read here:
https://www.redhat.com/archives/freeipa-users/2016-January/msg00257.html
On Mon, Oct 10, 2016 at 6:48 PM, Fil Di Noto wrote:
> After an IPA server is re-initialized it immediately begins failing
>
Ah, yes, thank you, Alexander.
I agree it would help if I followed the example better.
It would also help if I understood the example so a little description of what
each command does would be very helpful.
It looks like that ACI record does exist.
Now how would I remove these LDAP records?
On ti, 11 loka 2016, John Popowitch wrote:
It doesn't look like there are any entries.
# ldapsearch -x -b 'cn=certprofiles,cn=ca,dc=aws,dc=cappex,dc=com' -s base aci
'ldapsearch -x' is 'use simple authentication instead of SASL' -- given
that you didn't specify any identity for simple
i am using bind-dyndb-ldap on fedora 24 without FreeIPA, and continue to
have my logs swamped with errors about "check failed" from settings.c
and fwd.c. i am completely up to date with every package, so the latest
versions of everything are installed.
[settings.c : 420:
I just joined this list, so if this question has been asked before (and I'll
bet it has), I apologize in advance.
A google search was unrevealing, so I'm asking here: we're running FreeIPA
Version 3.0.0 on CentOS 6.6. It looks like the password complexity
requirements are limited to setting
Here you have example
kinit admin
ldapsearch -Y GSSAPI -b 'cn=certprofiles,cn=ca,dc=,dc=' -s
base aci
On 11.10.2016 17:48, John Popowitch wrote:
Thanks, Martin.
But I'm afraid you've gone beyond my level of LDAP knowledge.
How would I check for that ACI?
-John
*From:*Martin Basti
I have this error in the log of my FreeIPA server freeipa-sea.bpt.rocks:
[11/Oct/2016:09:04:39 -0700] NSMMReplicationPlugin -
agmt="cn=masterAgreement1-seattlenfs.bpt.rocks-pki-tomcat"
(seattlenfs:389): The remote replica has a different database generation
ID than the local database. You may
Thanks, Martin.
But I'm afraid you've gone beyond my level of LDAP knowledge.
How would I check for that ACI?
-John
From: Martin Basti [mailto:mba...@redhat.com]
Sent: Tuesday, October 11, 2016 10:38 AM
To: John Popowitch; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] FreeIPA v4.2 stopped
On 11.10.2016 17:21, John Popowitch wrote:
I agree that is weird.
Several of the other managed permissions are updated successfully and
they are very similar.
Yes, I can try to remove the permission manually.
Is there any risk in corrupting or breaking the system?
This is, I believe, one
I agree that is weird.
Several of the other managed permissions are updated successfully and they are
very similar.
Yes, I can try to remove the permission manually.
Is there any risk in corrupting or breaking the system?
This is, I believe, one of three IPA servers in a multi-master replication.
That's weird because the code is checking if a permission exists before
it tries to add a new one
Can you try to remove 'System: Modify Certificate Profile' manually from
LDAP and re-run ipa-server-upgrade?
On 11.10.2016 15:53, John Popowitch wrote:
2016-10-10T19:51:38Z DEBUG Updating
2016-10-10T19:51:38Z DEBUG Updating managed permission: System: Modify
Certificate Profile
2016-10-10T19:51:38Z DEBUG Destroyed connection context.ldap2_82077392
2016-10-10T19:51:38Z ERROR Upgrade failed with This entry already exists
2016-10-10T19:51:38Z DEBUG Traceback (most recent call last):
On Tue, Oct 11, 2016 at 03:28:55PM +1100, Lachlan Musicman wrote:
> After further testing, I've discovered that the dev system wasn't working
> as well as I thought it was: HBAC and sshd don't seem to be playing well
> together on one server, but fine on the other?
>
> ie, I can run the same
Hi,
you don't specify the version you are using:
If it is 389-ds-base-1.3.4.0-33.el7_2.x86_64
the following may apply:
>>>
we have identified an issue with this version, it includes a fix for
389-ds ticket #48766, which was incomplete and resolved shortly after
the release of this version (it
On 10.10.2016 23:30, John Popowitch wrote:
Hello FreeIPA community.
I've inherited a group of three FreeIPA v4.2 servers on CentOS 7.2.
I had to reboot one of the servers and now IPA won't run saying,
"Upgrade required: please run ipa-server-upgrade command."
But when I run
22 matches
Mail list logo