Re: [Freeipa-users] getcert, multiple alternative names (SANs), and wildcard certificates

On Mon, Apr 03, 2017 at 04:17:13PM -0700, Wim Lewis wrote: > I'm trying to provision a client with a wildcard certificate[1]. I > followed the procedure outlined in [2], but I'm not receiving the > certificate I expect. The certificate's subject DN contains a > wildcard string, but the SAN does

Re: [Freeipa-users] Upgrade from IPA 4.2

On 4 April 2017 at 04:28, Andrey Ptashnik wrote: > Hello, > > We have Centos 7.2 and IPA 4.2 version. > I remember that in previous versions in order to upgrade to the latest one > I had to run IPA upgrade scripts that would separately upgrade LDAP > database. Is that the

Re: [Freeipa-users] subdomain errors

On 4 April 2017 at 01:35, Alexander Bokovoy wrote: > On ma, 03 huhti 2017, Orion Poplawski wrote: > >> On 04/03/2017 09:03 AM, Orion Poplawski wrote: >> >>> On 04/03/2017 02:08 AM, Jakub Hrozek wrote: >>> On Fri, Mar 31, 2017 at 05:08:13PM -0600, Orion Poplawski wrote:

Re: [Freeipa-users] libsemanage updates fail due to AD user with space

On 3 April 2017 at 19:11, Jakub Hrozek wrote: > On Mon, Apr 03, 2017 at 11:00:21AM +1000, Lachlan Musicman wrote: > > > > With SSSD/IPA in use, in a one way trust to AD, and AD users have spaces > in > > their names, libsemanage fails to update: > > > > eg from recent monthly

[Freeipa-users] getcert, multiple alternative names (SANs), and wildcard certificates

I'm trying to provision a client with a wildcard certificate[1]. I followed the procedure outlined in [2], but I'm not receiving the certificate I expect. The certificate's subject DN contains a wildcard string, but the SAN does not. Since the SAN, not the subject name, is the relevant part of

[Freeipa-users] Upgrade from IPA 4.2

Hello, We have Centos 7.2 and IPA 4.2 version. I remember that in previous versions in order to upgrade to the latest one I had to run IPA upgrade scripts that would separately upgrade LDAP database. Is that the same procedure if I need to upgrade from version 4.2? Regards, Andrey -- Manage

Re: [Freeipa-users] ipa_add_ad_memberships_get_next errors

On ma, 03 huhti 2017, Jakub Hrozek wrote: On Mon, Apr 03, 2017 at 06:32:49PM +0300, Alexander Bokovoy wrote: On ma, 03 huhti 2017, Orion Poplawski wrote: > On 04/03/2017 02:10 AM, Alexander Bokovoy wrote: > > On ma, 03 huhti 2017, Jakub Hrozek wrote: > > > On Fri, Mar 31, 2017 at 04:07:16PM

Re: [Freeipa-users] ipa_add_ad_memberships_get_next errors

On Mon, Apr 03, 2017 at 06:32:49PM +0300, Alexander Bokovoy wrote: > On ma, 03 huhti 2017, Orion Poplawski wrote: > > On 04/03/2017 02:10 AM, Alexander Bokovoy wrote: > > > On ma, 03 huhti 2017, Jakub Hrozek wrote: > > > > On Fri, Mar 31, 2017 at 04:07:16PM -0600, Orion Poplawski wrote: > > > > >

Re: [Freeipa-users] subdomain errors

On ma, 03 huhti 2017, Orion Poplawski wrote: On 04/03/2017 09:03 AM, Orion Poplawski wrote: On 04/03/2017 02:08 AM, Jakub Hrozek wrote: On Fri, Mar 31, 2017 at 05:08:13PM -0600, Orion Poplawski wrote: I seem to be having some issues with users/groups that may be leading to errors in the

Re: [Freeipa-users] ipa_add_ad_memberships_get_next errors

On ma, 03 huhti 2017, Orion Poplawski wrote: On 04/03/2017 02:10 AM, Alexander Bokovoy wrote: On ma, 03 huhti 2017, Jakub Hrozek wrote: On Fri, Mar 31, 2017 at 04:07:16PM -0600, Orion Poplawski wrote: I'm seeing messages like this: (Fri Mar 31 13:27:38 2017) [sssd[be[nwra.com]]]

Re: [Freeipa-users] subdomain errors

On 04/03/2017 09:03 AM, Orion Poplawski wrote: > On 04/03/2017 02:08 AM, Jakub Hrozek wrote: >> On Fri, Mar 31, 2017 at 05:08:13PM -0600, Orion Poplawski wrote: >>> I seem to be having some issues with users/groups that may be leading to >>> errors in the subdomain status. Can anyone parse this

Re: [Freeipa-users] subdomain errors

On 04/03/2017 02:08 AM, Jakub Hrozek wrote: > On Fri, Mar 31, 2017 at 05:08:13PM -0600, Orion Poplawski wrote: >> I seem to be having some issues with users/groups that may be leading to >> errors in the subdomain status. Can anyone parse this for me? >> >> (Fri Mar 31 16:54:26 2017)

Re: [Freeipa-users] ipa_add_ad_memberships_get_next errors

On 04/03/2017 02:10 AM, Alexander Bokovoy wrote: > On ma, 03 huhti 2017, Jakub Hrozek wrote: >> On Fri, Mar 31, 2017 at 04:07:16PM -0600, Orion Poplawski wrote: >>> I'm seeing messages like this: >>> >>> (Fri Mar 31 13:27:38 2017) [sssd[be[nwra.com]]] >>> [ipa_add_ad_memberships_get_next]

Re: [Freeipa-users] libsemanage updates fail due to AD user with space

On Mon, Apr 03, 2017 at 11:00:21AM +1000, Lachlan Musicman wrote: > Hola, > > I've reported this issue before (with a different symptom iirc), but > thought I should mention again, as I have no idea how to competently report > it to selinux. > > With SSSD/IPA in use, in a one way trust to AD,

Re: [Freeipa-users] ipa_add_ad_memberships_get_next errors

On ma, 03 huhti 2017, Jakub Hrozek wrote: On Fri, Mar 31, 2017 at 04:07:16PM -0600, Orion Poplawski wrote: I'm seeing messages like this: (Fri Mar 31 13:27:38 2017) [sssd[be[nwra.com]]] [ipa_add_ad_memberships_get_next] (0x0020): There are unresolved external group memberships even after all

Re: [Freeipa-users] subdomain errors

On Fri, Mar 31, 2017 at 05:08:13PM -0600, Orion Poplawski wrote: > I seem to be having some issues with users/groups that may be leading to > errors in the subdomain status. Can anyone parse this for me? > > (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [sysdb_set_cache_entry_attr] > (0x0080):

Re: [Freeipa-users] ipa_add_ad_memberships_get_next errors

On Fri, Mar 31, 2017 at 04:07:16PM -0600, Orion Poplawski wrote: > I'm seeing messages like this: > > (Fri Mar 31 13:27:38 2017) [sssd[be[nwra.com]]] > [ipa_add_ad_memberships_get_next] (0x0020): There are unresolved external > group memberships even after all groups have been looked up on the