[Freeipa-users] Centos 7, CA log files, bug report?

Hi, Not sure if this is a bug or if I'm ignorant of the RH world, but when I try to do a fresh IPA install on Centos 7.2, I'm getting failures here: [1/27]: creating certificate server user [2/27]: configuring certificate server instance ipa.ipaserver.install.cainstance.CAInstance: CRITICAL

Re: [Freeipa-users] idoverride-add gives incorrect, inconsistant results?

1.13.0 -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 19 January 2016 at 18:49, Jakub Hrozek wrote: > On Tue, Jan 19, 2016 at 12:23:39AM +, Simpson Lachlan wrote: > > Since I got the service back up and running,

Re: [Freeipa-users] idoverride-add gives incorrect, inconsistant results?

is, "We've always done it this way." - Grace Hopper On 22 January 2016 at 11:17, Lachlan Musicman <data...@gmail.com> wrote: > No, I've not updated to 1.13.0-41 - I do the "yum upgrades" relatively > frequently, I don't think it's in the repos yet. > > cheer

Re: [Freeipa-users] idoverride-add gives incorrect, inconsistant results?

<jhro...@redhat.com> wrote: > On Wed, Jan 20, 2016 at 09:15:47AM +1100, Lachlan Musicman wrote: > > 1.13.0 > > I suspect it's 7.2, then. Did you alrady update to the latest available > version (1.13.0-41)? If yes, do you have logfiles? > > See https://fedorahost

[Freeipa-users] SSSD, sudo and FQDNs

Hola, We couldn't get sssd and sudo to work and discovered this on the SSSD troubleshooting page: https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO#Knownissues Is this on the radar to be solved at all or is it unsolvable? Cheers L. -- The most dangerous phrase in the language is,

[Freeipa-users] AD group membership

Hi, We seem to have some progress, after reading this blog post about sssd performance tuning. https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/ So now we see that on the FreeIPA server, everything is stable and always produces the results we

[Freeipa-users] File user and group ownership listings...

Now that groups are working as expected, we have noticed that when listing a directory the user and group now have full domain qualifiers. This doesn't look great. We've also noticed that we now need to chown :group@subdomain filename (with default_domain_suffix set). Is there a reason why

[Freeipa-users] HBAC access denied, all AD groups not detected

FWIW, We are seeing the issues that are described here: https://www.redhat.com/archives/freeipa-users/2015-December/msg00046.html I was about to write when I found this, it explains exactly what I am seeing - right down to the "impossible to reproduce because it's so (seemingly) random". I am

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

.x86_64 -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 17 May 2016 at 22:34, Jakub Hrozek <jhro...@redhat.com> wrote: > On Tue, May 17, 2016 at 03:08:37PM +1000, Lachlan Musicman wrote: > > FWIW, > &g

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

lookup failed cheers L. -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 18 May 2016 at 08:35, Lachlan Musicman <data...@gmail.com> wrote: > Hmmm, I also now see > > https://fedorahosted.org/sssd/

[Freeipa-users] AD Primary Groups are ignored in FreeIPA?

Hola, We have an interesting scenario that is hard to find any information on. Due to permission restrictions, a NAS that is mounted and visible by both AD and 'nix clients, every user belongs to a particular primary group. When we try doing idoverride's on the groups, it fails with the Primary

[Freeipa-users] After successful ipa-client-install, sssd not used?

Hola, We successfully installed ipa-server, and then successfully joined an AD in a one way trust. All in IPA are Centos 7.2 latest updates. I can successfully get info from AD by using: $id username on the server. I can successfully *join* the new ipa server with a client using

[Freeipa-users] Error in selinux child: libsemanage can't parse spaces in AD user names

Hey, While hunting this sssd/hbac/AD user problem, I noticed in the selinux_child.log a lot of errors that look like this: (Thu Jul 14 09:40:29 2016) [[sssd[selinux_child[5446 [libsemanage] (0x0020): could not parse seuser record (Thu Jul 14 09:40:29 2016) [[sssd[selinux_child[5446

Re: [Freeipa-users] HBAC and AD users

On 14 July 2016 at 17:44, Sumit Bose <sb...@redhat.com> wrote: > On Thu, Jul 14, 2016 at 11:47:41AM +1000, Lachlan Musicman wrote: > > Ok, I have some logs of sssd 1.13.0 not working. Same values as before: > > > > FreeIPA server: Centos 7, ipa 4.2, API_VERSION 2.156

Re: [Freeipa-users] IPA HBAC access using SSSD for user in trusted AD domain (RHEL 6.8)

This is exactly the issue I'm seeing too, various differences, but the symptoms are the same. Main diff would be that sometimes stopping sssd, clearing cache and restarting sssd works, but only if individual AD domain members are added to the external group - not AD domain groups. Cheers L.

Re: [Freeipa-users] HBAC and AD users

Hopper On 12 July 2016 at 09:08, Lachlan Musicman <data...@gmail.com> wrote: > Alex, Sumit, > > Which log levels would you recommend for sssd to help debug this issue? > > We've been using 7, but I just realised that it's not an increasing scale > but bitmasked... > > che

Re: [Freeipa-users] HBAC and AD users

rote: > On Fri, Jul 15, 2016 at 01:07:00PM +1000, Lachlan Musicman wrote: > > I've updated all the relevant hosts and the FreeIPA server to the COPR > sssd > > 1.14.0 release and the problem seems to have disappeared. > > Great, but please keep an eye on the machine, the

Re: [Freeipa-users] Error in selinux child: libsemanage can't parse spaces in AD user names

will be able to check it then? Cheers L. -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 15 July 2016 at 20:17, Lachlan Musicman <data...@gmail.com> wrote: > Wont be able to check until Monday morning (Australia's we

Re: [Freeipa-users] HBAC and AD users

wrote: > On Fri, Jul 15, 2016 at 01:07:00PM +1000, Lachlan Musicman wrote: > > I've updated all the relevant hosts and the FreeIPA server to the COPR > sssd > > 1.14.0 release and the problem seems to have disappeared. > > Great, but please keep an eye on the machine, the 1.

Re: [Freeipa-users] HBAC and AD users

done it this way." - Grace Hopper On 19 July 2016 at 11:13, Lachlan Musicman <data...@gmail.com> wrote: > Ok, the bad news is that it didn't last. We are still having the same > problem - HBAC is rejecting users because not all jobs are being discovered > on the host. > &

Re: [Freeipa-users] HBAC and AD users

On 19 July 2016 at 16:40, Jakub Hrozek <jhro...@redhat.com> wrote: > On Tue, Jul 19, 2016 at 11:26:02AM +1000, Lachlan Musicman wrote: > > I think the thing that frustrates the most is that id u...@domain.com is > > returning correct data on both but they can't loginand

Re: [Freeipa-users] HBAC and AD users

06AM +1000, Lachlan Musicman wrote: > > On 19 July 2016 at 16:40, Jakub Hrozek <jhro...@redhat.com> wrote: > > > > > On Tue, Jul 19, 2016 at 11:26:02AM +1000, Lachlan Musicman wrote: > > > > I think the thing that frustrates the most is that id > u...@domain

Re: [Freeipa-users] Error in selinux child: libsemanage can't parse spaces in AD user names

done it this way." - Grace Hopper On 15 July 2016 at 18:05, Jakub Hrozek <jhro...@redhat.com> wrote: > On Fri, Jul 15, 2016 at 08:59:43AM +0200, Lukas Slebodnik wrote: > > On (15/07/16 12:56), Lachlan Musicman wrote: > > >This line: > > > > > >We have S

Re: [Freeipa-users] HBAC and AD users

per On 11 July 2016 at 17:15, Sumit Bose <sb...@redhat.com> wrote: > On Mon, Jul 11, 2016 at 04:55:37PM +1000, Lachlan Musicman wrote: > > On 11 July 2016 at 16:44, Alexander Bokovoy <aboko...@redhat.com> wrote: > > > > > On Mon, 11 Jul 2016, Lachlan Musicman wr

Re: [Freeipa-users] HBAC and AD users

I've updated all the relevant hosts and the FreeIPA server to the COPR sssd 1.14.0 release and the problem seems to have disappeared. Cheers L. -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 15 July 2016 at 10:09, Lachlan Musi

Re: [Freeipa-users] Error in selinux child: libsemanage can't parse spaces in AD user names

is, "We've always done it this way." - Grace Hopper On 15 July 2016 at 11:27, Lachlan Musicman <data...@gmail.com> wrote: > Hey, > > While hunting this sssd/hbac/AD user problem, I noticed in the > selinux_child.log a lot of errors that look like this: > >

Re: [Freeipa-users] HBAC and AD users

On 11 July 2016 at 16:44, Alexander Bokovoy <aboko...@redhat.com> wrote: > On Mon, 11 Jul 2016, Lachlan Musicman wrote: > >> Hola, >> >> Centos 7, up to date. >> >> [root@linuxidm ~]# ipa --version >> VERSION: 4.2.0, API_VERSION: 2.156 >> &

[Freeipa-users] HBAC and AD users

Hola, Centos 7, up to date. [root@linuxidm ~]# ipa --version VERSION: 4.2.0, API_VERSION: 2.156 One way trust is successfully established, can login with ssh usern...@domain1.com@server1.domain2.com Am testing to get HBAC to work. I've noticed that with the Allow All rule in effect, the

Re: [Freeipa-users] Unable to ssh after establishing trust

Have you set up the external group and internal group as required in IPA? The server you are trying to log into - you have added this to the IPA server using ipa-client-install? When you are logged into the server that you want to login to as root (or local user), does `id user@ad_domain.com`

[Freeipa-users] AD PDC change

Can I just confirm - the IT team are about to migrate our PDC across town. I presume that the trust relationship is with the domain, not the actual machine itself. So our IPA server will just see the new PDC and everything will be smooth? No need to change any config or create a new trust?

[Freeipa-users] sssd stopping randomly

We are seeing SSSD in a failed state at random intervals. Using the 1.14.0 COPR repo on Centos 7, FreeIPA 4.2 Unfortunately it's not something we want to reproduce and I'd turned the debug logs off because of their size. I'm turning them back on one by one as the crashes happen. The only thing

Re: [Freeipa-users] Is WinSync A Bad Choice?

On 2 February 2017 at 09:19, Jason B. Nance wrote: > >- User/group management in general becomes largely a command-line > operation (such as mapping groups so they can be used in HBAC and sudo > rules) > > While this is a nice-to-have, it isn't a deal breaker. > This

Re: [Freeipa-users] Is WinSync A Bad Choice?

On 2 February 2017 at 09:51, Martin Basti <mba...@redhat.com> wrote: > > On 01.02.2017 23:44, Lachlan Musicman wrote: > > > > (aside: does FreeIPA have plans to move toward PatternFly? > http://www.patternfly.org/ ) > > > Unless I missed something, FreeIPA 4

Re: [Freeipa-users] Is WinSync A Bad Choice?

On 2 February 2017 at 10:06, Jason B. Nance wrote: > > >- User/group management in general becomes largely a command-line >> operation (such as mapping groups so they can be used in HBAC and sudo >> rules) >> >> While this is a nice-to-have, it isn't a deal breaker. >> >

Re: [Freeipa-users] FreeIPA installation on centos 7

On 4 February 2017 at 02:40, deepak dimri wrote: > Thanks Rob > > Is there a place/link i can download the release for centos 7? > > Amit, You can get them from the vault: http://vault.centos.org/7.2.1511/updates/x86_64/Packages/ I've still not done a

[Freeipa-users] security, sssd, pam and web apps

Hi, We have a new rstudio server that we'd like to have FreeIPA manage Auth on. sssd works - I can login with my appropriate credentials via cli, but the web interface doesn't accept the creds. I've read http://www.freeipa.org/page/Web_App_Authentication#PAM_service but we don't want to create

Re: [Freeipa-users] Error in selinux child: libsemanage can't parse spaces in AD user names

On 18 July 2016 at 18:26, Jakub Hrozek <jhro...@redhat.com> wrote: > On Mon, Jul 18, 2016 at 09:33:35AM +1000, Lachlan Musicman wrote: > > Ok, I've just spoken with my colleague that has been involved in the IPA > > roll out, and he said he thought that override_sp

[Freeipa-users] sssd stops after nss crashes

We saw another sssd crash on the weekend (well, Friday night). Centos 7, sssd 1.14.0 from COPR Everything has worked fine for over a month until Friday. According to the log sssd_nss on the host in question: - at about 16:18, watchdog_handler killed a process for a timer overflow. - there is

Re: [Freeipa-users] sssd stops after nss crashes

that is important for the patients & etc. Cheers L. -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 12 September 2016 at 20:28, Lukas Slebodnik <lsleb...@redhat.com> wrote: > On (12/09/16 11:09), Lachlan Musicman w

[Freeipa-users] HBAC doesn't work issues

I must have made an error again: - ipa hbactest gives seemingly correct answer on both server and client - user can't actually use sudo on client? Centos 7, freeipa 4.2.o/2.156; sssd 1.14.1 from COPR >From the server: [root@vmdv-linuxidm1 ~]# ipa hbactest --user=lsimp...@petermac.org.au

[Freeipa-users] In webgui, ID Views slow, to crashingly slow

Hi Sometimes when I visit the ID Views page in the webgui, it is crushingly slow, and often it times out. Centos 7, ipa --version VERSION: 4.2.0, API_VERSION: 2.156 Is there a reason, can I do something to fix this? cheers L. -- The most dangerous phrase in the language is, "We've always

[Freeipa-users] sssd.conf - the server and host-client relationship

Hola, What is the relationship between the IPA server, host-clients and the sssd.conf? >From what I can tell, sssd.conf is edited/changed by the ipa-client-install process on the host-client. What level of similarity does there need to be between the two sssd.confs? My server's sssd.conf has a

Re: [Freeipa-users] In webgui, ID Views slow, to crashingly slow

Simpson Lachlan wrote: >>> > > > -Original Message- >>> > > > >>> > > > On 09/19/2016 03:12 AM, Lachlan Musicman wrote: >>> > > > > Hi >>> > > > > >>> > > > > Sometimes when I visit the ID

Re: [Freeipa-users] In webgui, ID Views slow, to crashingly slow

2016 at 09:33:21AM +0300, Alexander Bokovoy wrote: > > On Tue, 20 Sep 2016, Martin Babinsky wrote: > > > On 09/20/2016 12:17 AM, Simpson Lachlan wrote: > > > > > -Original Message- > > > > > > > > > > On 09/19/2016 03:12 AM, Lachla

Re: [Freeipa-users] sssd.conf - the server and host-client relationship

My translations of your comments are in line, if you could correct, I'd appreciate that. On 20 September 2016 at 17:11, Lukas Slebodnik wrote: > >-- > >[domain/unixdev.etc] > >ignore_group_members = True > It was probably set as a result of performance

Re: [Freeipa-users] HBAC doesn't work issues

" - Grace Hopper On 19 September 2016 at 18:21, Lukas Slebodnik <lsleb...@redhat.com> wrote: > On (19/09/16 16:43), Lachlan Musicman wrote: > >I must have made an error again: > > > >- ipa hbactest gives seemingly correct answer on both server and client > &g

Re: [Freeipa-users] HBAC doesn't work issues

(redface) It seems to be working. Thanks -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 20 September 2016 at 09:57, Lachlan Musicman <data...@gmail.com> wrote: > We have one "allow all" sudo rule (

[Freeipa-users] sssd 1.14.1, HBAC still not working?

Hola, I've set up a test domain that's as much as possible the same as the prod domain, and successfully got a one way trust against the AD: cantos 7.2, ipa 4.2.0-15/api2.156, sssd (copr) 1.14.1-3 On that test domain I believe I have HBAC working successfully. Once I could show that it was

Re: [Freeipa-users] Shadow Utils appears in sssd.conf

Slebodnik <lsleb...@redhat.com> wrote: > On (16/11/16 11:46), Lachlan Musicman wrote: > >I don't know what I've done wrong, but when I use ipa-client-install on a > >new host to add to my one way trust domain, I now have a > >[domain/shadowutils] stanza. > > > >

Re: [Freeipa-users] anyone else getting porn spam pretending to be replies to freeipa-users threads?

Gah, just happened to me. Wasn't porn, but was someone called Kimi and the only content was "Heeey Lachlan, how's it going?" L. -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 16 November 2016 at 04:02, Martin Basti

[Freeipa-users] Shadow Utils appears in sssd.conf

I don't know what I've done wrong, but when I use ipa-client-install on a new host to add to my one way trust domain, I now have a [domain/shadowutils] stanza. This first happened a couple of weeks ago, I saw this bug and thought "it will be solved soon".

[Freeipa-users] packet_write_wait: Connection to x.x.x.x port 22: Broken pipe

Hola, I'm getting the above error when trying to login - inconsistently and after the password request. Using debian's openssh 7.3p1-3 going into Centos 7.2, FreeIPA 4.2 and sssd 1.14.2 (from copr). When I google, none of the results seem applicable, but I'm not 100% sure, and testing seems

Re: [Freeipa-users] HBAC Troubleshooting (IPA 4.2)

Jake, I've seen this behaviour and am still struggling to find a solution. The version of underlying OS and sssd are useful to know fwiw. To trouble shoot HBAC: - in *target machine* sssd.conf, add debug_level=7 to each stanza (can go as high as 9, but I believe 7 will be sufficient) -

Re: [Freeipa-users] External (AD) groups and sudo/hbac in IPA 4.2

On 12 October 2016 at 15:23, Robert Sturrock wrote: > Hi All. > > We’re attempting to setup an IPA (4.2) service on RHEL7.2 to provide > better connectivity to our (large) organisational AD service for Linux > clients. > > We have setup IPA and configured a suitable AD trust

Re: [Freeipa-users] sssd 1.14.1, HBAC still not working?

. Is there a special rule about sshd and the ipa-server? cheers L. -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 11 October 2016 at 14:06, Lachlan Musicman <data...@gmail.com> wrote: > Hola, > > I've set up a test domain t

[Freeipa-users] Errors in IPA logs

Hi, I've reported a bug against SSSD and Lukas has pointed to a number of FreeIPA errors in our logs. I've can't find any information on how I might fix these errors or what I might do to mitigate them. Any pointers appreciated: First error: [sssd[be[unixdev.domain.org.au]]]

Re: [Freeipa-users] Adjusting nsslapd-cachememsize

r, I've not tried this on a > recent version of ipa so it may no longer work or not be needed any more. > > Regards > > Bob > > On 17/03/2017 02:20, Lachlan Musicman wrote: > > While going through the logs on the FreeIPA server, I noticed this: > > > WARNING: changelog:

Re: [Freeipa-users] HBAC not working, freeipa 4.4, sssd 1.15.1

Yes. What I do would you like? Current debug levels are at 8 L. On 16 Mar. 2017 7:06 pm, "Jakub Hrozek" <jhro...@redhat.com> wrote: > On Thu, Mar 16, 2017 at 11:36:57AM +1100, Lachlan Musicman wrote: > > I'm experiencing issues with HBAC and I think it's a bug in sssd.

[Freeipa-users] HBAC not working, freeipa 4.4, sssd 1.15.1

I'm experiencing issues with HBAC and I think it's a bug in sssd. Not sure if better to report to here or sssd mailing list. Also sssd in pagure is bare and I didn't want to sully the blank slate. ( https://pagure.io/sssd/issues ) The details: env: CentOS 7.3, FreeIPA 4.4, sssd 1.15.1 from COPR

Re: [Freeipa-users] Errors in IPA logs

On 20 March 2017 at 19:38, Martin Basti <mba...@redhat.com> wrote: > On 19.03.2017 22:58, Lachlan Musicman wrote: > > Hi, > > I've reported a bug against SSSD and Lukas has pointed to a number of > FreeIPA errors in our logs. > I've can't find any information on h

[Freeipa-users] Adjusting nsslapd-cachememsize

While going through the logs on the FreeIPA server, I noticed this: WARNING: changelog: entry cache size 2097152 B is less than db size 12804096 B; We recommend to increase the entry cache size nsslapd-cachememsize. I have found a number of documents: What it is:

Re: [Freeipa-users] HBAC not working, freeipa 4.4, sssd 1.15.1

Which logs do you want from the server? -- The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 16 March 2017 at 20:09, Jakub Hrozek <jhro...@redhat.com> wrote: > On Thu, Mar 16, 2017 at 07:56:58PM +1100, Lachlan Musicman wro

Re: [Freeipa-users] Upgrade from IPA 4.2

On 4 April 2017 at 04:28, Andrey Ptashnik wrote: > Hello, > > We have Centos 7.2 and IPA 4.2 version. > I remember that in previous versions in order to upgrade to the latest one > I had to run IPA upgrade scripts that would separately upgrade LDAP > database. Is that the

Re: [Freeipa-users] libsemanage updates fail due to AD user with space

On 3 April 2017 at 19:11, Jakub Hrozek <jhro...@redhat.com> wrote: > On Mon, Apr 03, 2017 at 11:00:21AM +1000, Lachlan Musicman wrote: > > > > With SSSD/IPA in use, in a one way trust to AD, and AD users have spaces > in > > their names, libsemanage fails to update:

Re: [Freeipa-users] subdomain errors

On 4 April 2017 at 01:35, Alexander Bokovoy wrote: > On ma, 03 huhti 2017, Orion Poplawski wrote: > >> On 04/03/2017 09:03 AM, Orion Poplawski wrote: >> >>> On 04/03/2017 02:08 AM, Jakub Hrozek wrote: >>> On Fri, Mar 31, 2017 at 05:08:13PM -0600, Orion Poplawski wrote:

Re: [Freeipa-users] Centos7/IPA4.2 : disable/enable hosts

On 11 April 2017 at 00:14, Johan Vermeulen wrote: > Hello All, > > just getting started with FreeIPA and one of the first features I'm trying > is adding hosts, something I can't do in our current > ldap-setup. So I'm looking forward to being able to do this. > But after

[Freeipa-users] libsemanage updates fail due to AD user with space

Hola, I've reported this issue before (with a different symptom iirc), but thought I should mention again, as I have no idea how to competently report it to selinux. With SSSD/IPA in use, in a one way trust to AD, and AD users have spaces in their names, libsemanage fails to update: eg from

[Freeipa-users] SSSD bug found? FreeIPA vs SSSD

Hola, On CentOS 7.3, using FreeIPA VERSION: 4.4.0, API_VERSION: 2.213 and sssd (via COPR) 1.15.1, which has a one way trust to an AD domain. unix.name.org -> name.org I've seen some interesting behaviour. Being part of a large organisation with a smaller nix environment and a larger Windows

Re: [Freeipa-users] SSSD bug found? FreeIPA vs SSSD

rozek wrote: > > > On Thu, Mar 09, 2017 at 01:37:46PM +1100, Lachlan Musicman wrote: > > > > Hola, > > > > > > > > On CentOS 7.3, using FreeIPA VERSION: 4.4.0, API_VERSION: 2.213 and > sssd > > > > (via COPR) 1.15.1, which has a one

Re: [Freeipa-users] List SPAM

On 24 April 2017 at 12:24, Prasun Gera wrote: > That doesn't work very well. The spam bots use different emails. And gmail > marks the entire message thread as spam, not just the spam reply. > > On Sun, Apr 23, 2017 at 7:20 AM, Dewangga Bachrul Alam < >

Re: [Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7

Robert, did you look in /var/log/ipaserver-install.log as it says? Was there any other information? cheers L. -- "Mission Statement: To provide hope and inspiration for collective action, to build collective power, to achieve collective transformation, rooted in grief and rage but pointed

Re: [Freeipa-users] ipa-replica-install hangs: starting certificate server instance

We are seeing this. I'm not at work, but I think it's bug report 6766. Patch has already been committed (bot by us), we're waiting for IPA 4.5. cheers L. -- "Mission Statement: To provide hope and inspiration for collective action, to build collective power, to achieve collective

Re: [Freeipa-users] ipa-replica-install hangs: starting certificate server instance

reams." - Patrice Cullors, *Black Lives Matter founder* On 18 May 2017 at 19:34, Lachlan Musicman <data...@gmail.com> wrote: > We are seeing this. I'm not at work, but I think it's bug report 6766. > > Patch has already been committed (bot by us), we're waiting fo

Re: [Freeipa-users] ipa-replica-install hangs: starting certificate server instance

parately? > > On Thu, May 18, 2017 at 10:38 AM Lachlan Musicman <data...@gmail.com> > wrote: > >> https://pagure.io/freeipa/issue/6766 >> >> 4.5.1 - I stand corrected. Can add more tomorrow. >> >> -- >> "Mission Statement: To provide hope

Re: [Freeipa-users] CentOS patch management on FreeIPA server

On 17 May 2017 at 15:23, Lakshan Jayasekara < lakshan.jayasek...@lankaclear.com> wrote: > > Hi All, > > > > I’m using FreeIPA server VERSION: 4.4.0, API_VERSION: 2.213 and running on CentOS 7 and have one replica server as well. I need to patch up centos system as per PCI DSS compliance. Let me