Is the Cert Store 's CA same ? It same just import again a valid cert then
Should be fine ..
On Thu, Jan 17, 2019 at 11:31 AM Bhavin Vaidya via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hello,
>
> We rebooted our Primary FreeIPA server (ds01) and then it will not start
> pki-
hi all:
https://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
I added the attribute successfully but the plugin of JS fail to display a
field
and cannot save
Any idea now I m using freeipa 4.5 ...seem not same as the pdf using.
Barry
___
Dear all:
I follow the guide of freeipa 3.0 abt web plugin web ui. At command base I
successfully made
a custom attribute called Employee " Commencement Date" . I can add using
script / command.
BUT in web UI , it Display "Commencent date" Label only and cannot
display edit field and allow m
Same Like this Lable no field no edit no save but fine in command base
...any different freeipa4.0 vs 3.0 procedure?
[image: 內置圖片 2]
2017-11-09 14:44 GMT+08:00 Pavel Vomacka :
>
> On 11/08/2017 07:29 AM, barrykfl--- via FreeIPA-users wrote:
>
> Hi,
>
> Dear all:
>
&g
ld:
>
> flags: ['w_if_no_aci']
>
>
> [image: 內置圖片 2]
>
> 2017-11-09 14:44 GMT+08:00 Pavel Vomacka :
>
>>
>> On 11/08/2017 07:29 AM, barrykfl--- via FreeIPA-users wrote:
>>
>> Hi,
>>
>> Dear all:
>>
>> I follow the gu
e in command base
>> ...any different freeipa4.0 vs 3.0 procedure?
>>
>> Do you have IPA 4.x ? Or which version?
>>
>> Try to add following line into the specification of your new field:
>>
>> flags: ['w_if_no_aci']
>>
>>
>> [image: 內置
..@gmail.com wrote:
>>>
>>> Same Like this Lable no field no edit no save but fine in command base
>>> ...any different freeipa4.0 vs 3.0 procedure?
>>>
>>> Do you have IPA 4.x ? Or which version?
>>>
>>> Try to add following line into th
shown.
>>>
>>> section.fields.push({
>>> flags: ['w_if_no_aci']
>>>$type: 'multivalued',
>>>name: 'comDate',
>>> label: 'Commencement Date'
>>>
>>> });
>
array, attr, value) {
for (var i=0,l=array.length; i:
> On to, 09 marras 2017, barrykfl--- via FreeIPA-users wrote:
>
>> Hi:
>>
>> May be I missed write something on JSON..
>>
>> But I can use in command shell successfully. ipa user-mod apigee
>&g
Hi all:
Any one try ha proxy/nginx/ etc LB . I tried use ldirector before.
it seem when A<>B syn if u still load balancing it with different
weight.
May cause not update of one side server ...so finally I only apply HA.
Any one have better LB solution have reference ?
(or it ;s not necessary
);
>>
>> from ipaserver.plugins.user import user
>> from ipalib.parameters import Str
>> from ipalib.text import _
>> from ipalib import _
>> user.takes_params += (
>>Str('comdate?',
>>cli_name='comdate',
>>
anywhere can explain the following RFC of ldap ? I have confuse how come
and must use this ...can I random gen some number ..
2.25.28639311321113238241701611583088740684.14.2.1 < it used custom person
class so if relate to it I should use .2 .3 .4 .5 etc ???
2863931132111323824170161158308874
Hi all:
setup two servers replicas want make HA and backup / restore ..any where
have reference especially backup / restore is necessary.
Regards
Barry
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email
HI:
I already config cluster of 2 servers using corosys and peacemaker.
But the Virtual ip is the resource only.
Is it possible to make ldap 389/639 as a detection of fail then switch?
Regards
Barry
___
FreeIPA-users mailing list -- freeipa-users@l
Dear all:
two servers replica but the latter one become unstable.
I success promote a client to replcia master .
but after reboot the response is slow and the certomanger start fail
and remote login ssh very slow delay half minuets
boot log found certmanger fail to start and login service fail
c.d/rc.local Compatibility.
Starting Wait for Plymouth Boot Screen to Quit...
Starting Terminate Plymouth Boot Screen...
2017-11-28 16:20 GMT+08:00 Florence Blanc-Renaud :
> On 11/28/2017 08:25 AM, barrykfl--- via FreeIPA-users wrote:
>
>> Dear all:
>>
>&g
Dear all:
Simple question ..Is this command enough to disjoin from an existing IPA
master.?
Want to test some servers.. joined a master is .ipa-client-install
--uninstall
can remove all config from my master server ???
Regards
Barry
___
FreeIPA-u
Hi All:
I did on centos 7 with replication of servers no problem but after install
cluster
I try reboot , it cause cermonger service faul and login serveice fail ,
when I ssh to this A serverit take half minutes or FTP always time out.
After that I have to stop cluster in B server and try stop
Already set a cluster of 2 nodes can work fine
but evey reboot corosync seem conflict with certmonger service and login
service
and cause ssh shell login slow. and idea.? other funct of freeipa / HA
actually is working fine.
It seem will fail login service and zabbix agent also for the corosync.
Hi:
I have the corosyc peacemaker cluster working fine on basic function.
BUt tried to reboot one node the HA work ...but after reboot .
It "sometimes" make certmonger.service fail? 10 times may 6 times fail but
reboot several times it work again.
I discovered that the most case happen together
Hi :
when reboot the server the certomenger.service always fail
It is not cluster just a signle server.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
hi:
Any one has such exp ,certomonger always fail after reboot.
Dbus service / other service seem working fine. Any systemctl cannot run
Also it is not cluster any hints.
systemctl daemon-reload
Error getting authority: Error initializing authority: Error calling
StartServiceByName for org.free
Auto reboot fail , I just try manual bootup cermonger.service still fail
sudo systemctl -f start certmonger.service
Jan 30 11:03:01 dbus[537]: [system] Activating systemd to h
Jan 30 11:03:01 dbus-daemon[537]: dbus[537]: [system] Activ
Jan 30 11:03:13 systemd-logind[2922]: Failed to enable subs
Hi:
Any one find that the log of systemctl | grep running show late in putty?
dirsrv@ABC-COM.service
loaded active running 389 Directory Server ABC.COM.
systemctl | grep running < after reboot type this not show 389 sever need
wait half - 1 min and retype then show .
Regards
Barry
_
Hi :
Anyone has exp to use freeipa 4.0 above as radius server ? e.g want wifi
use radius everyone carry ldap password.
How to implement ? need special plugin ? seem it need new
attribute can generate harsh password and syn with LDAP together ?
Thx and Regards
Barry
__
tity, bind password,
> base_dn) to suit your needs, usually in /etc/raddb/mods-enabled/ldap.
>
>
> HTH
>
> Cheers,
> Giulio
>
> On 6 Feb 2018, at 10:16, barrykfl--- via FreeIPA-users <
>> freeipa-users@lists.fedorahosted.org <mailto:freeipa-us...@lists.fe
&g
Hi: all
I m reading this :
http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_to_service_accounts..html
It need create a service ac under
radius/host.ipa.example.net...@ipa.example.net.au,\
cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' -
BUt which file ldif I sho
yum install freeradius freeradius-utils freeradius-ldap freeradius-krb5
succesfuuly.
But cannot start with following error and idea?
: Unregistered Authentication Agent for unix-process:12922:607417 (system
bus name :1.53, object path /org/freedesktop/PolicyKit1/Au
ref doc:
https://www.freeipa.o
Hi all:
I used to centos 6 freeipa and install PWM together with CA service there
is no problem.
BUt now we change to centos 7 seem PKI Tomcat Server by default will launch
8443 and 8080 port . Now I installed PWM (password manager) but
pki tomcat 8080 port conflict with pwm 's 8080 port , I
Hi all:
any one has better solution of freeipa backup ? assume all ldap db crash
,all ca fail, no backup of cert ...etc but need cleanly install one with
same hostname.
and we have /usr/sbin/ipa-backup ldif backup .
Can I use an old image but restore back ldif such backup?
or any better soluti
月1日 上午7:02 於 "Rob Crittenden" 寫道:
> barrykfl--- via FreeIPA-users wrote:
> > Hi all:
> >
> > any one has better solution of freeipa backup ? assume all ldap db crash
> > ,all ca fail, no backup of cert ...etc but need cleanly install one with
> > same
:19 GMT+08:00 Florence Blanc-Renaud :
> On 03/01/2018 12:10 AM, barrykfl--- via FreeIPA-users wrote:
>
>> any ref. full backup.of 4.5?
>> I only can found v3 . will it recover all cert ca related ? I tried such
>> recover in v3 it seem it broken the relationship of others a
Tried those command before ,,,seem the web page and LDAP separate or I
missed some parts.
it can turn on the ldap but the web page not allow to login ...mostly it
related to ?
2018-03-02 17:24 GMT+08:00 Florence Blanc-Renaud :
> On 01/03/2018 10:37, barrykfl--- via FreeIPA-users wrote:
>
Hi all:
is it possible make the replication server 1 way ?
I got radius/ldap config server in far remote site ..
so no need mutual replication.
remote site just make a slave one way is ok.
Regards
___
FreeIPA-users mailing list -- freeipa-users@lists.
hi :
any timestamp expiry of the ipa backup copy ?
My steps are:
On orginal server , I backup a copy then I shut it down.
Then I reinstall an new one with same host name and I can really
restore from the backup. (test finish)
after that I shutown the new server , and want to get back the orgin
Hi:
I m seeking a replication of master - slave mode of free ipa ?
Is there such mode ? as I saw actually 2 nodes configuration acutally
called master - master .
Regards
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscr
Hi:
I want to make cluster of 3 nodes ...does this graph shown servers need 2
virtual ips if not made single point of failure ?
2018-03-15 18:12 GMT+08:00 Florence Blanc-Renaud :
> On 03/15/2018 11:04 AM, barrykfl--- via FreeIPA-users wrote:
>
>> Hi:
>>
>> I m seeking
So if short time after server 1 recovery it will syn back correct data
right ?
2018-03-15 18:38 GMT+08:00 Florence Blanc-Renaud :
> On 03/15/2018 11:23 AM, barrykfl--- via FreeIPA-users wrote:
>
>> Hi:
>>
>> I want to make cluster of 3 nodes ...does this graph shown serve
Dear all:
I used this migration command migrate users but the user does not work.
IPA is unable to generate Kerberos keys unless provided
with clear text passwords. All migrated users need to
login at https://your.domain/ipa/migration/ before they
can use their Kerberos accounts.
even now i want
all usernames migrated but cannot login even I used
https://your.domain/ipa/migration/ to verified successfully ...It still
say password incorrect.
then I want to delete all burtit said no entry when I press del.
2018-05-22 1:36 GMT+08:00 Rob Crittenden :
> barrykfl--- via FreeIPA-users wr
ot enough information to help you here. The command-line is easier to
> debug in this regard.
>
> rob
>
> >
> > 2018-05-22 1:36 GMT+08:00 Rob Crittenden > <mailto:rcrit...@redhat.com>>:
> >
> > barrykfl--- via FreeIPA-users wrote:
> > &
Hi :
I migrated use commands form ipa 3 to ipa 4
ipa migrate-ds --user-container=cn=users,cn=accounts
--group-container=cn=groups,cn=accounts --with-compat ldap://abc.cde.com:389
Fine I saw everything work entries there ...but I want del account it said
user not found..
(Modify info is ok) ..
; IPA4.0 's admin and migrated 3.0 one which follow old same ID ..same
> situation occur. del fail.
>
> 2018-05-29 21:33 GMT+08:00 Florence Blanc-Renaud :
>
>> On 05/29/2018 12:26 PM, barrykfl--- via FreeIPA-users wrote:
>>
>>>
>>> Hi :
>>>
>&g
ow old same ID ..same
>> situation occur. del fail.
>>
>> 2018-05-29 21:33 GMT+08:00 Florence Blanc-Renaud :
>>
>>> On 05/29/2018 12:26 PM, barrykfl--- via FreeIPA-users wrote:
>>>
>>>>
>>>> Hi :
>>>>
>>>>
>&g
Hi all:
After I migrated to new Servers .using migrateds command..I used
server.com:389 connect and embedded in
3 rd opensource.
I found user can login successfully ...but
the http://server.com/ipa/ui cannot ...
user have to use http://server.com/ipa/migration then can success login the
UI.
So
I used the following command trsnafere acc/group from 3.0 -4.0 successfuly
ipa migrate-ds --bind-dn="cn=Directory Manager"
--user-container=cn=users,cn=accounts
--group-container=cn=groups,cn=accounts
--user-ignore-attribute={krbPrincipalName,krbextradata,krblastfailedauth,krblastpwdchange,krblast
edin Zajko wrote:
> >
> > Hi there,
> >
> > UI uses Kerberos...
> >
> > Regards,
> >
> > ---
> >
> > EZajko
> > @root.ba
> >
> > On Thu, May 31, 2018, 05:48 barrykfl--- via FreeIPA-users <
> freeipa-users@lists.fedorahost
t; guide/migrating_from_a_directory_server_to_ipa
> >>
> >>
> >>
> >> > 340282366920938463463374607431768211456
> >> On Thu, May 31, 2018 at 6:47 AM Ernedin Zajko wrote:
> >> >
> >> > Hi there,
> >> >
> >> > UI
Hi All;
One of server of cluster shutdown for a week now return normal .
But the comes as below:
I already reintialize it worked success but the error keep log in the log
file
it already make the log size big.
The remote replica has a different database generation ID than the local
database.
ERR - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=abc,dc=com does not exist
Any idea ..thx ...no big impact but keep logging error.
Regards
Barry
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe sen
Hi all :
Any idea how to skip boot of smb.server and win bind ...or uninstall them
without affect ..thx
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
ntpd Service: RUNNING
pki-tomcatd Service: RUNNING
smb Service:
51 matches
Mail list logo
