Re: [Freeipa-users] Install best practice -

2016-05-29 Thread Ben .T.George 
Hi

thanks for the reply.

"the easiest would be to create a zone and delegating that to the ipa
hosts. No other change necessary."

can you explain little more. You mean need to create separate DNS zone ?

regards,
Ben

On Sun, May 29, 2016 at 9:11 PM, Natxo Asenjo 
wrote:

>
>
> On Sun, May 29, 2016 at 7:11 PM, Ben .T.George 
> wrote:
>
>> Hi
>>
>> I would like to know how can i proceed with best practices
>>
>> My AD domain is : corp.examle.com.kw
>> My DNS (appliances ) : kw.test.com
>>
>> All my clients are pointed to kw.test.com including AD.
>>
>> How can i proceed with Free IPA installation? where i need to manage DNS
>> of freeipa master server?
>>
>>
>> creating new DNS zone in kw.test.com will be little bit difficult.
>>
>> which will be best configuration with minimal changes in existing setup.
>>
>
> the easiest would be to create a zone and delegating that to the ipa
> hosts. No other change necessary.
>
> Not sure if this is a 'best practice', but this is how we have been
> running our environment for years without any problems.
>
> --
> regards,
> Natxo
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Install best practice -

2016-05-29 Thread Natxo Asenjo 
On Sun, May 29, 2016 at 7:11 PM, Ben .T.George 
wrote:

> Hi
>
> I would like to know how can i proceed with best practices
>
> My AD domain is : corp.examle.com.kw
> My DNS (appliances ) : kw.test.com
>
> All my clients are pointed to kw.test.com including AD.
>
> How can i proceed with Free IPA installation? where i need to manage DNS
> of freeipa master server?
>
>
> creating new DNS zone in kw.test.com will be little bit difficult.
>
> which will be best configuration with minimal changes in existing setup.
>

the easiest would be to create a zone and delegating that to the ipa hosts.
No other change necessary.

Not sure if this is a 'best practice', but this is how we have been running
our environment for years without any problems.

-- 
regards,
Natxo
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Install best practice -

2016-05-29 Thread Ben .T.George 
Hi

I would like to know how can i proceed with best practices

My AD domain is : corp.examle.com.kw
My DNS (appliances ) : kw.test.com

All my clients are pointed to kw.test.com including AD.

How can i proceed with Free IPA installation? where i need to manage DNS of
freeipa master server?


creating new DNS zone in kw.test.com will be little bit difficult.

which will be best configuration with minimal changes in existing setup.

Regards,
Ben
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Centos 7.2 ipa-backup failure

2016-05-29 Thread Ken Bass 
Today I tried my very first ipa-backup attempt. The command reported 
'The ipa-backup command was successful'


YET  I saw:

/usr/sbin/db2ldif: line 157: 22567 Segmentation fault /usr/sbin/ns-slapd 
db2ldif -D /etc/dirsrv/slapd-DOMAIN-NET -n userRoot -a "/var/l

ib/dirsrv/slapd-DOMAIN-NET/ldif/DOMAIN-NET-userRoot.ldif" -r

I am running Centos 7.2. After googling, I did find -
https://fedorahosted.org/freeipa/ticket/5571
https://fedorahosted.org/389/ticket/48388

How am I supposed to backup this box? I want to run the backup-script 
nightly to generate the tarball so I can use another script to backup it 
up along with other stuff. It is a small system with no replication.


As a Centos 7.2 user am I just out of luck since it appears the various 
bugs I am encountering with this software are not being fixed except in 
newer versions of freeipa and sssd which are not available

via the standard repos?

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] EXAMPLE.COM IPA CA Import /etc/httpd/alias

2016-05-29 Thread Günther J . Niederwimmer 
Hello
I found any Help for the IPA Certificate but I found no way to import the IPA 
CA ?
I like to create a webserver with a owncloud virtualhost and other..

But it is for me not possible to create the /etc/httpd/alias correct ?

I found this in IPC DOCS
 
certutil -A -d . -n 'EXAMPLE.COM IPA CA' -t CT,, -a < /etc/ipa/ca.crt

but with this command line I have a Error /etc/ipa/ca.crt have wrong format ?

Have any a link with a working example

Thanks,
-- 
mit freundlichen Grüßen / best regards,

  Günther J. Niederwimmer

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project