First I'll undo the oVirt/FreeIPA relationship:
# engine-manage-domains -action=delete -domain=hackunix.org
...
Manage Domains completed successfully
# service ovirt-engine restart
oVirt works with internal domain and admin user.
Now let's uninstall FreeIPA:
# pkidestroy -s CA -i pki
> Did you restart all IPA services including KDC after you changed the minssf?
Yes, tried many combinations of restarts and reboots trying to undo the
breakage.
I found a similar thread on here ("sudden ipa errors") where someone spent a
lot of time debugging when suddenly RH support came back
On 05/07/2013 07:08 PM, Derek Moore wrote:
> I'm running FreeIPA 3.2.0 Beta 1 in Fedora 19 Alpha, and I'm running
> oVirt 3.3.0 pre-Beta in Fedora 18.
>
> In order to get oVirt's JGSS crap to work with FreeIPA, I had to
> change nsslapd-minssf to 1 (apparently a known issue right now in
> OpenJDK).
I'm running FreeIPA 3.2.0 Beta 1 in Fedora 19 Alpha, and I'm running oVirt
3.3.0 pre-Beta in Fedora 18.
In order to get oVirt's JGSS crap to work with FreeIPA, I had to change
nsslapd-minssf to 1 (apparently a known issue right now in OpenJDK). But
this setting seems to break ipa CLI, and when I c
Simo Sorce wrote:
On Tue, 2013-05-07 at 18:34 +0200, Martin Kosek wrote:
On 05/07/2013 04:41 PM, Rob Crittenden wrote:
See the commit message for all the gory details but the bottom line is that
mod_auth_kerb doesn't work with DIR ccache which is the default in the latest
krb5 builds.
rob
L
Prompt for nameserver IP address in dnszone-add
https://fedorahosted.org/freeipa/ticket/3603
--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.
From fff763bc0fa4d996b14d9d6298ed7dd79e69255e Mon Sep 17 00:00:00 2001
From: Ana Krivokapic
Date: Tue, 7 May 2013 19:37
On Tue, 2013-05-07 at 18:34 +0200, Martin Kosek wrote:
> On 05/07/2013 04:41 PM, Rob Crittenden wrote:
> > See the commit message for all the gory details but the bottom line is that
> > mod_auth_kerb doesn't work with DIR ccache which is the default in the
> > latest
> > krb5 builds.
> >
> > rob
On 05/07/2013 04:41 PM, Rob Crittenden wrote:
> See the commit message for all the gory details but the bottom line is that
> mod_auth_kerb doesn't work with DIR ccache which is the default in the latest
> krb5 builds.
>
> rob
>
Looks OK (just reading it).
This fixes just new server install. Wh
https://fedorahosted.org/freeipa/ticket/3591
--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.
From 8678fbd3191d143bd6e5ac2e78ec0895002eb706 Mon Sep 17 00:00:00 2001
From: Ana Krivokapic
Date: Tue, 7 May 2013 17:11:12 +0200
Subject: [PATCH] Do not display success
On 04/16/2013 10:40 AM, Petr Spacek wrote:
> Hello,
>
> Disallow all dynamic updates if update policy configuration failed.
>
> Without this patch the old update policy stays in effect
> when re-configuration failed.
>
ACK.
The patch looks good. (I didn't do functional test)
Regards,
Tomas
See the commit message for all the gory details but the bottom line is
that mod_auth_kerb doesn't work with DIR ccache which is the default in
the latest krb5 builds.
rob
>From 0f130c2a42d51ca86b33ffd70bb6f574f3abb4cf Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Tue, 7 May 2013 10:33:55
The FreeIPA team is proud to announce version FreeIPA v3.1.4.
It can be downloaded from http://www.freeipa.org/page/Downloads. The new
version has also been built for Fedora 18 and is on its way to updates-testing:
https://admin.fedoraproject.org/updates/freeipa-3.1.4-1.fc18
== Highlights in 3.1.
On Mon, 2013-05-06 at 19:56 +0200, Petr Spacek wrote:
> Hello list,
>
> heads up - we have some problems with Cyrus SASL in Fedora 19.
>
> SASL connections via Unix socket are failing with weird error:
>
> (Note the 'SOCKET' piece.)
>
> $ ldapsearch -Y GSSAPI -H 'ldapi://%2fvar%2frun%2fslapd-TE
On 05/07/2013 01:15 PM, Sumit Bose wrote:
> On Tue, May 07, 2013 at 01:02:02PM +0200, Petr Viktorin wrote:
>> Hello,
>> The patch for resolving SIDs added a dependency on a package that
>> isn't available in Fedora 18. This makes the dependency optional.
>>
>> Obviously the SID resolution won't wor
On Tue, May 07, 2013 at 01:02:02PM +0200, Petr Viktorin wrote:
> Hello,
> The patch for resolving SIDs added a dependency on a package that
> isn't available in Fedora 18. This makes the dependency optional.
>
> Obviously the SID resolution won't work in f18, but IPA should be
> installable.
ACK
Hello,
The patch for resolving SIDs added a dependency on a package that isn't
available in Fedora 18. This makes the dependency optional.
Obviously the SID resolution won't work in f18, but IPA should be
installable.
--
PetrĀ³
From 9e9b34d0891bdae22da048d844deb5a293c2d0af Mon Sep 17 00:00:00
On 04/09/2013 03:39 PM, Petr Spacek wrote:
> Hello,
>
> Treat syntax errors in LDAP filters as fatal.
>
> Filters are hardcoded at the moment, this is preventive action.
>
ACK.
The patch looks good. (I didn't do functional test)
Regards,
Tomas Hozza
On 04/09/2013 03:27 PM, Petr Spacek wrote:
> Hello,
>
> Improve LDAP error logging.
>
> Diagnostic error message is logged when it is available.
>
>
> Plugin with this patch produces messages like:
>
> LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind
> to LDAP server fail
18 matches
Mail list logo