I'm running FreeIPA 3.2.0 Beta 1 in Fedora 19 Alpha, and I'm running oVirt
3.3.0 pre-Beta in Fedora 18.
In order to get oVirt's JGSS crap to work with FreeIPA, I had to change
nsslapd-minssf to 1 (apparently a known issue right now in OpenJDK). But
this setting seems to break ipa CLI, and when I
Did you restart all IPA services including KDC after you changed the minssf?
Yes, tried many combinations of restarts and reboots trying to undo the
breakage.
I found a similar thread on here (sudden ipa errors) where someone spent a
lot of time debugging when suddenly RH support came back
started out with
in /etc/hosts... Let me read what the install script is expecting here...
brb
On Tue, May 7, 2013 at 10:04 PM, Derek Moore derek.p.mo...@gmail.comwrote:
Did you restart all IPA services including KDC after you changed the
minssf?
Yes, tried many combinations of restarts
Setting /etc/hostname manually and several restarts and reboots later, I
finally got the install to work (mostly) properly again last night.
But I still cannot get the XML-RPC server to function properly, the end of
the install script fails on /usr/sbin/ipa-client-install:
contributions as I become more familiar with this complex integration
product.
Thanks!
Derek
On Wed, May 8, 2013 at 2:15 PM, Rob Crittenden rcrit...@redhat.com wrote:
Derek Moore wrote:
Setting /etc/hostname manually and several restarts and reboots later, I
finally got the install to work
working).
Thanks again for the help, both of you!
On Wed, May 8, 2013 at 4:24 PM, Derek Moore derek.p.mo...@gmail.com wrote:
Hey, that did it! You're the man!
I didn't have to downgrade openldap, just changed /etc/openldap/ldap.conf
to SASL_NOCANON off. This allowed the install script
As someone who has fought with using/modifying/QA'ing unstable FreeIPA
installers from the nightly repos, I wholeheartedly second this motion!
Make sure the oVirt guys get wind of this idea also! ;)
PS: semi-related note — Can FreeIPA be made to consume the CSR that results
from the
sane.
On Thursday, November 14, 2013, Derek Moore wrote:
As someone who has fought with using/modifying/QA'ing unstable FreeIPA
installers from the nightly repos, I wholeheartedly second this motion!
Make sure the oVirt guys get wind of this idea also! ;)
PS: semi-related note — Can FreeIPA
Practically though, I think an idempotent installer opens a lot of cans of
worms. Do we limit some answers to their original? Take for instance the
REALM. Can someone change it on-the-fly? It would have some deep
repercussions. Similarly, changing the hostname. There are all kinds of
corner
Is there an opportunity to also bring in OpenShift Origin, in particular
Broker, which also uses its own BIND with dyndb and/or nsupdate?
Maybe they don't care as much since they use a limited subset of BIND only
for namespace and app subdomains.
Knot DNS looks cool, hadn't heard of these guys
for the first time ever I now
consider MIT Kerberos V stable enough for mission critical environments
which is a huge step forward.
-- Sent from my HP Pre3
--
On Nov 15, 2013 11:44, Derek Moore derek.p.mo...@gmail.comjavascript:_e({},
'cvml', 'derek.p.mo...@gmail.com
hours oriented, which is when I'm usually working and not
tinkering on the fun stuff.
On Wednesday, November 20, 2013, Petr Spacek wrote:
On 15.11.2013 18:30, Derek Moore wrote:
Is there an opportunity to also bring in OpenShift Origin, in particular
Broker, which also uses its own BIND
or in the IPA group here.
I don't see Mark Llama on the mailing list, so you might have to go to IRC
to catch him.
On Wed, Nov 20, 2013 at 8:26 AM, Dmitri Pal d...@redhat.com wrote:
On 11/20/2013 09:15 AM, Derek Moore wrote:
Perhaps whoever wrote these: ?
http://www.freeipa.org/page
I don't see Mark Llama on the mailing list, so you might have to go to IRC
to catch him.
Correction: I was taking Mark's username/handle too literally, he is:
Mark Lamourine markllama at redhat dot com
and he's active on their dev mailing list.
In your descriptions, can you translate all acronyms according to:
http://www.cryptsoft.com/pkcs11doc/v220/group__SEC__5__SYMBOLS__AND__ABBREVIATIONS.html
...and...
http://www.cryptsoft.com/pkcs11doc/v220/group__SEC__10__2__COMMON__ATTRIBUTES.html
E.g., instead of saying
15 matches
Mail list logo
