Hi,
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting with krb5 locator based on winbind, make sure there is
conflict that will force removing samba{,4}-winbind-krb5-locator package
when -server-trust-ad subpackage is installed.
Please note that since
Warn about manual DNA plugin configuration when working with local ID ranges
since we currently do not support automatic pick up of the changed
settings for local ID ranges by the DNA plugin.
https://fedorahosted.org/freeipa/ticket/3116
--
/ Alexander Bokovoy
From
Hi,
Domain Admins RID is -512, not -513. Fix the documentation text.
--
/ Alexander Bokovoy
From 152c2f7aae533594599bd86f5779978cf656e600 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Wed, 10 Oct 2012 10:04:25 +0300
Subject: [PATCH 5/5] Fix wrong RID for Domain
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting with krb5 locator based on winbind, make sure there is
conflict that will force removing samba{,4}-winbind-krb5-locator package
when -server-trust-ad subpackage
On 10/09/2012 06:01 PM, Petr Vobornik wrote:
On 10/09/2012 05:26 PM, Petr Viktorin wrote:
On 10/09/2012 05:16 PM, Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/3150
Patch 0086:
I found an old unused function while working on this, the patch
removes it.
Patch 0087:
Replica
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting with krb5 locator based on winbind, make sure there is
conflict that will force removing
On 10/09/2012 04:11 PM, Martin Kosek wrote:
On 10/09/2012 03:48 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/08/2012 09:29 PM, Rob Crittenden wrote:
Martin Kosek wrote:
- Original Message -
From: Rob Crittenden rcrit...@redhat.com
To: Martin Kosek mko...@redhat.com
Cc:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting with krb5 locator based on winbind, make sure there is
conflict
On Wed, Oct 10, 2012 at 10:52:18AM +0300, Alexander Bokovoy wrote:
Hi,
Domain Admins RID is -512, not -513. Fix the documentation text.
--
/ Alexander Bokovoy
ACK
bye,
Sumit
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On Wed, Oct 10, 2012 at 10:51:11AM +0300, Alexander Bokovoy wrote:
Warn about manual DNA plugin configuration when working with local ID ranges
since we currently do not support automatic pick up of the changed
settings for local ID ranges by the DNA plugin.
On Wed, 10 Oct 2012, Sumit Bose wrote:
On Wed, Oct 10, 2012 at 10:51:11AM +0300, Alexander Bokovoy wrote:
Warn about manual DNA plugin configuration when working with local ID ranges
since we currently do not support automatic pick up of the changed
settings for local ID ranges by the DNA
On 9.10.2012 21:31, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/08/2012 05:12 PM, Jan Cholasta wrote:
Hi,
On 20.9.2012 19:38, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
Dne 31.8.2012 19:43, Rob Crittenden napsal(a):
The naming in CS replication agreements is different from IPA
On 10/10/2012 11:07 AM, Petr Viktorin wrote:
On 10/09/2012 04:11 PM, Martin Kosek wrote:
On 10/09/2012 03:48 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/08/2012 09:29 PM, Rob Crittenden wrote:
Martin Kosek wrote:
- Original Message -
From: Rob Crittenden rcrit...@redhat.com
CRL migrate procedure did not check if a CA was actually configured
on an updated master/replica. This caused ipa-upgradeconfig to
crash on replicas without a CA.
Make sure that CRL migrate procedure is not run when CA is not
configured on given master. Also add few try..except clauses to
make
On 10/10/2012 01:05 PM, Martin Kosek wrote:
CRL migrate procedure did not check if a CA was actually configured
on an updated master/replica. This caused ipa-upgradeconfig to
crash on replicas without a CA.
Make sure that CRL migrate procedure is not run when CA is not
configured on given
On Wed, Oct 10, 2012 at 12:04:06PM +0300, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting with krb5 locator based on winbind, make
On Wed, 10 Oct 2012, Sumit Bose wrote:
On Wed, Oct 10, 2012 at 12:04:06PM +0300, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting with
On 10/10/2012 11:40 AM, Sumit Bose wrote:
On Wed, Oct 10, 2012 at 10:52:18AM +0300, Alexander Bokovoy wrote:
Hi,
Domain Admins RID is -512, not -513. Fix the documentation text.
--
/ Alexander Bokovoy
ACK
bye,
Sumit
Pushed to master, ipa-3-0.
Martin
Jan Cholasta wrote:
On 9.10.2012 21:31, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/08/2012 05:12 PM, Jan Cholasta wrote:
Hi,
On 20.9.2012 19:38, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
Dne 31.8.2012 19:43, Rob Crittenden napsal(a):
The naming in CS replication agreements is
Alexander Bokovoy wrote:
Hi,
this patch avoids reconfiguring SELinux if required variable is already
enabled. This would save you couple minutes on re-run of
ipa-adtrust-install.
No ticket for it yet and the patch might wait until 3.0.1 but
I had enogh patience :)
I think we need a set of
On 10/10/2012 12:46 AM, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On 10/09/2012 04:43 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/04/2012 06:17 PM, Rob Crittenden wrote:
This changes the way IPA generates CRLs for new installs only.
The first master installed
On 10/10/2012 10:55 AM, Petr Viktorin wrote:
On 10/09/2012 06:01 PM, Petr Vobornik wrote:
On 10/09/2012 05:26 PM, Petr Viktorin wrote:
On 10/09/2012 05:16 PM, Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/3150
Patch 0086:
I found an old unused function while working on this,
Martin Kosek wrote:
On 10/10/2012 12:46 AM, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On 10/09/2012 04:43 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/04/2012 06:17 PM, Rob Crittenden wrote:
This changes the way IPA generates CRLs for new installs only.
The
Tomas Babej wrote:
On 10/04/2012 11:06 AM, Tomas Babej wrote:
On 10/03/2012 07:27 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 10/03/2012 03:31 PM, Tomas Babej wrote:
On 10/02/2012 08:48 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 09/26/2012 09:32 PM, Rob Crittenden wrote:
Tomas
On 10/10/2012 03:37 PM, Martin Kosek wrote:
On 10/10/2012 10:55 AM, Petr Viktorin wrote:
On 10/09/2012 06:01 PM, Petr Vobornik wrote:
On 10/09/2012 05:26 PM, Petr Viktorin wrote:
On 10/09/2012 05:16 PM, Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/3150
Patch 0086:
I found
On 10/10/2012 04:12 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/10/2012 12:46 AM, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On 10/09/2012 04:43 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/04/2012 06:17 PM, Rob Crittenden wrote:
This changes the way IPA
I was tempted to push this as a one-liner but an extra set of eyes won't
hurt.
The lack of quotes around this member causes it to be comma-parsed so it
adds each component separately as a member.
rob
From b54f78a7d9ce2175ed906225e7efb0ba6093b0c9 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
On Wed, 10 Oct 2012, Rob Crittenden wrote:
I was tempted to push this as a one-liner but an extra set of eyes
won't hurt.
The lack of quotes around this member causes it to be comma-parsed so
it adds each component separately as a member.
I removed this code in my patch 0084 so it is
Hi,
this patch originated from off-list discussion regarding multiple runs
of ipa trust-add against the same domain.
Since trust-add re-establishes the trust every time it is run and all
the other information fetched from the remote domain controller stays
the same, it can be run multiple
Martin Kosek wrote:
On 10/10/2012 04:12 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/10/2012 12:46 AM, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On 10/09/2012 04:43 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/04/2012 06:17 PM, Rob Crittenden wrote:
Alexander Bokovoy wrote:
Hi,
attached patch moves S4U2Proxy configuration for CIFS service to
ipa-adtrust-install. Since CIFS service is only available after running
ipa-adtrust-install, we cannot reference its principal in advance. This
means bootstrap template and updates processes cannot
Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Rob Crittenden wrote:
I was tempted to push this as a one-liner but an extra set of eyes
won't hurt.
The lack of quotes around this member causes it to be comma-parsed so
it adds each component separately as a member.
I removed this code in my
On 10/10/2012 04:23 PM, Petr Viktorin wrote:
On 10/10/2012 03:37 PM, Martin Kosek wrote:
On 10/10/2012 10:55 AM, Petr Viktorin wrote:
On 10/09/2012 06:01 PM, Petr Vobornik wrote:
On 10/09/2012 05:26 PM, Petr Viktorin wrote:
On 10/09/2012 05:16 PM, Petr Viktorin wrote:
On Wednesday 10 October 2012 15:40:17 Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Sumit Bose wrote:
On Wed, Oct 10, 2012 at 12:04:06PM +0300, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind
On 10/10/2012 05:29 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/10/2012 04:12 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/10/2012 12:46 AM, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On 10/09/2012 04:43 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On
Martin Kosek wrote:
On 10/10/2012 05:29 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/10/2012 04:12 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 10/10/2012 12:46 AM, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On 10/09/2012 04:43 PM, Rob Crittenden wrote:
On Wed, 2012-10-10 at 17:57 +0200, Andreas Schneider wrote:
On Wednesday 10 October 2012 15:40:17 Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Sumit Bose wrote:
On Wed, Oct 10, 2012 at 12:04:06PM +0300, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10
Simo Sorce wrote:
On Wed, 2012-10-10 at 17:57 +0200, Andreas Schneider wrote:
On Wednesday 10 October 2012 15:40:17 Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Sumit Bose wrote:
On Wed, Oct 10, 2012 at 12:04:06PM +0300, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi I pushed the following oneliner:
Subject: Use stricter requirement for krb5-server
Our code strictly depends on 1.10 as the KDC DAL plugin interface is not
guaranteed stable and indeed is different in 1.9 and will be different
in 1.11
So we cannot allow upgrades to 1.11 until we can provide a
389-ds-base 1.3.0 was released to Fedora 18 updates-testing this week.
There is the chance of deadlock in the schema compat plugin at the
moment. We have a candidate patch for addressing it but it is not yet
reviewed.
This is an interim patch that disables betxn explicitly for now. It
should
40 matches
Mail list logo