[Freeipa-users] Re: [SSSD-users] Re: Getting DP Request [Account #4]: Returning [Internal Error]: 3,5,Group lookup failed

On 2/1/2018 3:30 AM, Jakub Hrozek via FreeIPA-users wrote: On Wed, Jan 31, 2018 at 04:07:46PM -0500, TomK via FreeIPA-users wrote: On 1/31/2018 2:34 PM, Jakub Hrozek via FreeIPA-users wrote: On Wed, Jan 31, 2018 at 01:18:27PM -0500, TomK via FreeIPA-users wrote: On 1/31/2018 12:21 PM, TomK

[Freeipa-users] Nextcloud with Freeipa and AD

I have Freeipa with AD trust. All works fine. I want Nextcloud with all users - AD and IPA. I set up Nextcloud for this article: https://www.freeipa.org/page/Owncloud_Authentication_against_FreeIPA But I want restrict users for only one group. When I open User Filter tab I get message: The group

[Freeipa-users] Re: How to recover from "split brain"

BTW: [root@ipa-prod-1201]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@ipa-prod-1201]# rpm -qa|grep ipa-server-4 ipa-server-4.4.0-14.el7.centos.6.x86_64 On Thu, Feb 1, 2018 at 10:53 AM, Rob Brown wrote: > Agreed! I would love to know if that is

[Freeipa-users] Re: Documented monitoring best practices

Alex Corcoles via FreeIPA-users wrote: > On Thu, Feb 1, 2018 at 5:25 PM, Jochen Hein > wrote: > > I'm using https://github.com/peterpakos/checkipaconsistency > to monitor > my replicas.

[Freeipa-users] Re: Documented monitoring best practices

On Thu, Feb 1, 2018 at 5:25 PM, Jochen Hein wrote: > I'm using https://github.com/peterpakos/checkipaconsistency to monitor > my replicas. > Yeah, but I'm not exactly reassured by choosing on of the many plugins out there- or running them all. It would be great to push for an

[Freeipa-users] Re: How to recover from "split brain"

Agreed! I would love to know if that is possible... seems like it should be. As mentioned previously, preprod still has the agreements, but prod does not. Not really sure how I should proceed. I'm a bit stuck, not wanting to further break anything. For now, auth is still working in both envs. ---

[Freeipa-users] Re: Certificates renewing with the wrong Subject

On 31/01/2018 20:36, Rob Crittenden via FreeIPA-users wrote: Roderick Johnstone via FreeIPA-users wrote: On 25/01/2018 16:56, Roderick Johnstone via FreeIPA-users wrote: On 25/01/2018 13:43, Rob Crittenden via FreeIPA-users wrote: Roderick Johnstone via FreeIPA-users wrote: On 24/01/2018

[Freeipa-users] Re: IPA-Server Deletion issues

Sorry about the lack of clarification Rob! I have 3 servers, all running CentOS 7.4, FreeIPA version 4.5.0. the hostnames are lithium, nitrogen and the recently deceased oxygen. all are masters under the same Realm which is EGGVFX.IE The "server not found" error is exactly what shows when i try

[Freeipa-users] Re: Documented monitoring best practices

Alex Corcoles via FreeIPA-users writes: > Is there any official literature about how to monitor FreeIPA? I'm using https://github.com/peterpakos/checkipaconsistency to monitor my replicas. > Is there any plan to provide an official way to monitor FreeIPA?

[Freeipa-users] Re: Issue with SCEP enrollment to sub-CA

Trevor Vaughan via FreeIPA-users wrote: > As an update, the sscep application set works properly with the sub-CA > so it's definitely an issue on the certmonger side of things. > > sscep in AES mode throws an exception in Dogtag and, unfortunately, > sscep also doesn't support above SHA1. > >

[Freeipa-users] Re: IPA-Server Deletion issues

Jamal Mahmoud via FreeIPA-users wrote: > I'm having strange issues with removing one of my freeIPA masters, I > managed to mess up the deletion process and my system seems to be stuck > in a state of limbo, my current setup is 3 servers ( 1 has been > decommissioned) that all share the CA/Domain

[Freeipa-users] IPA-Server Deletion issues

I'm having strange issues with removing one of my freeIPA masters, I managed to mess up the deletion process and my system seems to be stuck in a state of limbo, my current setup is 3 servers ( 1 has been decommissioned) that all share the CA/Domain responsibilities. When i run the command .

[Freeipa-users] Re: Host certificates association across IPA servers

Initial impression having re-initialised looks encouraging. I didn't have a guarantee reproducible steps, so will keep an eye on it, but the errors are no more, and associating a cert on one master was reflected on another. \o/ Thanks again, David On 1 February 2018 at 11:57, David Harvey

[Freeipa-users] Re: Host certificates association across IPA servers

Thanks for your swift response Rob, My apologies, it looks like my superficial replication check was insufficient. ipa-replica-manage -v list ipa2.mydom ipa3.mydom: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: Error (0) Replica acquired

[Freeipa-users] running log show late

Hi: Any one find that the log of systemctl | grep running show late in putty? dirsrv@ABC-COM.service loaded active running 389 Directory Server ABC.COM. systemctl | grep running < after reboot type this not show 389 sever need wait half - 1 min and retype then show . Regards Barry

[Freeipa-users] Re: Documented monitoring best practices

Wow! It's really important question. I'm joining with it. It's good to be able to know what happening with IPA-infra. Espesially - ssh/sudo working (in general at least, with out concearning about HBAC+Policy groups). 2018-01-31 22:04 GMT+03:00 Alex Corcoles via FreeIPA-users <