Hello,
How do I manipulate the DNS caching settings in FreeIPA? For example,
how do I adjust the cache size, ttl etc ?
I'm looking to speed up external queries by caching them in FreeIPA to
allow faster lookups on subsequent requests, thereby reducing response
times.
--
Thx,
TK.
Hey Folks,
I'm looking into migrating my FreeIPA 4.6.6 setup to RHEL 9 or any of
the subject *nix 9 environments.
The immediate steps I can see doing is:
0) Take snapshots
1) Spin up RHEL 9 or Cent OS 9 boxes etc.
2) Install the latest FreeIPA version.
3) Enable replication from the older
On 2022-09-26 9:13 a.m., TomK via FreeIPA-users wrote:
On 2022-09-26 8:50 a.m., Rob Crittenden via FreeIPA-users wrote:
TomK via FreeIPA-users wrote:
On 2022-09-25 12:42 a.m., TomK via FreeIPA-users wrote:
On 2022-09-25 12:38 a.m., TomK via FreeIPA-users wrote:
Hey Everyone!
Wondering
On 2022-09-26 8:50 a.m., Rob Crittenden via FreeIPA-users wrote:
TomK via FreeIPA-users wrote:
On 2022-09-25 12:42 a.m., TomK via FreeIPA-users wrote:
On 2022-09-25 12:38 a.m., TomK via FreeIPA-users wrote:
Hey Everyone!
Wondering if anyone could help nudge me along in the right direction
On 2022-09-25 12:42 a.m., TomK via FreeIPA-users wrote:
On 2022-09-25 12:38 a.m., TomK via FreeIPA-users wrote:
Hey Everyone!
Wondering if anyone could help nudge me along in the right direction
on this one. Getting the following on my FreeIPA master and replica:
Internal Database Error
On 2022-09-25 12:38 a.m., TomK via FreeIPA-users wrote:
Hey Everyone!
Wondering if anyone could help nudge me along in the right direction
on this one. Getting the following on my FreeIPA master and replica:
Internal Database Error encountered: Could not connect to LDAP server
host
Hey Everyone!
Wondering if anyone could help nudge me along in the right direction on
this one. Getting the following on my FreeIPA master and replica:
Internal Database Error encountered: Could not connect to LDAP server
host idmipa01.nix.mds.xyz port 636 Error netscape.ldap.LDAPException:
suffix via DHCP, so that when a user enters http://portal/ they
actually resolve http://portal.yourdomain.com/.
On 21/12/21 14:55, TomK via FreeIPA-users wrote:
Hello,
Wondering, how to create custom internal URL's such as http://portal/
-> https://some-very-long-host01.my.long.domain.
Hello,
Wondering, how to create custom internal URL's such as http://portal/ ->
https://some-very-long-host01.my.long.domain.com
or, ideally:
http://portal/ ->
https://some-very-long-host01.my.long.domain.com/some-excessively-long-url.html
using FreeIPA for internal network resources? I
On 5/19/2020 8:21 AM, Rob Crittenden via FreeIPA-users wrote:
TomK via FreeIPA-users wrote:
Hey All,
I've upgrade one side of my two node cluster. However, the secondary
won't come even though the manual upgrade apparently went well.
[root@idmipa04 ~]# ipa-server-upgrade
Upgrading IPA
Hey All,
I've upgrade one side of my two node cluster. However, the secondary
won't come even though the manual upgrade apparently went well.
[root@idmipa04 ~]# ipa-server-upgrade
Upgrading IPA:. Estimated time: 1 minute 30 seconds
[1/9]: saving configuration
[2/9]: disabling listeners
Hey All,
1) When moving an IPA Cluster member to another VLAN, is it only
necessary to change the member's DNS entries in the primary IPA's DNS
config, then change the IP on the secondary's network config? Or is
there more steps that would need to be done?
2) Can I join an IPA client to an
On 5/3/2020 9:19 AM, Florence Blanc-Renaud via FreeIPA-users wrote:
On 5/2/20 2:18 PM, TomK via FreeIPA-users wrote:
Hey All,
Let's suppose I have two AD groups:
unixadmin
unixusers
In FreeIPA, I would like to give unixadmin group access to ALL FreeIPA
functions.
Whereas for the unixusers
Hey All,
Let's suppose I have two AD groups:
unixadmin
unixusers
In FreeIPA, I would like to give unixadmin group access to ALL FreeIPA
functions.
Whereas for the unixusers, I would like to give R/O access.
I've already done the group mappings from AD to FreeIPA.
What is the best way to
Hey All,
This might be a bit of an unusual question but perhaps someone here has
seen this scenario.
As per the subject says, user j...@mds.xyz can mount Samba share in Win
10. Same share fails to mount on a Mac using same user.
Appears Mac's insist on interpreting the UPN j...@mds.xyz as
On 12/6/2019 10:51 AM, TomK wrote:
On 12/4/2019 11:16 AM, Alexander Bokovoy via FreeIPA-users wrote:
On ke, 04 joulu 2019, Stephen John Smoogen via FreeIPA-users wrote:
On Tue, 3 Dec 2019 at 21:43, TomK via FreeIPA-users
wrote:
Hey All,
Does FreeIPA fully support IPV6 or are there corner
On 12/4/2019 11:16 AM, Alexander Bokovoy via FreeIPA-users wrote:
On ke, 04 joulu 2019, Stephen John Smoogen via FreeIPA-users wrote:
On Tue, 3 Dec 2019 at 21:43, TomK via FreeIPA-users
wrote:
Hey All,
Does FreeIPA fully support IPV6 or are there corner cases and
limitations that could make
Hey All,
Given a line like this:
ipa-client-install --force-join -p admin -w "*" --fixed-primary
--server=idmipa01.nix.mds.xyz --server=idmipa02.nix.mds.xyz
--domain=nix.mds.xyz --realm=NIX.MDS.XYZ -U
1) Is there a way to pull the password from a safe store before passing
it in or
Just added this line to nsswitch.conf and things are working fine
despite the errors below:
root@xoa-org01:/n/dom.lab/user# grep -Ei auto /etc/nsswitch.conf
automount: files sss
root@xoa-org01:/n/dom.lab/user#
Guessing the messages were not fatal.
Thx,
TK
On 10/19/2019 8:01 PM, TomK via
Hey All,
Are there any recent instructions available for configuring NFS home
directories using ipa-client-automount ?
Currently above command generates:
stderr=
Started rpcidmapd
Starting external process
args=['/bin/systemctl', 'enable', 'nfs-idmapd.service']
Process finished, return
On 8/22/2019 2:46 AM, Alexander Bokovoy via FreeIPA-users wrote:
On ke, 21 elo 2019, TomK via FreeIPA-users wrote:
Hey All,
The primary master I have has the kadmin principal for it:
kadmin/ipa03.mws.mds@mws.mds.xyz
The slave (idmipa04) doesn't have a corresponding kadmin/... principal
Hey All,
The primary master I have has the kadmin principal for it:
kadmin/ipa03.mws.mds@mws.mds.xyz
The slave (idmipa04) doesn't have a corresponding kadmin/... principal
entry. Can't find these principals in the UI.
1) Should the slave installer have created the slave kadmin/...
Hey Guy's,
I'm looking for an IPAM (IP Address Management) tool that will integrate
with FreeIPA to provide:
1) IP Management
2) Provides DHCP
3) *Integrates well with FreeIPA*
Many of the tools I saw provide conflicting capabilities. Would be
great if the IPAM tool checked FreeIPA to see
Hey All,
Given that I have two separate IPA clusters on the same subnet but two
different domains, is there any chance that the IPA servers can issue
identical UID / GID numbers thereby causing conflicts on the setup?
When setting up the IPA servers, is there a change the same ID range can
On 2/24/2019 4:53 AM, Alexander Bokovoy via FreeIPA-users wrote:
On la, 23 helmi 2019, TomK via FreeIPA-users wrote:
On 2/22/2019 9:51 AM, Alexander Bokovoy via FreeIPA-users wrote:
On Fri, 22 Feb 2019, TomK via FreeIPA-users wrote:
On 2/20/2019 10:58 PM, TomK wrote:
On 2/20/2019 10:13 PM
On 2/22/2019 9:51 AM, Alexander Bokovoy via FreeIPA-users wrote:
On Fri, 22 Feb 2019, TomK via FreeIPA-users wrote:
On 2/20/2019 10:58 PM, TomK wrote:
On 2/20/2019 10:13 PM, Rob Crittenden via FreeIPA-users wrote:
TomK via FreeIPA-users wrote:
Hey All,
Getting a scenario where the hostname
On 2/20/2019 10:58 PM, TomK wrote:
On 2/20/2019 10:13 PM, Rob Crittenden via FreeIPA-users wrote:
TomK via FreeIPA-users wrote:
Hey All,
Getting a scenario where the hostname doesn't resolve to the new IP if
the VM is recreated multiple times against an IPA server.
I've tried clearing
On 2/20/2019 10:13 PM, Rob Crittenden via FreeIPA-users wrote:
TomK via FreeIPA-users wrote:
Hey All,
Getting a scenario where the hostname doesn't resolve to the new IP if
the VM is recreated multiple times against an IPA server.
I've tried clearing the caches on the clients but no luck. I
Hey All,
Getting a scenario where the hostname doesn't resolve to the new IP if
the VM is recreated multiple times against an IPA server.
I've tried clearing the caches on the clients but no luck. I have to
allow a specific amount of time to pass before I can use the DNS name
that now
On 2/18/2019 4:25 AM, Sumit Bose via FreeIPA-users wrote:
On Sun, Feb 17, 2019 at 07:43:33PM -0500, TomK via FreeIPA-users wrote:
On 2/17/2019 2:19 PM, Alexander Bokovoy via FreeIPA-users wrote:
On Sun, 17 Feb 2019, TomK via FreeIPA-users wrote:
Hey All,
Scenario:
Two IPA clusters, both
On 2/17/2019 7:43 PM, TomK via FreeIPA-users wrote:
On 2/17/2019 2:19 PM, Alexander Bokovoy via FreeIPA-users wrote:
On Sun, 17 Feb 2019, TomK via FreeIPA-users wrote:
Hey All,
Scenario:
Two IPA clusters, both with a unique trust to the same AD DC. One
picks up the private group, the other
On 2/17/2019 2:19 PM, Alexander Bokovoy via FreeIPA-users wrote:
On Sun, 17 Feb 2019, TomK via FreeIPA-users wrote:
Hey All,
Scenario:
Two IPA clusters, both with a unique trust to the same AD DC. One
picks up the private group, the other doesn't. I can login with the
AD user to both
On 2/6/2019 4:12 AM, Florence Blanc-Renaud via FreeIPA-users wrote:
On 2/6/19 6:03 AM, TomK via FreeIPA-users wrote:
On 2/5/2019 5:12 AM, Florence Blanc-Renaud via FreeIPA-users wrote:
On 2/5/19 8:15 AM, TomK via FreeIPA-users wrote:
Hello,
Would someone please point me to a concise list
On 2/5/2019 5:12 AM, Florence Blanc-Renaud via FreeIPA-users wrote:
On 2/5/19 8:15 AM, TomK via FreeIPA-users wrote:
Hello,
Would someone please point me to a concise list of steps I can use
here? Running 1.) and 2.) yields various errors and I would like to
try a known set of working
Hello,
Would someone please point me to a concise list of steps I can use here?
Running 1.) and 2.) yields various errors and I would like to try a
known set of working commands to get a replica going in this state
before posting with errors:
# ipa-replica-prepare ipa04.abc.xyz.123
configured to check DNS to leverage the capabilities
of both tools.
Cheers,
TK
On 4/2/19 7:49 am, TomK via FreeIPA-users wrote:
Hey All,
Would like to ensure that if a DHCP server issues an IP, that it also
checks the FreeIPA (DNS) to ensure that IP hasn't been defined before.
Anyway to do
Hey All,
Would like to ensure that if a DHCP server issues an IP, that it also
checks the FreeIPA (DNS) to ensure that IP hasn't been defined before.
Anyway to do that?
Currently if a virtual host has been offline for a while, the DHCP
serves it's IP to new hosts being built.
--
Cheers,
Suppose I have the following scenario:
AD DC Cluster = b.a ( user: b.a\jack )
IPA Cluster 01 = c.b.a
IPA Cluster 02 = d.b.a
IPA Cluster 03 = e.b.a
If I setup all 3 IPA clusters as subdomains of b.a, I know each one can
establish a trust with the AD DC and I can authenticate as
Please disregard ( blame lack of sleep - :) ). On further reading I
needed dns01.d01 A record set to IP 192.168.0.130 then a dns01 NS record
set to dns01.d01 .
https://www.freeipa.org/page/Troubleshooting/DNS#Forward_zone_does_not_work
--
Cheers,
Tom K.
On 1/21/2019 9:33 AM, TomK via
Hey All,
I've 4 NS servers:
ipa01.unix.dom.name 192.168.0.44
ipa02.unix.dom.name 192.168.0.45
and remote ones (Just simple named / DNS )
dns01.d01.unix.dom.name 192.168.0.130
dns02.d01.unix.dom.name 192.168.0.132
When using:
1) ipa dnsforwardzone-add d01.unix.dom.name
believe the latter will accomplish what you want.
On Tue, Oct 2, 2018, 1:02 AM TomK via FreeIPA-users
<mailto:freeipa-users@lists.fedorahosted.org>> wrote:
Hey All,
(Hopefully) a quick DNS Forwarding question.
My Windows DNS is authoritative on MY.DOM . My IP
Hey All,
(Hopefully) a quick DNS Forwarding question.
My Windows DNS is authoritative on MY.DOM . My IPA servers are
authoritative on NIX.MY.DOM . Forwarding from the Windows DNS to the
IPA DNS servers seems to work just fine. But not the other way despite
having the forwarder defined in
Hey All,
I have an external NFS cluster serviced by a VIP. The clients run
autofs configured via IPA to provide NFS home directories to client.
However, running into an issue on one of the clients and wondering if
anyone seen this message from a tcpdump of a simple mount session that's
Hey Guy's,
Not 'really' an issue but curious about the logic behind this scenario.
I get a message saying "Your password expires in 4 days." So I go to
change it for the admin user (I'm reusing the same pass) and type it in
but then get this message:
IPA Error 4203: DatabaseError
bind:
version
mismatch between API information and protocol version. Setting
protocol
version to 3
Mar 15 01:29:24 ipaclient01 nfsidmap[1855]: nfs4_name_to_gid:
umich_ldap->name_to_gid returned -2
Mar 15 01:29:24 ipaclient01 nfsidmap[1855]: nfs4_name_to_gid: calling
nsswitch->name_to_gid
Ma
sidmap[1855]: nfs4_name_to_gid:
nsswitch->name_to_gid returned 0
Mar 15 01:29:24 ipaclient01 nfsidmap[1855]: nfs4_name_to_gid: final
return value is 0
(Port 389 between client and server are open.) Seems like the line:
Mar 15 01:29:24 ipaclient01 nfsidmap[1853]: key: 0x62dd191 type: uid
value: tomk@localdo
ocalhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
192.168.0.236 ipaclient01.nix.my.dom ipaclient01
[root@ipaclient01 ~]#
Guessing key get's it's info from /etc/hosts directly and I should look
at that?
Cheers,
Tom
rob
Cheers,
Tom
TomK via
[Mapping]
Nobody-User = nfsnobody
Nobody-Group = nfsnobody
[Translation]
[Static]
[UMICH_SCHEMA]
LDAP_server = idmipa01.nix.my.dom
LDAP_base = cn=accounts,DC=NIX,DC=MY,DC=DOM
LDAP_people_base = DC=NIX,DC=MY,DC=DOM
LDAP_group_base = DC=NIX,DC=MY,DC=DOM
Cheers,
Tom
TomK via FreeIPA-users wrote:
Hey Guy's
Hey Guy's,
Getting below message which in turn fails to list proper UID / GID on
NFSv4 mounts from within an unprivileged account. All files show up with
owner and group as nobody / nobody when viewed from the client.
Is there a way to structure /etc/idmapd.conf to allow for proper UID /
Hey All,
Noticed something and I'm wondering if I'm reading this right since the
two commands below don't seem to behave in an equivalent manner. Should
the first ipa automountmap-add-indirect below create the 'sub' key under
map 'auto.share' or under map 'auto.man'?
On 2/28/2018 11:19 PM, TomK wrote:
On 2/27/2018 3:40 AM, Alexander Bokovoy wrote:
On ti, 27 helmi 2018, TomK via FreeIPA-users wrote:
On 2/26/2018 1:27 AM, Alexander Bokovoy via FreeIPA-users wrote:
Thanks Alex. + SSSD mailing list.
Two remaining questions.
1) Creating the NFS user folders
On 2/27/2018 3:40 AM, Alexander Bokovoy wrote:
On ti, 27 helmi 2018, TomK via FreeIPA-users wrote:
On 2/26/2018 1:27 AM, Alexander Bokovoy via FreeIPA-users wrote:
Thanks Alex. + SSSD mailing list.
Two remaining questions.
1) Creating the NFS user folders on the server itself
to force a folder but when I try the %o option to
override_homedir, it appears to take the FreeIPA default home directory,
not the AD one.
Cheers,
Tom
On su, 25 helmi 2018, TomK via FreeIPA-users wrote:
Hey Guy's,
For newly added AD or IPA users, is there a way to automatically
create the user
Hey Guy's,
For newly added AD or IPA users, is there a way to automatically create
the user folders on the FreeIPA server under say /nfs/home/bill, for
example so that when the remote client logs in, it sees the NFS mounted
folder?
Instructions that I can find right now require precreating
On 2/1/2018 3:30 AM, Jakub Hrozek via FreeIPA-users wrote:
On Wed, Jan 31, 2018 at 04:07:46PM -0500, TomK via FreeIPA-users wrote:
On 1/31/2018 2:34 PM, Jakub Hrozek via FreeIPA-users wrote:
On Wed, Jan 31, 2018 at 01:18:27PM -0500, TomK via FreeIPA-users wrote:
On 1/31/2018 12:21 PM, TomK
On 1/31/2018 4:07 PM, TomK via FreeIPA-users wrote:
On 1/31/2018 2:34 PM, Jakub Hrozek via FreeIPA-users wrote:
On Wed, Jan 31, 2018 at 01:18:27PM -0500, TomK via FreeIPA-users wrote:
On 1/31/2018 12:21 PM, TomK wrote:
On 1/31/2018 9:41 AM, Jakub Hrozek wrote:
See inline..
On Wed, Jan 31
On 1/31/2018 2:34 PM, Jakub Hrozek via FreeIPA-users wrote:
On Wed, Jan 31, 2018 at 01:18:27PM -0500, TomK via FreeIPA-users wrote:
On 1/31/2018 12:21 PM, TomK wrote:
On 1/31/2018 9:41 AM, Jakub Hrozek wrote:
See inline..
On Wed, Jan 31, 2018 at 03:23:57AM -0500, TomK wrote:
On 1/31/2018 3
On 1/31/2018 2:34 PM, Jakub Hrozek via FreeIPA-users wrote:
On Wed, Jan 31, 2018 at 01:18:27PM -0500, TomK via FreeIPA-users wrote:
On 1/31/2018 12:21 PM, TomK wrote:
On 1/31/2018 9:41 AM, Jakub Hrozek wrote:
See inline..
On Wed, Jan 31, 2018 at 03:23:57AM -0500, TomK wrote:
On 1/31/2018 3
On 1/31/2018 12:21 PM, TomK wrote:
On 1/31/2018 9:41 AM, Jakub Hrozek wrote:
See inline..
On Wed, Jan 31, 2018 at 03:23:57AM -0500, TomK wrote:
On 1/31/2018 3:18 AM, TomK via FreeIPA-users wrote:
My bad, did not include sssd-users earlier. :(
Hey All,
I'm wondering if anyone came across
On 1/31/2018 9:41 AM, Jakub Hrozek wrote:
See inline..
On Wed, Jan 31, 2018 at 03:23:57AM -0500, TomK wrote:
On 1/31/2018 3:18 AM, TomK via FreeIPA-users wrote:
My bad, did not include sssd-users earlier. :(
Hey All,
I'm wondering if anyone came across this error below. We have two RHEL
On 1/31/2018 3:18 AM, TomK via FreeIPA-users wrote:
My bad, did not include sssd-users earlier. :(
Hey All,
I'm wondering if anyone came across this error below. We have two RHEL
7.4 servers with SSSD 1.15.2: http-srv01 and http-srv02
Both connect to the same AD DC host below: addc-srv03
Hey All,
I'm wondering if anyone came across this error below. We have two RHEL
7.4 servers with SSSD 1.15.2: http-srv01 and http-srv02
Both connect to the same AD DC host below: addc-srv03.addom.com.
Verified krb5.conf and sssd.conf both are identical. We can login on
the http-srv01 and
62 matches
Mail list logo