[Freeipa-users] Re: Major Server Failure

Well... I made a what think is a major oopsie.  I was working my way through the guide from the link below.  I was having good success exporting the directory database and migrating the data to a failing server.  When attempting to load the data I overlooked the file ownership and the import

[Freeipa-users] Re: obtaining initial ticket via keytab

On Mon, 2018-05-14 at 14:44 -0400, Josh via FreeIPA-users wrote: > On 05/14/2018 01:29 PM, Alexander Bokovoy wrote: > > Talking with Simo, we realized that since we are using random salt for > > all IPA principals, you need to know the salt when creating a keytab > > entry. You only can retrieve

[Freeipa-users] Re: some basic questions about FreeIPA

Udo Rader via FreeIPA-users writes: > Our current setup looks like this: ... > #4 DHCP is handled by multiple, distributed ISC DHCP servers, > configured to pull their configuration from OpenLDAP (network > definitions, routers, NTP servers, MAC addresses

[Freeipa-users] Re: Problems setting up replica on Raspberry Pi 3B (ARM)

Here's a strace from before it dies. Most of the elapsed time is it waiting on some futex call it looks like near the end, when it finally "returns" (from lack of strace output for duration of call I assume it didn't actually return but SIGSEGV in that call) and strace prints ' = ?' on the futex

[Freeipa-users] Re: obtaining initial ticket via keytab

On 05/14/2018 01:29 PM, Alexander Bokovoy wrote: Talking with Simo, we realized that since we are using random salt for all IPA principals, you need to know the salt when creating a keytab entry. You only can retrieve that via KRB5_TRACE for kinit like I did in

[Freeipa-users] Re: obtaining initial ticket via keytab

On ma, 14 touko 2018, Rob Crittenden via FreeIPA-users wrote: Josh via FreeIPA-users wrote: On 05/12/2018 01:53 AM, Alexander Bokovoy wrote: On pe, 11 touko 2018, Josh wrote: On 05/11/2018 01:19 AM, Alexander Bokovoy wrote: On to, 10 touko 2018, Josh via FreeIPA-users wrote: Server

[Freeipa-users] Re: adding users to other user groups

Ok.  I will check this out. Thank you! On Monday, May 14, 2018 10:59 AM, Alexander Bokovoy via FreeIPA-users wrote: On ma, 14 touko 2018, Andrew Meyer via FreeIPA-users wrote: >Hello,I am trying to add a new user to another group.  This group was

[Freeipa-users] Re: adding users to other user groups

On ma, 14 touko 2018, Andrew Meyer via FreeIPA-users wrote: Hello,I am trying to add a new user to another group.  This group was setup for another user.  When I create the user is seems to do the same thing as when I create them on a local system.  I get a User and a group for the user as well. 

[Freeipa-users] adding users to other user groups

Hello,I am trying to add a new user to another group.  This group was setup for another user.  When I create the user is seems to do the same thing as when I create them on a local system.  I get a User and a group for the user as well.  However when I go to add another user to that newly

[Freeipa-users] Re: Problems setting up replica on Raspberry Pi 3B (ARM)

Hi Jonathan, This is weird as the crashing thread stack looks truncated (did you copy/paste all of it ?) Thread 1 (Thread 0x9e13c280 (LWP 17245)): #0  0xb67bbf2e in strlen () at /lib/libc.so.6 #1  0xb6a06b40 in dosprintf () at /lib/libnspr4.so #2  0x in None () Did you install

[Freeipa-users] Re: obtaining initial ticket via keytab

Josh via FreeIPA-users wrote: On 05/12/2018 01:53 AM, Alexander Bokovoy wrote: On pe, 11 touko 2018, Josh wrote: On 05/11/2018 01:19 AM, Alexander Bokovoy wrote: On to, 10 touko 2018, Josh via FreeIPA-users wrote: Server certificate has expired and all ipa utilities fail. Could you please

[Freeipa-users] Re: Accessing IPA host data from an enrolled workstation

On ma, 14 touko 2018, David Harvey wrote: Thank you, that's a great help. One follow up question. Is there some way of cajoling ipa host-show into only displaying specific fields? Or is it better just to use ldapsearch with a suitable search filter (given both need to use the host or a service

[Freeipa-users] Re: Accessing IPA host data from an enrolled workstation

Thank you, that's a great help. One follow up question. Is there some way of cajoling ipa host-show into only displaying specific fields? Or is it better just to use ldapsearch with a suitable search filter (given both need to use the host or a service keytab if this is to be run by puppet). The

[Freeipa-users] Re: Accessing IPA host data from an enrolled workstation

On ti, 27 maalis 2018, David Harvey via FreeIPA-users wrote: Dear list, I'm currently tinkering with adding host attributes (As custom attrs, or for the moment into the description field). My intention is to then read these from the host in order to define some local behaviour for scripts or

[Freeipa-users] Re: some basic questions about FreeIPA

On pe, 11 touko 2018, Udo Rader via FreeIPA-users wrote: Hi, I'm currently evaluating a couple of options to migrate our dated OpenLDAP installation to a more up2date, maintainable and and user friendly solution. One of the possibilities I found is of course FreeIPA and I hope this is the

[Freeipa-users] Re: some basic questions about FreeIPA

Udo, On Fri, 11 May 2018, Udo Rader via FreeIPA-users wrote: [...] Our current setup looks like this: OpenLDAP used as storage for user, DHCP and DNS information: #1 users are either regular Unix (Linux, FreeBSD) shell users #2 or they are users accessing our mail services (dovecot/postfix)

[Freeipa-users] Re: Accessing IPA host data from an enrolled workstation

Hi again, Just a little nudge to see if anyone has attempted any of the prior mentioned, or if they may have ideas on how this is best achieved.. Kind regards, David On 27 March 2018 at 16:22, David Harvey wrote: > Dear list, > > I'm currently tinkering with

[Freeipa-users] some basic questions about FreeIPA

Hi, I'm currently evaluating a couple of options to migrate our dated OpenLDAP installation to a more up2date, maintainable and and user friendly solution. One of the possibilities I found is of course FreeIPA and I hope this is the right place to as couple of basic questions, in order to get a

[Freeipa-users] obtaining initial ticket via keytab

Greetings, I am trying to follow steps at https://kb.iu.edu/d/aumh to create freeipa admin keytab to use in some scripts but getting an error kinit: Preauthentication failed while getting initial credentials Does anyone know what I am missing here? Thanks, Josh. $ ktutil ktutil:  addent

[Freeipa-users] Re: Server Uninstall Fail

On 05/09/2018 12:44 AM, Ross Infinger via FreeIPA-users wrote: After a failed ipa-replica-install, I try to uninstall with ipa-server-install --uninstall.  However the uninstall is failing with the following: [root@ipa-nyc-pci01 ~]# ipa-server-install --uninstall This is a NON REVERSIBLE