[Freeipa-users] failed to verify krb5 credentials: Server not found in Kerberos database

HI Team, I'm getting subjected on when enrolled to new FreeIPA how can it be fixed ? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of

[Freeipa-users] Re: Samba integration - access without Kerberos

On ke, 29 huhti 2020, lejeczek via FreeIPA-users wrote: On 29/04/2020 18:20, Alexander Bokovoy wrote: On ke, 29 huhti 2020, lejeczek via FreeIPA-users wrote: On 16/01/2020 13:56, Alexander Bokovoy wrote: On to, 16 tammi 2020, lejeczek via FreeIPA-users wrote: hi everybody. I see this

[Freeipa-users] Re: Samba integration - access without Kerberos

On 29/04/2020 18:20, Alexander Bokovoy wrote: > On ke, 29 huhti 2020, lejeczek via FreeIPA-users wrote: >> >> >> On 16/01/2020 13:56, Alexander Bokovoy wrote: >>> On to, 16 tammi 2020, lejeczek via FreeIPA-users wrote: hi everybody. I see this subject might have been poked around

[Freeipa-users] Re: Samba and winbind not starting

On 29.04.20 19:17, Alexander Bokovoy via FreeIPA-users wrote: On ke, 29 huhti 2020, Ronald Wimmer via FreeIPA-users wrote: I've managed to successfully migrate my ipa server #1 (including CA renewal master) to RHEL8. After a few checks I found out that the trust controller role was missing on

[Freeipa-users] Re: Samba integration - access without Kerberos

On ke, 29 huhti 2020, lejeczek via FreeIPA-users wrote: On 16/01/2020 13:56, Alexander Bokovoy wrote: On to, 16 tammi 2020, lejeczek via FreeIPA-users wrote: hi everybody. I see this subject might have been poked around many times, a couple times at least for sure. But, I thought I'll poke

[Freeipa-users] Re: Samba and winbind not starting

On ke, 29 huhti 2020, Ronald Wimmer via FreeIPA-users wrote: I've managed to successfully migrate my ipa server #1 (including CA renewal master) to RHEL8. After a few checks I found out that the trust controller role was missing on the new system. So I ran ipa-adtrust-install. However, the

[Freeipa-users] Re: Samba integration - access without Kerberos

On 16/01/2020 13:56, Alexander Bokovoy wrote: > On to, 16 tammi 2020, lejeczek via FreeIPA-users wrote: >> hi everybody. >> >> I see this subject might have been poked around many >> times, a couple >> times at least for sure. But, I thought I'll poke again >> and hopefully >> get some latest

[Freeipa-users] Re: Plugin problem after upgrade

according to this DEBUG ipaserver.plugins.bureau is not a valid plugin module in the ipaupgrade.log, I need to modify my plugin :-( Regards, Frederic. Frédéric AYRAULT Administrateur Systèmes et Réseaux Laboratoire d'Informatique de l'Ecole polytechnique

[Freeipa-users] Samba and winbind not starting

I've managed to successfully migrate my ipa server #1 (including CA renewal master) to RHEL8. After a few checks I found out that the trust controller role was missing on the new system. So I ran ipa-adtrust-install. However, the command "id myuser@ad.domain" did not return any results. ipactl

[Freeipa-users] Re: Prevent admin user lock

On ke, 29 huhti 2020, Petar Kozić via FreeIPA-users wrote: Hi Alexander, thank you for your reply, can you point some details how can I do that? See 'ipa help pwpolicy' and official documentation chapter 'Definiting IdM password policies':

[Freeipa-users] Client part of server install failing - KRB5CCNAME not defined in HTTP request environment

I am having an issue attempting to install IPA Server. The server component install processes correctly, but when it comes to set up the client components it fails: 2020-04-28T22:41:42Z DEBUG failed to find session_cookie in persistent storage for principal 'host/ipa.mydomain@mydomain.com'

[Freeipa-users] Re: Prevent admin user lock

Hi Alexander, thank you for your reply, can you point some details how can I do that? On Wed, Apr 29, 2020, 15:48 Alexander Bokovoy wrote: > On ke, 29 huhti 2020, Petar Kozić via FreeIPA-users wrote: > >Hi folks, > > > >My free iPA server works on public IP and need to be public. Because of >

[Freeipa-users] Re: HBAC Rule to allow anonymous NFS mounts from specific subnets

On ke, 29 huhti 2020, White, David via FreeIPA-users wrote: Is it possible to allow hosts in specific subnets to connect to a FreeIPA-connected server over NFS anonymously? e.g. I'm wondering if I could setup a HBAC rule by doing something like the following: ipa hbacsvc-add nfs-mount

[Freeipa-users] Re: Prevent admin user lock

On ke, 29 huhti 2020, Petar Kozić via FreeIPA-users wrote: Hi folks, My free iPA server works on public IP and need to be public. Because of that I have problem because admin user is often locked becuase too many incorrect logins. Can I filter admin user login to some IP and how? You can

[Freeipa-users] Re: Cannot delete old server after migration

On 4/29/20 3:11 PM, Ronald Wimmer via FreeIPA-users wrote: I followed the guide at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/migrate-7-to-8_migrating to migrate my server (including CA renewal master). When I try to uninstall

[Freeipa-users] Re: Administration delegation for multiple hosts services

On ke, 29 huhti 2020, Julien Rische via FreeIPA-users wrote: Hello everyone, To properly support load-balanced services, we need FreeIPA-managed service hosts to be able to retrieve the following elements, without the intervention of any user (only starting with the host keytab): - Keytab

[Freeipa-users] Re: SERVFAIL for one hostname

On 4/29/20 2:30 PM, Tiemen Ruiten wrote: > Hello Petr, > > Thank you for the pointers. Even without DNSSEC validation, the query > doesn't return the A-record. Delv also returns SERVFAIL. What I do see at > DNSViz > , >

[Freeipa-users] HBAC Rule to allow anonymous NFS mounts from specific subnets

Is it possible to allow hosts in specific subnets to connect to a FreeIPA-connected server over NFS anonymously? e.g. I'm wondering if I could setup a HBAC rule by doing something like the following: ipa hbacsvc-add nfs-mount ipahbacrule-add allow_nfs_mount Then attach that to the NFS server

[Freeipa-users] Cannot delete old server after migration

I followed the guide at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/migrate-7-to-8_migrating to migrate my server (including CA renewal master). When I try to uninstall tho old server according to

[Freeipa-users] Prevent admin user lock

Hi folks, My free iPA server works on public IP and need to be public. Because of that I have problem because admin user is often locked becuase too many incorrect logins. Can I filter admin user login to some IP and how? Thank you. ___ FreeIPA-users

[Freeipa-users] DNS - trusted-keys via IPA's tools - ?

hi everybody I want to ask if we have a way of adding trusted-keys? Official/recommended VS by fiddling/non-recommended ? many thanks, L. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to

[Freeipa-users] Re: Migrate CA from 7 to 8

On 29.04.20 14:45, Ronald Wimmer via FreeIPA-users wrote: According to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/migrate-7-to-8_migrating#install-replica_migrate-7-to-8 I should do a "ipa-csreplica-manage list" on the new server

[Freeipa-users] Migrate CA from 7 to 8

According to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/migrate-7-to-8_migrating#install-replica_migrate-7-to-8 I should do a "ipa-csreplica-manage list" on the new server after having run "ipa-replica-install" The verbose output

[Freeipa-users] Re: SERVFAIL for one hostname

Hello Petr, Thank you for the pointers. Even without DNSSEC validation, the query doesn't return the A-record. Delv also returns SERVFAIL. What I do see at DNSViz , is "NSEC3 proving non-existence of

[Freeipa-users] Administration delegation for multiple hosts services

Hello everyone, To properly support load-balanced services, we need FreeIPA-managed service hosts to be able to retrieve the following elements, without the intervention of any user (only starting with the host keytab): - Keytab containing keys for:     - Service canonical principal     -

[Freeipa-users] Re: SERVFAIL for one hostname

Hi Tiemen, it might help you to use dig and delv to debug dns related issues. SERVFAIL is quite often some issue in DNSSEC validation. To ensure validation is reponsible, try just: dig +cd download.wisselkoersenvoorjeadministratie.nl It it succeeds, validation is responsible. Quite good

[Freeipa-users] Apparently transient error cl5DBData2Entry - Invalid data version

Hi We have 3 IPA servers which we are in the process of updating from RHEL 7.7 to RHEL 7.8. Servers X, Z are at: ipa-server-4.6.6-11.el7.x86_64 (RHEL 7.8) Server W is at: ipa-server-4.6.5-11.el7_7.3.x86_64 (RHEL 7.7) Server X was updated some time ago, and server Z was updated last Thursday.