20:20 GMT+08:00 Alexander Bokovoy <aboko...@redhat.com>:
> On to, 09 marras 2017, barrykfl--- via FreeIPA-users wrote:
>
>> Hi:
>>
>> May be I missed write something on JSON..
>>
>> But I can use in command shell successfully. ipa user-mod apigee
>>
Hi all:
setup two servers replicas want make HA and backup / restore ..any where
have reference especially backup / restore is necessary.
Regards
Barry
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an
HI:
I already config cluster of 2 servers using corosys and peacemaker.
But the Virtual ip is the resource only.
Is it possible to make ldap 389/639 as a detection of fail then switch?
Regards
Barry
___
FreeIPA-users mailing list --
Dear all:
two servers replica but the latter one become unstable.
I success promote a client to replcia master .
but after reboot the response is slow and the certomanger start fail
and remote login ssh very slow delay half minuets
boot log found certmanger fail to start and login service
for Plymouth Boot Screen to Quit...
Starting Terminate Plymouth Boot Screen...
2017-11-28 16:20 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com>:
> On 11/28/2017 08:25 AM, barrykfl--- via FreeIPA-users wrote:
>
>> Dear all:
>>
>> two servers replica but
Dear all:
Simple question ..Is this command enough to disjoin from an existing IPA
master.?
Want to test some servers.. joined a master is .ipa-client-install
--uninstall
can remove all config from my master server ???
Regards
Barry
___
ins.user import user
>> from ipalib.parameters import Str
>> from ipalib.text import _
>> from ipalib import _
>> user.takes_params += (
>>Str('comdate?',
>>cli_name='comdate',
>>label=_('Commencement Date'),
>>),
>
anywhere can explain the following RFC of ldap ? I have confuse how come
and must use this ...can I random gen some number ..
2.25.28639311321113238241701611583088740684.14.2.1 < it used custom person
class so if relate to it I should use .2 .3 .4 .5 etc ???
Dear all:
I follow the guide of freeipa 3.0 abt web plugin web ui. At command base I
successfully made
a custom attribute called Employee " Commencement Date" . I can add using
script / command.
BUT in web UI , it Display "Commencent date" Label only and cannot
display edit field and allow
:
>>>
>>> Same Like this Lable no field no edit no save but fine in command base
>>> ...any different freeipa4.0 vs 3.0 procedure?
>>>
>>> Do you have IPA 4.x ? Or which version?
>>>
>>> Try to add following line into the specifi
.any different freeipa4.0 vs 3.0 procedure?
>>
>> Do you have IPA 4.x ? Or which version?
>>
>> Try to add following line into the specification of your new field:
>>
>> flags: ['w_if_no_aci']
>>
>>
>> [image: 內置圖片 2]
>>
>> 2017-11-09 14:44 GMT+08:00 P
Same Like this Lable no field no edit no save but fine in command base
...any different freeipa4.0 vs 3.0 procedure?
[image: 內置圖片 2]
2017-11-09 14:44 GMT+08:00 Pavel Vomacka <pvoma...@redhat.com>:
>
> On 11/08/2017 07:29 AM, barrykfl--- via FreeIPA-users wrote:
>
> Hi,
&
flags: ['w_if_no_aci']
>
>
> [image: 內置圖片 2]
>
> 2017-11-09 14:44 GMT+08:00 Pavel Vomacka <pvoma...@redhat.com>:
>
>>
>> On 11/08/2017 07:29 AM, barrykfl--- via FreeIPA-users wrote:
>>
>> Hi,
>>
>> Dear all:
>>
>> I follow th
hi all:
https://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
I added the attribute successfully but the plugin of JS fail to display a
field
and cannot save
Any idea now I m using freeipa 4.5 ...seem not same as the pdf using.
Barry
all usernames migrated but cannot login even I used
https://your.domain/ipa/migration/ to verified successfully ...It still
say password incorrect.
then I want to delete all burtit said no entry when I press del.
2018-05-22 1:36 GMT+08:00 Rob Crittenden <rcrit...@redhat.com>:
> barryk
ntry when I press del.
>
> Not enough information to help you here. The command-line is easier to
> debug in this regard.
>
> rob
>
> >
> > 2018-05-22 1:36 GMT+08:00 Rob Crittenden <rcrit...@redhat.com
> > <mailto:rcrit...@redhat.com>>:
> >
> >
Dear all:
I used this migration command migrate users but the user does not work.
IPA is unable to generate Kerberos keys unless provided
with clear text passwords. All migrated users need to
login at https://your.domain/ipa/migration/ before they
can use their Kerberos accounts.
even now i
Hi all:
After I migrated to new Servers .using migrateds command..I used
server.com:389 connect and embedded in
3 rd opensource.
I found user can login successfully ...but
the http://server.com/ipa/ui cannot ...
user have to use http://server.com/ipa/migration then can success login the
UI.
I used the following command trsnafere acc/group from 3.0 -4.0 successfuly
ipa migrate-ds --bind-dn="cn=Directory Manager"
--user-container=cn=users,cn=accounts
--group-container=cn=groups,cn=accounts
wrote:
> >
> > Hi there,
> >
> > UI uses Kerberos...
> >
> > Regards,
> >
> > ---
> >
> > EZajko
> > @root.ba
> >
> > On Thu, May 31, 2018, 05:48 barrykfl--- via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org>
ing_from_a_directory_server_to_ipa
> >>
> >>
> >>
> >> > 340282366920938463463374607431768211456
> >> On Thu, May 31, 2018 at 6:47 AM Ernedin Zajko wrote:
> >> >
> >> > Hi there,
> >> >
> >> > UI uses Kerberos..
e ID ..same
>> situation occur. del fail.
>>
>> 2018-05-29 21:33 GMT+08:00 Florence Blanc-Renaud :
>>
>>> On 05/29/2018 12:26 PM, barrykfl--- via FreeIPA-users wrote:
>>>
>>>>
>>>> Hi :
>>>>
>>>>
>>>>
Hi :
I migrated use commands form ipa 3 to ipa 4
ipa migrate-ds --user-container=cn=users,cn=accounts
--group-container=cn=groups,cn=accounts --with-compat ldap://abc.cde.com:389
Fine I saw everything work entries there ...but I want del account it said
user not found..
(Modify info is ok)
4.0 's admin and migrated 3.0 one which follow old same ID ..same
> situation occur. del fail.
>
> 2018-05-29 21:33 GMT+08:00 Florence Blanc-Renaud :
>
>> On 05/29/2018 12:26 PM, barrykfl--- via FreeIPA-users wrote:
>>
>>>
>>> Hi :
>>>
>>>
>
Already set a cluster of 2 nodes can work fine
but evey reboot corosync seem conflict with certmonger service and login
service
and cause ssh shell login slow. and idea.? other funct of freeipa / HA
actually is working fine.
It seem will fail login service and zabbix agent also for the
Hi:
I have the corosyc peacemaker cluster working fine on basic function.
BUt tried to reboot one node the HA work ...but after reboot .
It "sometimes" make certmonger.service fail? 10 times may 6 times fail but
reboot several times it work again.
I discovered that the most case happen
Hi :
when reboot the server the certomenger.service always fail
It is not cluster just a signle server.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
hi:
Any one has such exp ,certomonger always fail after reboot.
Dbus service / other service seem working fine. Any systemctl cannot run
Also it is not cluster any hints.
systemctl daemon-reload
Error getting authority: Error initializing authority: Error calling
StartServiceByName for
Hi All:
I did on centos 7 with replication of servers no problem but after install
cluster
I try reboot , it cause cermonger service faul and login serveice fail ,
when I ssh to this A serverit take half minutes or FTP always time out.
After that I have to stop cluster in B server and try stop
Hi:
Any one find that the log of systemctl | grep running show late in putty?
dirsrv@ABC-COM.service
loaded active running 389 Directory Server ABC.COM.
systemctl | grep running < after reboot type this not show 389 sever need
wait half - 1 min and retype then show .
Regards
Barry
Auto reboot fail , I just try manual bootup cermonger.service still fail
sudo systemctl -f start certmonger.service
Jan 30 11:03:01 dbus[537]: [system] Activating systemd to h
Jan 30 11:03:01 dbus-daemon[537]: dbus[537]: [system] Activ
Jan 30 11:03:13 systemd-logind[2922]: Failed to enable
bind password,
> base_dn) to suit your needs, usually in /etc/raddb/mods-enabled/ldap.
>
>
> HTH
>
> Cheers,
> Giulio
>
> On 6 Feb 2018, at 10:16, barrykfl--- via FreeIPA-users <
>> freeipa-users@lists.fedorahosted.org <mailto:freeipa-us...@lists.fe
>>
Hi: all
I m reading this :
http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_to_service_accounts..html
It need create a service ac under
radius/host.ipa.example.net...@ipa.example.net.au,\
cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' -
BUt which file ldif I
yum install freeradius freeradius-utils freeradius-ldap freeradius-krb5
succesfuuly.
But cannot start with following error and idea?
: Unregistered Authentication Agent for unix-process:12922:607417 (system
bus name :1.53, object path /org/freedesktop/PolicyKit1/Au
ref doc:
Hi :
Anyone has exp to use freeipa 4.0 above as radius server ? e.g want wifi
use radius everyone carry ldap password.
How to implement ? need special plugin ? seem it need new
attribute can generate harsh password and syn with LDAP together ?
Thx and Regards
Barry
Hi all:
I used to centos 6 freeipa and install PWM together with CA service there
is no problem.
BUt now we change to centos 7 seem PKI Tomcat Server by default will launch
8443 and 8080 port . Now I installed PWM (password manager) but
pki tomcat 8080 port conflict with pwm 's 8080 port , I
ERR - NSACLPlugin - acl_parse - The ACL target
cn=vaults,cn=kra,dc=abc,dc=com does not exist
Any idea ..thx ...no big impact but keep logging error.
Regards
Barry
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe
Hi All;
One of server of cluster shutdown for a week now return normal .
But the comes as below:
I already reintialize it worked success but the error keep log in the log
file
it already make the log size big.
The remote replica has a different database generation ID than the local
database.
Hi all :
Any idea how to skip boot of smb.server and win bind ...or uninstall them
without affect ..thx
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
ntpd Service: RUNNING
pki-tomcatd Service: RUNNING
smb
hi :
any timestamp expiry of the ipa backup copy ?
My steps are:
On orginal server , I backup a copy then I shut it down.
Then I reinstall an new one with same host name and I can really
restore from the backup. (test finish)
after that I shutown the new server , and want to get back the
月1日 上午7:02 於 "Rob Crittenden" <rcrit...@redhat.com> 寫道:
> barrykfl--- via FreeIPA-users wrote:
> > Hi all:
> >
> > any one has better solution of freeipa backup ? assume all ldap db crash
> > ,all ca fail, no backup of cert ...etc but need cleanly install
Hi:
I m seeking a replication of master - slave mode of free ipa ?
Is there such mode ? as I saw actually 2 nodes configuration acutally
called master - master .
Regards
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To
Hi:
I want to make cluster of 3 nodes ...does this graph shown servers need 2
virtual ips if not made single point of failure ?
2018-03-15 18:12 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com>:
> On 03/15/2018 11:04 AM, barrykfl--- via FreeIPA-users wrote:
>
>> Hi:
Hi all:
is it possible make the replication server 1 way ?
I got radius/ldap config server in far remote site ..
so no need mutual replication.
remote site just make a slave one way is ok.
Regards
___
FreeIPA-users mailing list --
Tried those command before ,,,seem the web page and LDAP separate or I
missed some parts.
it can turn on the ldap but the web page not allow to login ...mostly it
related to ?
2018-03-02 17:24 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com>:
> On 01/03/2018 10:37, barrykfl--- via Free
Hi all:
any one has better solution of freeipa backup ? assume all ldap db crash
,all ca fail, no backup of cert ...etc but need cleanly install one with
same hostname.
and we have /usr/sbin/ipa-backup ldif backup .
Can I use an old image but restore back ldif such backup?
or any better
Is the Cert Store 's CA same ? It same just import again a valid cert then
Should be fine ..
On Thu, Jan 17, 2019 at 11:31 AM Bhavin Vaidya via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hello,
>
> We rebooted our Primary FreeIPA server (ds01) and then it will not start
>
47 matches
Mail list logo
