[Freeipa-users] unsubscribr
plz guide me how to unsubscribe from this list ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-users] Re: Sudo command not working
Hi i had this problem too. i studied all of these pages but it doesnt work and i had to stop working with IPA On Mon, 20 Apr 2020, 18:45 Rob Crittenden via FreeIPA-users, < freeipa-users@lists.fedorahosted.org> wrote: > Faraz Younus via FreeIPA-users wrote: > > Hi Team, > > I'm getting error when executing sudo su on client server what can be > > the issue sudo command is there > > > > [faraz.younus@england-web-dev ~]$ sudo su > > > > [sudo] password for faraz.younus: > > > > faraz.younus is not allowed to run sudo on england-web-dev. This > > incident will be reported. > > Start with these: > > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_identity_management/granting-sudo-access-to-an-idm-user-on-an-idm-client_configuring-and-managing-idm > > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/troubleshooting-sudo > > https://docs.pagure.org/SSSD.sssd/users/sudo_troubleshooting.html > > To help we'd need a lot more information: the distro of client and > server, the HBAC settings, what the SUDO rules are, logs, etc. > > rob > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] sudo rule doesn't work
Hi friends i define a SudoRule with this properties: rulename : rsyslog_rule Enabled : true RunAs group Category : All users :user-test hosts: ipacli-irvlt01.mydomain.com sudo Deny Commands : sudo /usr/bin/systemctl restart rsyslog now i login with "user-test" into "ipacli-irvlt01" server and i try to run " sudo /usr/bin/systemctl restart rsyslog" command. i expected to doesnt allow to run this command but no action happend and i could run it!!! why my sudo rule doesnt work? -- this is less /var/log/sssd/sssd_domain.log: (Sun Jan 12 13:59:01 2020) [sssd[be[lshs.dc]]] [orderly_shutdown] (0x0010): SIGTERM: killing children -- this is /var/log/sssd/sssd_sudo.log (Sun Jan 12 13:59:01 2020) [sssd[sudo]] [orderly_shutdown] (0x0010): SIGTERM: killing children -- this is less /var/log/sudo_debug Jan 12 14:19:27 sudo[17370] /etc/sudoers:53 CMNDALIAS ALIAS = COMMAND , COMMAND ARG , COMMAND ARG Jan 12 14:19:27 sudo[17370] -> alias_add @ ./alias.c:120 Jan 12 14:19:27 sudo[17370] -> rcstr_addref @ ./rcstr.c:81 Jan 12 14:19:27 sudo[17370] <- rcstr_addref @ ./rcstr.c:88 := 0x55f2968e7714 Jan 12 14:19:27 sudo[17370] -> rbinsert @ ./redblack.c:177 Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54 Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := -13 Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54 Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := -6 Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54 Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := -6 Jan 12 14:19:27 sudo[17370] -> rotate_right @ ./redblack.c:147 Jan 12 14:19:27 sudo[17370] <- rotate_right @ ./redblack.c:163 Jan 12 14:19:27 sudo[17370] <- rbinsert @ ./redblack.c:265 := 0 Jan 12 14:19:27 sudo[17370] <- alias_add @ ./alias.c:143 := (null) Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> fill_txt @ ./toke_util.c:52 Jan 12 14:19:27 sudo[17370] <- fill_txt @ ./toke_util.c:80 := true Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103 Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132 Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956 Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2968ff550 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103 Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159 Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69 Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132 Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956 Jan 12 14:19:27 sudo[17370] <-
[Freeipa-users] Re: Ipa user can't login via ssh
I checked it but i couldnt solve it On Wed, 9 Oct 2019, 12:30 Jakub Hrozek via FreeIPA-users, < freeipa-users@lists.fedorahosted.org> wrote: > On Wed, Oct 09, 2019 at 08:45:16AM -, Elhamsadat Azarian via > FreeIPA-users wrote: > > ### Request for enhancement > > as a Linux admin i want to login into my ipa client with a user that is > defined in ipa-server UI. > > > > ### Issue > > I installed Ipa-server and an Ipa-client on CentOS7.6 > > I defined Internal DNS on ipa-server and i defined A and PTR records for > client on ipa-server. > > now i can see my client in ipa-UI and i defined a user with name "elham" > and i expect that it can login into ipa-client. > > when i login with root in ipa-client and i do sudo elham, it works and > kinit elham works too but > > when i do ssh into ipa-client with this user, it show "Access denied" > > i have errors with this context: > > pam_reply : authentication failure to the client > > pam_sss: authentication falure > > > > im tired of this issue. please help me if you know the solution. > > Please start here: > https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html > > > > Steps to Reproduce > > 1. define new user "elham" in ipa UI > > 2. SSH to ipa-client with elham > > 3. access denied > > > > Actual behavior > > (what happens) > > > > Expected behavior > > login into ipa-client successfully > > > > Version/Release/Distribution > >ipa-server 4.6.5-11.el7 > >ipa-client 4.6.4-10.el7.centos.3 > > Log files and config files are added below: > > > > > > > > krb5.conf > > > > #File modified by ipa-client-install > > > > includedir /etc/krb5.conf.d/ > > includedir /var/lib/sss/pubconf/krb5.include.d/ > > > > > > [logging] > > default = FILE:/var/log/krb5libs.log > > kdc = FILE:/var/log/krb5kdc.log > > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > > default_realm = LSHS.DC > > dns_lookup_realm = false > > dns_lookup_kdc = false > > rdns = false > > ticket_lifetime = 24h > > forwardable = yes > > allow_weak_crypto = true > > default_ccache_name = KEYRING:persistent:%{uid} > > > > [realms] > > LSHS.DC = { > > kdc = ipa-irvlt01.example.dc:88 > > admin_server = ipa-irvlt01.example.dc:749 > > default_domain = example.dc > > } > > [domain_realm] > > .example.com = LSHS.DC > > example.com = LSHS.DC > > > > > > > > sssd.conf > > - > > [domain/example.dc] > > > > cache_credentials = True > > krb5_store_password_if_offline = True > > ipa_domain = example.dc > > id_provider = ipa > > auth_provider = ipa > > access_provider = ipa > > ldap_tls_cacert = /etc/ipa/ca.crt > > ipa_hostname = ipacli-irvlt01.example.dc > > chpass_provider = ipa > > dyndns_update = True > > ipa_server = _srv_, ipa-irvlt01.example.dc > > dyndns_iface = ens160 > > dns_discovery_domain = example.dc > > > > debug_level = 10 > > [sssd] > > ### AFTER IPA ### > > #services = nss, sudo, pam, ssh > > services = nss, pam > > config_file_version = 2 > > # > > domains = example.dc > > > > debug_level = 10 > > [nss] > > homedir_substring = /home > > > > [pam] > > debug_level = 10 > > > > [sudo] > > > > [autofs] > > > > [ssh] > > > > [pac] > > > > [ifp] > > > > [secrets] > > > > [session_recording] > > > > ## > > > > > > ___ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Ipa user can't login via ssh
### Request for enhancement as a Linux admin i want to login into my ipa client with a user that is defined in ipa-server UI. ### Issue I installed Ipa-server and an Ipa-client on CentOS7.6 I defined Internal DNS on ipa-server and i defined A and PTR records for client on ipa-server. now i can see my client in ipa-UI and i defined a user with name "elham" and i expect that it can login into ipa-client. when i login with root in ipa-client and i do sudo elham, it works and kinit elham works too but when i do ssh into ipa-client with this user, it show "Access denied" i have errors with this context: pam_reply : authentication failure to the client pam_sss: authentication falure im tired of this issue. please help me if you know the solution. Steps to Reproduce 1. define new user "elham" in ipa UI 2. SSH to ipa-client with elham 3. access denied Actual behavior (what happens) Expected behavior login into ipa-client successfully Version/Release/Distribution ipa-server 4.6.5-11.el7 ipa-client 4.6.4-10.el7.centos.3 Log files and config files are added below: krb5.conf #File modified by ipa-client-install includedir /etc/krb5.conf.d/ includedir /var/lib/sss/pubconf/krb5.include.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = LSHS.DC dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = yes allow_weak_crypto = true default_ccache_name = KEYRING:persistent:%{uid} [realms] LSHS.DC = { kdc = ipa-irvlt01.example.dc:88 admin_server = ipa-irvlt01.example.dc:749 default_domain = example.dc } [domain_realm] .example.com = LSHS.DC example.com = LSHS.DC sssd.conf - [domain/example.dc] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = example.dc id_provider = ipa auth_provider = ipa access_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt ipa_hostname = ipacli-irvlt01.example.dc chpass_provider = ipa dyndns_update = True ipa_server = _srv_, ipa-irvlt01.example.dc dyndns_iface = ens160 dns_discovery_domain = example.dc debug_level = 10 [sssd] ### AFTER IPA ### #services = nss, sudo, pam, ssh services = nss, pam config_file_version = 2 # domains = example.dc debug_level = 10 [nss] homedir_substring = /home [pam] debug_level = 10 [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording] ## ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] LDAP error while installing IPA client
Hi i installed ipa server but when i try to install ipa-client, this error was showed: Error checking LDAP: Operation error: 04DC: LdapErr: DSID-0C0907c2, comment: In order to perform this operation a successful bind must be completed on the connection. it shows FQDN of my windows DNS Server instead of IPA server FQDN. and produced an error that is attached. Additional info: i have a windows DNS server. Log file of ipaclient_intsall.log 2019-08-18T10:00:08Z DEBUG Logging to /var/log/ipaclient-install.log 2019-08-18T10:00:08Z DEBUG ipa-client-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'force': False, 'verbose': False, 'ip_addresses': None, 'configure_firefox': False, 'realm_name': None, 'force_ntpd': False, 'on_master': False, 'no_nisdomain': False, 'ssh_trust_dns': False, 'principal': None, 'keytab': None, 'no_ntp': False, 'domain_name': None, 'request_cert': False, 'fixed_primary': False, 'no_ac': False, 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': False, 'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir': None, 'unattended': False, 'quiet': False, 'nisdomain': None, 'prompt_password': False, 'host_name': None, 'permit': False, 'automount_location': None, 'preserve_sssd': False, 'mkhomedir': True, 'log_file': None, 'uninstall': False} 2019-08-18T10:00:08Z DEBUG IPA version 4.6.4-10.el7.centos.3 2019-08-18T10:00:08Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2019-08-18T10:00:08Z DEBUG Starting external process 2019-08-18T10:00:08Z DEBUG args=/usr/sbin/selinuxenabled 2019-08-18T10:00:08Z DEBUG Process finished, return code=0 2019-08-18T10:00:08Z DEBUG stdout= 2019-08-18T10:00:08Z DEBUG stderr= 2019-08-18T10:00:08Z DEBUG Starting external process 2019-08-18T10:00:08Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2019-08-18T10:00:08Z DEBUG Process finished, return code=1 2019-08-18T10:00:08Z DEBUG stdout=disabled 2019-08-18T10:00:08Z DEBUG stderr= 2019-08-18T10:00:08Z DEBUG Starting external process 2019-08-18T10:00:08Z DEBUG args=/bin/systemctl is-active chronyd.service 2019-08-18T10:00:08Z DEBUG Process finished, return code=3 2019-08-18T10:00:08Z DEBUG stdout=inactive 2019-08-18T10:00:08Z DEBUG stderr= 2019-08-18T10:00:08Z DEBUG [IPA Discovery] 2019-08-18T10:00:08Z DEBUG Starting IPA discovery with domain=None, servers=None, hostname=ipacli-irvlt01.shs.dc 2019-08-18T10:00:08Z DEBUG Start searching for LDAP SRV record in "shs.dc" (domain of the hostname) and its sub-domains 2019-08-18T10:00:08Z DEBUG Search DNS for SRV record of _ldap._tcp.shs.dc 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp02.shs.dc. 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp01.shs.dc. 2019-08-18T10:00:10Z DEBUG [Kerberos realm search] 2019-08-18T10:00:10Z DEBUG Search DNS for TXT record of _kerberos.shs.dc 2019-08-18T10:00:10Z DEBUG DNS record not found: NXDOMAIN 2019-08-18T10:00:10Z DEBUG Search DNS for SRV record of _kerberos._udp.shs.dc 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 88 dc-irvwp01.shs.dc. 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 88 dc-irvwp02.shs.dc. 2019-08-18T10:00:10Z DEBUG [LDAP server check] 2019-08-18T10:00:10Z DEBUG Verifying that dc-irvwp02.shs.dc (realm None) is an IPA server 2019-08-18T10:00:10Z DEBUG Init LDAP connection to: ldap://dc-irvwp02.shs.dc:389 2019-08-18T10:00:10Z DEBUG Search LDAP server for IPA base DN 2019-08-18T10:00:10Z DEBUG Check if naming context 'DC=SHS,DC=DC' is for IPA 2019-08-18T10:00:10Z DEBUG Unhandled LDAPError: OPERATIONS_ERROR: {'info': '04DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580', 'desc': 'Operations error'} 2019-08-18T10:00:10Z ERROR Error checking LDAP: Operations error: 04DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580 2019-08-18T10:00:10Z DEBUG Cannot connect to LDAP server. Check that minssf is not enabled 2019-08-18T10:00:10Z DEBUG Assuming realm is the same as domain: SHS.DC 2019-08-18T10:00:10Z DEBUG Generated basedn from realm: dc=shs,dc=dc 2019-08-18T10:00:10Z DEBUG Discovery result: NO_TLS_LDAP; server=None, domain=shs.dc, kdc=dc-irvwp01.shs.dc,dc-irvwp02.shs.dc, basedn=dc=shs,dc=dc 2019-08-18T10:00:10Z DEBUG Validated servers: dc-irvwp02.shs.dc 2019-08-18T10:00:10Z DEBUG will use discovered domain: shs.dc 2019-08-18T10:00:10Z DEBUG Start searching for LDAP SRV record in "shs.dc" (Validating DNS Discovery) and its sub-domains 2019-08-18T10:00:10Z DEBUG Search DNS for SRV record of _ldap._tcp.shs.dc 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389 dc-irvwp01.shs.dc. 2019-08-18T10:00:10Z DEBUG DNS record found: 0 100 389
[Freeipa-users] external DNS
Hi i installed Ipa-server without internal DNS and i set it to user a windows DNS server in network. when install process finished it note that: "please add records in this file to your DNS system" now i dont know what i must do? i must add them into "windows DNS server" or in "Network part of ipa server GUI"? can u tell me what should i do with this file? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] external DNS
Hi i installed Ipa-server without internal DNS and i set it to user a windows DNS server in network. when install process finished it note that: "please add records in this file to your DNS system" now i dont know what i must do? i must add them into "windows DNS server" or in "Network part of ipa server GUI"? can u tell me what should i do with this file? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: freeipa-client-install error
dear friends no one have idea about my problem? i install freeipa server base on a windows DNS server. i mean there was a windows DNS Server and while i was installing freeipa i set resolve.conf and hosts base on this windows DNS. then i installed a freeipa-client on my client server. base on instructions i changed client's resolve.conf to free-ipa IP. (mean i set DNS of my client to free-ipa-server IP) when i did freeipa-client-install it show an error: "Failed to verify that ipa-server.shs.dc is an IPA server. this may mean that the remote server is not up or reachabe due to network settings." in ipaclient-install files: "search DNS for SRV record of _ldap._tcp.shs.dc DNS record not found: timeout." of course i opened all ports in firewall and im sure the server is up. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] freeipa-client-install error
Hi i install freeipa server base on a windows DNS server. i mean there was a windows DNS Server and while i was installing freeipa i set resolve.conf and hosts base on this windows DNS. then i installed a freeipa-client on my client server. base on instructions i changed client's resolve.conf to free-ipa IP. (mean i set DNS of my client to free-ipa-server IP) when i did freeipa-client-install it show an error: "Failed to verify that ipa-server.shs.dc is an IPA server. this may mean that the remote server is not up or reachabe due to network settings." in ipaclient-install files: "search DNS for SRV record of _ldap._tcp.shs.dc DNS record not found: timeout." of course i opened all ports in firewall and im sure the server is up. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Hi
___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] error in FreeIPA UI login page
Dear friends I instalked freeIPA on centos 7 with external DNS and internal CA server. It finished successfuly but with a failed message about installing client components! Anyway i open a web browser and browse freeipa page. It showed and i add exeption for certificate. Then login page appeared. I inserted admin user and pasdword but it showed error. "Invalid CA renewal master. All masters must have CA server role enabled" ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org