Hi,
There is probably a bug that prevents a C9S IPA replica with a CA to
be installed against an IPA cluster running older versions (RHEL8).
Otherwise you can compare the versions:
Fedora: https://koji.fedoraproject.org/koji/packageinfo?packageID=11554
C9S:
Hi,
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
F.
On Tue, Oct 19, 2021 at 3:42 PM Guillermo Colmena via FreeIPA-users
wrote:
>
> Hi I would like to be removed from the distribution list. Let me know if
> there is anything I can do.
>
> Best regards,
> Guillermo
On Mon, Oct 4, 2021 at 8:25 PM Kees Bakker via FreeIPA-users
wrote:
>
> On 04-10-2021 11:04, François Cami via FreeIPA-users wrote:
> > On Mon, Oct 4, 2021 at 10:35 AM Kees Bakker via FreeIPA-users
> > wrote:
> >> Hi,
> >>
> >> Every now and the
On Mon, Oct 4, 2021 at 10:35 AM Kees Bakker via FreeIPA-users
wrote:
>
> Hi,
>
> Every now and then I cannot login anymore after waking up from a suspend.
> I'm getting krb5_child: DIsk quota exceeded
>
> I suspend my PC at the end of the working day. Most of the time I can unlock
> my screen
On Mon, Sep 27, 2021 at 2:12 PM lejeczek via FreeIPA-users
wrote:
>
>
>
> On 27/09/2021 12:23, François Cami wrote:
> > Hi,
> >
> > Any AVC present in /var/log/audit/audit.log?
> >
> > Thank you,
> > François
> >
> > On Mon, Sep 27, 2021 at 12:52 PM lejeczek via FreeIPA-users
> > wrote:
> >> Hi
Hi,
Any AVC present in /var/log/audit/audit.log?
Thank you,
François
On Mon, Sep 27, 2021 at 12:52 PM lejeczek via FreeIPA-users
wrote:
>
> Hi guys.
>
> Anybody on CentOS Stream?
> With updates among which I have
> selinux-policy-3.14.3-79.el8.noarch
>
Hi,
On Wed, Sep 22, 2021 at 3:18 AM Kathy Zhu via FreeIPA-users
wrote:
>
> Hi list,
>
>
> one of my ipa server (dirsrv) hang this morning. "ipactl status" no output
> and did not return. With nsslapd-errorlog-level being set to 16384, however,
> very few log entries. I rebooted the server to
Hi,
I think this is related to the DS versions being different in f33 and f34.
f33 has 389-ds-base-1.4 and f34 has 2.0.x.
It sounds like:
https://github.com/389ds/389-ds-base/issues/4498#issuecomment-744335466
Could you post the exact versions of DS you are using?
Thank you,
François
On Thu,
The FreeIPA team would like to announce the FreeIPA 4.9.7 release!
It can be downloaded from http://www.freeipa.org/page/Downloads.
Builds for Fedora 35 and 36 will be available from the official
repository soon.
The release notes can be read online:
https://www.freeipa.org/page/Releases/4.9.7
On Mon, Jul 26, 2021 at 7:25 PM Ranbir via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> On Mon, 2021-07-26 at 16:38 +, Sam Morris via FreeIPA-users wrote:
> > If you are running SELinux in enforcing mode then it's possible that
> > your script is being confined by the
Hi,
Please have a look at dirsrv's logs for replication issues when you
add an entry.
François
On Mon, Jul 5, 2021 at 9:31 AM Kees Bakker via FreeIPA-users
wrote:
>
> Hi Flo,
>
> Do you perhaps have another hint what I can check?
>
> On 01-07-2021 21:44, Kees Bakker via FreeIPA-users wrote:
>
On Tue, Jun 29, 2021 at 5:45 PM Alexander Bokovoy via FreeIPA-users
wrote:
>
> The FreeIPA team would like to announce FreeIPA 4.9.6 release!
>
> It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
> for Fedora distributions will be available from the official repository
>
Hi,
On Fri, Jun 25, 2021 at 5:27 PM iulian roman via FreeIPA-users
wrote:
>
> Hello,
>
> I tried for some time to understand how the cache invalidation works on the
> clients, and I have to admit that I am even more confused that when I
> started, therefore I would like to ask if there is
Hi,
Can you have a look at the dirserv logs?
François
On Mon, Jun 21, 2021 at 1:24 PM Ronald Wimmer via FreeIPA-users
wrote:
>
> On some servers I can see that ipactl status hangs from time to time. I
> can see SSSD reporting the backend to be offline and dirsrv not running
> for some reason.
On Tue, Apr 13, 2021 at 12:52 PM Ronald Wimmer via FreeIPA-users
wrote:
>
> I tried to promote an ipa-client to an ipa-replica. That particular host
> has previously been a replica but has been removed due to a faulty base
> OS configuration. When I do an ldapsearch from the top of the LDAP tree
On Tue, Mar 9, 2021 at 6:16 PM lejeczek via FreeIPA-users
wrote:
>
> Hi guys.
>
> I'm trying to remove a master from my domain and I get:
>
> -> $ ipa-server-install --uninstall --unattended
> Deleting this server will leave your installation without a
> CRL generation master.
>
On Tue, Mar 9, 2021 at 10:52 AM iulian roman via FreeIPA-users
wrote:
>
> Thank you for clarifications Alexander.
>
> OS version: Ubuntu 18.04.2 LTS
> samba version : Version 4.7.6-Ubuntu
> FreeIPA version: 4.7.4
>
> If I understand correctly does not make any sense to continue
>
Hi,
On Thu, Feb 18, 2021 at 3:04 PM John Desantis via FreeIPA-users
wrote:
>
> Hello all,
>
> I couldn't easily find a direct answer regarding a yum upgrade of the
> IPA server with an active AD trust, so I'll just ask here.
>
> When one performs a yum upgrade of the IPA server, does the AD
On Tue, Feb 16, 2021 at 4:00 PM Russ Long via FreeIPA-users
wrote:
>
> We're adding FreeIPA to an immutable, often rotated environment (AWS ECS
> Hosts). These hosts are spun up and down at least daily. Is there a way to
> check FreeIPA to see when a host has last communicated with the
Hi,
On Wed, Dec 30, 2020 at 2:55 PM Dominik Vogt via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi folks,
>
> we need to install ipa-server on a box running RHEL8, say
> server.foo.bar.baz, 192.168.123.45. ipa-server-install needs
> working name resolution for that host, and
On Wed, Dec 16, 2020 at 2:53 PM Kees Bakker wrote:
> Thanks for the pointer. A bit old, but probably still relevant.
>
> Anyway, I was thinking that the following may be the cause of
> my observation. I'm now working from home (as many will recognize).
> My setup is a X2GO connection to the
Hi,
Please see:
https://sgallagh.wordpress.com/2011/09/02/sssd-tips-and-tricks-vol-1-kerberos/
Disclaimer: I don't know how applicable this is to your system.
François
On Wed, Dec 16, 2020 at 9:04 AM Kees Bakker via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi,
>
> On my
Hi,
No, this is not possible.
What you seem to want to achieve will be best served when the FreeIPA to
FreeIPA domain trust is available.
This is not the case today.
François
On Tue, Dec 15, 2020 at 6:07 PM Karim Bourenane via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
>
On Thu, Oct 8, 2020 at 6:27 PM Albert Szostkiewicz via FreeIPA-users
wrote:
>
> Hi!
>
> My dirsrv@IPA-MYDOMAIN-COM.service on IPA server fails to start due to
> missing configuration. How can I re-create one ?
>
> journalctl:
> ds_systemd_ask_password_acl[10117]: grep:
>
Hi,
On Fri, Oct 2, 2020 at 3:29 PM Kobus Bensch via FreeIPA-users
wrote:
>
> Hi
> I can find anything on search so here goes:
> I installed freeipa with domain: company.com, but this now needs to change to
> newcompany.net
> Can someone please direct me to docs that i can read to make this
On Fri, Sep 4, 2020 at 11:34 AM Boris Behrens wrote:
>
> Well, maybe "migrate" is the wrong word. I would like to copy files to
> another system and have IPA running on the new OS. (like a wordpress or
> something).
The closest thing that does that is ipa-backup + ipa-restore but
restoring a
Hi,
On Fri, Sep 4, 2020 at 9:29 AM Boris Behrens via FreeIPA-users
wrote:
>
> Hi,
> just a short question:
>
> Is it possible to migrate a freeIPA server to a new host?
Yes
> I'd like to move from fedora 26 to centos8, but I wouldn't like to "add a new
> master, then remove the older master,
On Tue, Aug 25, 2020 at 2:57 PM Karim Bourenane via FreeIPA-users
wrote:
>
> Hello Rob, Team
>
> Thank you for your answer.
>
> I found a pdf link (old version of IPA ):
> https://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
>
> Can you confirm the steps ?
Not "confirm", no, but
On Fri, Aug 21, 2020 at 1:08 AM Chris Welsh via FreeIPA-users
wrote:
>
> Hi Rob,
>
> Could this be because I removed the replica and there are records still
> dangling in the config? Is there a way to find out where they are and remove
> them?
At worst, use ldapsearch to identify remaining
Hi Boris,
On Wed, Aug 5, 2020 at 2:16 PM Boris Behrens via FreeIPA-users
wrote:
>
> Hello François,
> thank you for your answer. As you may have guessed I am very new to freeIPA,
> so please don't get annoyed. If you point me to the documentation for a topic
> I can begin to work with that.
Hi,
On Wed, Aug 5, 2020 at 1:34 PM Boris Behrens via FreeIPA-users
wrote:
>
> Hi,
>
> upfront: please don't judge our setup. I know that the concept is an issue :-(
>
> I have two freeipa servers which are running on an old operating system
> (Fedora26) and I want to migrate it to centos8.
Are
Hi Ronald,
On Thu, Jul 30, 2020 at 4:05 PM Ronald Wimmer via FreeIPA-users
wrote:
>
> Hi,
>
> all over sudden automounting home shares has stopped working on one of
> our most important servers. The configuration has not changed at all.
> Automounting on servers with identical configuration
On Tue, Jul 28, 2020 at 3:08 PM Saurabh Garg via FreeIPA-users
wrote:
>
> Hi,
> Can someone please help me find an option if IdM server allows to control the
> ssh session timeout for user logins on freeipa clients?
For Authentication timeout, you want to set LoginGraceTime in sshd_config.
For
On Mon, Jul 6, 2020 at 10:25 PM White, Daniel E. (GSFC-770.0)[NICS]
wrote:
>
> Merci, François
You're welcome Daniel.
> (I remember that much high school French)
Hah :)
> __
>
>
>
> Daniel E. White
>
On Mon, Jul 6, 2020 at 10:23 PM White, Daniel E. (GSFC-770.0)[NICS]
via FreeIPA-users wrote:
>
> Is it worth a Feature Request ? Either here or at Red Hat ?
Ideally through Red Hat Support yes.
> __
>
>
On Mon, Jul 6, 2020 at 10:12 PM Rob Crittenden via FreeIPA-users
wrote:
>
> White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote:
> > Are there settings in FreeIPA similar to the setting available from the
> > chage command ? I am specifically looking for a setting for the time
> > after
Hi,
On Sun, Jun 7, 2020 at 11:13 PM Karim Bourenane via FreeIPA-users
wrote:
>
> Hello Team
>
> I have some questions :
> 1°) I need your help, to find the better way to upgrade my 3 servers linked
> (replicat).
> I want to upgrade servers from CentOS 7.6 to CentOS7.7 with update in same
>
Hi,
On Tue, Jun 2, 2020 at 1:09 PM Ben Aveling via FreeIPA-users
wrote:
>
> Hi,
>
> I'm looking for a way to set up a small office.
>
> I'm trying not to have to have all the clients SSSD back to the central
> office.
>
> It would be nice to be able to have a small FreeIPA server, and just pull
On Tue, May 5, 2020 at 1:24 PM Alexander Bokovoy via FreeIPA-users
wrote:
>
> On ti, 05 touko 2020, Rami Elias (TECH V) via FreeIPA-users wrote:
> >Hello,
> >
> >actually i can't provision new repliacs due to this on Centos 8.1:
> >https://bugs.centos.org/view.php?id=16929
> >
> >
> >it seems
Hi,
On Tue, Apr 21, 2020 at 12:19 PM Tiemen Ruiten via FreeIPA-users
wrote:
>
> Hello,
>
> Since a few days ago, we're having issues with resolution of this hostname:
>
> download.wisselkoersenvoorjeadministratie.nl
>
> Our FreeIPA DNS servers return SERVFAIL for that particular hostname. What's
On Wed, Mar 18, 2020 at 7:07 PM Markus Roth wrote:
>
> Hi François,
>
> I was able to achieve a small success with manual mounting. Instead of the
> following mount command:
>
> mount -t nfs4 -o sec=krb5 nfs-server.example.com:/ /
>
> I changed this up to:
>
> mount -t nfs4 -o sec=krb5i
Hi,
On Wed, Mar 18, 2020 at 4:37 PM Markus Roth via FreeIPA-users
wrote:
>
> Hi Daniel,
>
> thanks for pointing out the faulty mounting options. I changed it, but the
> nfs share is not still mounted.
>
> I also checked IPA service principal for NFS and both server and client
> principals
On Tue, Mar 17, 2020 at 1:18 PM Peter Tselios via FreeIPA-users
wrote:
>
> I have installed the ipa server by using the following command:
>
> -
> ipa-server-install
> --realm "EXAMPLE.COM" -p 'password' -a 'password'
> --hostname="server.example.com" -n example.com
>
On Wed, Mar 11, 2020 at 9:12 AM Fraser Tweedale via FreeIPA-users
wrote:
>
> On Wed, Mar 11, 2020 at 09:26:54AM +0200, Alexander Bokovoy wrote:
> > On ke, 11 maalis 2020, Fraser Tweedale via FreeIPA-users wrote:
> > > > Makes me look at this a different way. Perhaps change the certstore to
> > >
On Wed, Feb 26, 2020 at 12:42 PM LHEUREUX Bernard
wrote:
>
> I tried multiple times to solve the upgrade fail, but didn't I finally
> decided to completely reinstall that machine from scratch but the
> ipa-replica-install always refuse to perform to the end...
> I'm really stuck...
The update
Hi,
On Wed, Feb 26, 2020 at 12:17 PM LHEUREUX Bernard via FreeIPA-users
wrote:
>
> Hi all,
>
>
>
> I would linke to reinstall a replica for my FreeIPA infra that has failed its
> ipa-server-upgrade after the updat’e of CentOS
> ipa-server-4.6.5-11.el7.centos.4.x86_64, a few days ago…
How did
On Mon, Feb 3, 2020 at 10:07 PM Robbie Harwood via FreeIPA-users
wrote:
>
> Charles Hedrick via FreeIPA-users
> writes:
>
> > We currently do rsync backups of our server. On an MIT server, you’d
> > want to omit the stash file. But IPA doesn’t use that. Is there
> > anything like that that
On Mon, Feb 3, 2020 at 6:43 PM Lucas Diedrich via FreeIPA-users
wrote:
>
> Rob, can you confirm if this website https://www.freeipa.org/page/Build is
> the default guide for building freeipa ?
Yes, this is the case.
On Fedora 31 the COPR step is not needed.
> Em qui., 30 de jan. de 2020 às
Hi,
On Fri, Jan 31, 2020 at 2:48 PM Petar Kozić via FreeIPA-users
wrote:
>
> Hi,
> I have one IPA server dirsrv001 and newone dirsrv002
>
> dirsrv001 is old server from where I want to unroll my VPS’s and join to new
> server. I do some testing with Ubuntu VPS’s and that works perfect.
>
> I
Hi,
On Fri, Jan 31, 2020 at 8:04 AM Harald Dunkel via FreeIPA-users
wrote:
>
> Hi folks,
>
> *ipa help topics* gives me
>
> # ipa help topics
> ipa: ERROR: System encoding must be UTF-8, 'ANSI_X3.4-1968' is not supported.
> Set LC_ALL="C.UTF-8", or LC_ALL="" and LC_CTYPE="C.UTF-8".
> # env |
On Wed, Jan 15, 2020 at 11:48 AM cyrine stambouli via FreeIPA-users
wrote:
>
> I have this output :
>
> [root@ipa ~]# firewall-cmd --state
> running
>
> [root@ipa ~]# firewall-cmd --list-all
> public (active)
> target: default
> icmp-block-inversion: no
> interfaces: ens192
> sources:
>
Hi Cyrine,
Where did you run the (successful) telnet test from?
Localhost is treated differently, firewall-wise, in that it's not
firewalled by default, while external connections are and I assume
your browser test comes from outside the IPA server.
On the IPA server, first check if you are
Hi Tania,
You might want to switch chrony.conf to be managed by configuration
management software.
There is an Ansible role available at
https://galaxy.ansible.com/ericsysmin/chrony for instance.
That way you can maintain your list of time servers centrally and
remedy client configuration
Hi,
On Wed, Dec 18, 2019 at 1:47 PM White, David via FreeIPA-users
wrote:
>
> Reviewing the FreeIPA documentation for deployment recommendations, I read:
>
> “generally, it is recommended to have at least 2-3 replicas in each
> datacenter”.
>
>
>
> A couple of months ago, when we initially
There is currently no way to know, but the Disable Stale Users
proposal could be extended to any principal including the host ones.
https://github.com/freeipa/freeipa/blob/master/doc/designs/disable-stale-users.md
The timestamp precision would be coarse but that would clearly match
the use-case.
Hi Dirk,
On Wed, Nov 20, 2019 at 1:28 PM Dirk Streubel via FreeIPA-users
wrote:
>
> Hello,
>
> it is possible to run the ipa-replica at the same time with more than just
> one server.
>
> So, what i mean is this: ipa-replica-install --server=1 --server=b --server=c
> --setup-dns --forwarder
Hi,
On Mon, Nov 18, 2019 at 2:30 PM Ronald Wimmer via FreeIPA-users
wrote:
>
> Today I've encountered a strange problem on a Centos 7.7 machine with
> IPA automounted user homes.
>
> When I try to do a git clone in my home directory using SSH I it aborts
> abnormally with the following error
On Mon, Nov 4, 2019 at 11:35 AM Saurabh Garg via FreeIPA-users
wrote:
>
> All IPA services work else than IPA UI login. For Admin account it throws the
> error "Your session has expired. Please re-login."
>
> # cat /var/log/httpd/error_log | grep error
> [Mon Nov 04 03:30:57.855012 2019]
Hi,
On Thu, Oct 31, 2019 at 4:54 PM Vinícius Ferrão via FreeIPA-users
wrote:
>
> Hello,
>
> As today there’s any way to create a trust between two FreeIPA servers? I
> know that up to version 4.5 this isn’t possible yet.
Not yet: https://pagure.io/freeipa/issue/4867
> If there’s no way to
On Wed, Oct 23, 2019 at 10:31 PM Amos via FreeIPA-users
wrote:
>
> When enrolling a host, an error was presented:
>
> root: INFO Joining realm failed: RPC failed at server. invalid
> 'hostname': invalid domain-name: only letters, numbers, '-' are allowed. DNS
> label may not start
Hi,
Can you share the automount entries you've added on the IPA server side?
IIRC if you do these wrong or in the wrong order the client won't pick them up.
Best would be to show the resulting entries from LDAP.
Cheers
François
On Thu, Oct 17, 2019 at 9:16 PM danielle lampert via
Hi,
On Fri, Oct 11, 2019 at 5:34 PM Kristian Petersen via FreeIPA-users
wrote:
>
> Hey y'all,
>
> What are the pros and cons of using and external or internal CA for
> FreeIPA/IdM? I am trying to decide which to do but having trouble finding a
> lot of info about why I would want to do one or
Hi,
On Tue, Oct 8, 2019 at 2:14 PM Jason Dunham via FreeIPA-users
wrote:
>
> I am trying to set up a small office of software developers with FreeIPA. My
> ipa-server-install fails with "DNS zone example.com. already exists in DNS
> and is handled by servers foo1.myisp.net...".
>
> We do have
On Mon, Oct 7, 2019 at 8:39 PM Kevin Vasko via FreeIPA-users
wrote:
>
> Ok thanks! I just tried it and that seems to do it! Just using the
> “example.com” domain in the idmapd.conf file that is.
>
> I’ll just need to modifying all of my clients idmapd config, which isn’t that
> big of deal.
If
Hi,
On Fri, Oct 4, 2019 at 8:51 AM Petar Kozić via FreeIPA-users
wrote:
>
> Ok, can someone share some relevant information about this, how I can do that?
> Some step-by-step guide or similar?
The official documentation is available at:
Hi,
On Mon, Sep 2, 2019 at 6:04 PM Tobi Berninger via FreeIPA-users
wrote:
>
> Hello,
>
> sadly we had a power shortage (a transformer exploded in the building next to
> us) and all server shutted down immediately - i started them again.
> now we have some strange errors:
>
> First only two
On Thu, Aug 29, 2019 at 11:57 AM lejeczek via FreeIPA-users
wrote:
>
> On 29/08/2019 08:20, Florence Blanc-Renaud wrote:
> > On 8/28/19 1:31 PM, lejeczek via FreeIPA-users wrote:
> >> hi guys,
> >>
> >> with IPA replication on a "publicly" exposed network what IPA(and
> >> related)
On Wed, Aug 28, 2019 at 5:08 PM Markus Larsson via FreeIPA-users
wrote:
>
>
>
> On 28 August 2019 16:47:35 CEST, lejeczek via FreeIPA-users
> wrote:
> >On 28/08/2019 15:15, Markus Larsson via FreeIPA-users wrote:
> >> I might be wrong here but it sure looks like the cert is being
> >> rejected
On Tue, Aug 6, 2019 at 3:55 PM Auerbach, Steven
wrote:
>
> Pure genius. FQDN on ipa commands. Unless I read the documentation
> cover-to-cover before starting anything I would never have found this.
> Thanks.
Our (collective) pleasure to help. Thanks for thanking us :)
François
>
On Fri, Aug 2, 2019 at 10:43 AM Boyd Ako wrote:
> > On Aug 1, 2019, at 02:22, François Cami wrote:
> >
> > Which version of sssd, ipa-server and ipa-client?
> >
> — server —
> [root@ipa data]# for pkg in sssd ipa-server ipa-client; do printf "=== %s
> ===\n" "$pkg"; yum info $pkg | egrep -e
On Thu, Aug 1, 2019 at 2:07 PM Boyd Ako via FreeIPA-users
wrote:
>
> Anybody know how to get more log information on what the IPA client does? I
> already know about the stuff in /var/log/sssd, but I'm looking for something
> in regards to dynamic dns updates failing.
Which version of sssd,
On Tue, Jul 30, 2019 at 3:28 PM Dmitry Perets via FreeIPA-users
wrote:
>
> The progress so far...
>
> >
> > 1. We create two A records for the same IPA hostname, let's say
> > "ipa.site1.example.com". But then not sure if it will work fine...
> > Technically,
> > two IPs for the same name means
On Wed, Jul 24, 2019 at 5:52 PM François Cami wrote:
>
> On Wed, Jul 24, 2019 at 5:48 PM Till Hofmann
> wrote:
> >
> >
> >
> > On 7/24/19 4:03 PM, Till Hofmann wrote:
> > > Hi François,
> > >
> > > Thanks for the reply!
> > >
> > > On 7/24/19 2:32 PM, François Cami wrote:
> > >
> > >>>
> > >>>
On Wed, Jul 24, 2019 at 5:48 PM Till Hofmann wrote:
>
>
>
> On 7/24/19 4:03 PM, Till Hofmann wrote:
> > Hi François,
> >
> > Thanks for the reply!
> >
> > On 7/24/19 2:32 PM, François Cami wrote:
> >
> >>>
> >>> Interestingly, during the setup of the replica, the setup is stuck for
> >>> quite
Hi,
On Wed, Jul 24, 2019 at 2:13 PM Till Hofmann via FreeIPA-users
wrote:
>
> Hi all,
>
> I'm trying to set up a replica on CentOS 7, the master is on CentOS 6.
> Eventually, I want to retire the CentOS 6 host. I'm following this migration
> guide:
>
On Mon, Jul 22, 2019 at 6:51 PM Andrew Meyer via FreeIPA-users
wrote:
>
> [andrew.meyer@freeipa01 ~]$ id james.kirk
> id: james.kirk: no such user
> [andrew.meyer@freeipa01 ~]$ id william.riker
> id: william.riker: no such user
> [andrew.meyer@freeipa01 ~]$
Try "id user@DOMAIN" like this:
id
On Tue, Jul 16, 2019 at 10:00 AM Harald Dunkel via FreeIPA-users
wrote:
>
> On 7/15/19 9:51 PM, Rob Crittenden wrote:
> >>
> >
> > Please check the status again. POST_SAVED_CERT is the status where the
> > post command is being executed. It should be in MONITORING now.
> >
>
> Yes, it does. I had
Hi,
On Wed, Jul 3, 2019 at 11:37 PM Christophe TREFOIS via FreeIPA-users
wrote:
>
> Hi,
>
>
>
> Is it required to upgrade via every minor release of CentOS, say 7.2,7.3,7.4
> etc to have a successful IPA upgrade, or can one also go from 7.2 to 7.6
> directly?
The official docs:
On Fri, Jun 28, 2019 at 8:14 PM Karim Bourenane via FreeIPA-users
wrote:
>
> Hello All
>
> I have follow the step from stepes from Freeipa web + Redhat to prepare the
> replicat by commands :
> DNS+Reverse : OK
> On IPA Master : ipa-replica-prepare --password=X replicat.example.com
> Scp
Hi Chris,
Apologies for the late reply.
You can try ldapsearch this way after generating a kerberos tgt and
setting basedn properly
(e.g. like basedn='dc=example,dc=com')
$ ldapsearch -Y GSSAPI -b cn=topology,cn=ipa,cn=etc,$basedn
This should show iparepltoposegment objects and
Hi Christian,
On Sat, Jun 22, 2019 at 12:13 AM Christian Reiss via FreeIPA-users
wrote:
>
> Hey folks,
>
> In my Test-Setup I have the following:
>
> srv1.auth.alpha-labs.net
> srv2.auth.alpha-labs.net
> srv3.auth.alpha-labs.net
>
> srv1 is the freshly installed master.
> srv2 is a client,
Hi,
On Fri, Jun 21, 2019 at 11:01 AM Sina Owolabi via FreeIPA-users
wrote:
>
> Hi Friends
>
> A few months ago I reported a problem with my FreeIPA domain where my
> master IPA server could not start pki-tomcatd, and I could not find
> what was causing the problem.
> Operations such as host
On Tue, Jun 11, 2019 at 2:54 PM Karim Bourenane
wrote:
>
> Thanks François, for your reply.
>
> The goal, is to have the service IPA available always, if the server 1 will
> be down, and also for load sharing.
Load-balancing is normally done automatically by servers/replicas and clients.
If
Hi Karim,
On Tue, Jun 11, 2019 at 1:56 PM Karim Bourenane via FreeIPA-users
wrote:
>
> Hello team
>
> Hope you are well.
>
> After an existing installation, we decide to implement a Haproxy + Keepalive
> in all our IPA's servers.
>
> The haproxy / keepalive work weel but now the IPA doent run
On Tue, May 7, 2019 at 5:31 PM lejeczek wrote:
>
> On 07/05/2019 13:07, François Cami wrote:
> > Hi,
> >
> > On Tue, May 7, 2019 at 1:59 PM lejeczek via FreeIPA-users
> > wrote:
> >> hi everyone.
> >>
> >> can a replica deleted with - ipa-replica-manage del - reconnected,
> >> re-added back to
Hi,
On Tue, May 7, 2019 at 1:59 PM lejeczek via FreeIPA-users
wrote:
>
> hi everyone.
>
> can a replica deleted with - ipa-replica-manage del - reconnected,
> re-added back to topology, somehow?
Double-check your LDAP tree for remaining entries containing the name
of that replica.
If your LDAP
On Tue, Apr 30, 2019 at 5:42 PM Karim Bourenane
wrote:
>
> François
>
> I will do it as a recommandation on Redhat doc for the strategy design of
> replication.
>
> I have another question, not related with my experience :).
>
> When you buid 2 separate IPA server, and after you want to
On Tue, Apr 30, 2019 at 2:22 PM Karim Bourenane
wrote:
>
> François,
>
> Thanks you, about the architecture redundancy strategy.
> Is not the final architecture. The new architecture will be have more
> redundancy with more Master and more replicat server in each site, to
> authenticate several
On Tue, Apr 30, 2019 at 10:37 AM Karim Bourenane
wrote:
>
> Hello François, all
>
> Thank you, for the release link version and the Redhat link.
>
> I just start on small architecture with 1 master + 2 replicats (no link
> between), exept via the Master.
This is not a recommended replication
On Mon, Apr 29, 2019 at 10:32 PM Karim Bourenane via FreeIPA-users
wrote:
>
> Hello Jochen
>
> Thanks you or your reply.
> My goal, is to authenticate differents users from each client network
> interface. If the first ipa server goes down (or network unreachable), then
> the admin user can
Hi,
On Thu, Apr 25, 2019 at 1:34 PM None via FreeIPA-users
wrote:
>
> Dear,
>
> I encountered an error when installing freeipa using command
> "ipa-server-install".
>
> Error as below. Can anyone give some idea about how to solve this issue? Is
> this a FreeIPA bug on RH7.4 linux version?
>
>
On Fri, Apr 19, 2019 at 5:40 PM Rob Verduijn wrote:
>
> hmmm got it to work (some rtfm helped)
>
> from the sssd-ipa man page
>dyndns_refresh_interval (integer)
>How often should the back end perform periodic DNS update in
> addition to the automatic update performed when the
Hi,
On Fri, Apr 19, 2019 at 4:00 PM Rob Verduijn via FreeIPA-users
wrote:
>
> Hello,
>
> I have this laptop that is an ipa domain member.
> And the login/sudo/automount all works fine.
> However the dns entries of the laptop are not updated when the laptop starts
> up and gets a new ipaddress.
Hi,
On Wed, Apr 17, 2019 at 4:33 PM mustafa taha via FreeIPA-users
wrote:
>
> Hi
>
> i want to ask , if there a way allows the admin to provide an account with
> password expired after certain of time. and after a certain time
> the password will not valid .
> i see there is
On Tue, Apr 16, 2019 at 12:09 PM Alexander Bokovoy via FreeIPA-users
wrote:
>
> On ti, 16 huhti 2019, fujisan wrote:
> >and then re-install each client with --server=new-server.my.domain?
> No. You don't need to reinstall anything. Looks like you didn't install
> any replica before?
>
>
Hi Abdul,
On Mon, Apr 8, 2019 at 1:38 PM Abdul Wahab via FreeIPA-users
wrote:
>
> Dear Rob
>
> Trust you are well and thanks for your help. I am able to connect with LDAP
> now but I am having below error when I do the configuration in config.php
> file. Please alsp help me on this. Thanks in
Hi,
Can you explain more precisely what you meant by "I change the domain
Name" in the original email?
Regards,
François Cami
On Thu, Mar 21, 2019 at 12:42 PM Günther J. Niederwimmer via
FreeIPA-users wrote:
>
> Hello,
>
> Why I have Errorr 32 Pleasd answer,
>
> Am Samstag, 16. März 2019,
On Tue, Mar 19, 2019 at 3:56 PM Charles Hedrick via FreeIPA-users
wrote:
>
> It appears that the IPA command uses a host hardwired in
> /etc/ipa/default.conf.
>
> If that fails, it then gets a list from DNS. This works fine if there’s a
> connection refused, but if there is no response, it
Hi,
On Sun, Mar 10, 2019 at 7:56 AM Albert Szostkiewicz via FreeIPA-users
wrote:
>
> Hi!
>
> If os login for domain user is verified by FreeIpa (which sets uid etc) what
> happens if I use ipa-client on laptop and be outside my network ? If I won't
> be able to connect to IPA for login
On Fri, Mar 8, 2019 at 4:48 PM Rob van Halteren via FreeIPA-users
wrote:
>
> Oke may have found a probable cause for the stall of the the applications.
>
> I have 1 fileserver that has a ipa-client installed and is enroled on the
> ipa-server. It serves 3 nfs shares, one of them are
1 - 100 of 118 matches
Mail list logo