Hello,
After running yum update on a EL7.9 system FreeIPA was unable to start asking
for manual upgrade.
So I performed the required command, without success:
[root@headnode pki]# ipa-server-upgrade
Upgrading IPA:. Estimated time: 1 minute 30 seconds
[1/9]: saving configuration
[2/9]: disa
> On 15 Jul 2022, at 11:02, Mark Reynolds via FreeIPA-users
> wrote:
>
>
> On 7/15/22 8:15 AM, Rob Crittenden via FreeIPA-users wrote:
>> Ronald Wimmer via FreeIPA-users wrote:
>>> The official RedHat doumentation states
>>>
The TCP port 389 is not required to be open on IdM servers for
Hello
I've an IP client that almost always fails to mount autofs volumes. It seems to
timeout after a while, since the volume almost always fails to mount: -bash:
cd: /opt/ohpc/pub/apps: No such file or directory
I've observed that when I cd to a an autofs enabled directory sssd dump the
follo
The workaround was on my message and the detailed changes on Scott’s.
Sent from my iPhone
> On 28 Dec 2021, at 05:46, Michael Schwartzkopff via FreeIPA-users
> wrote:
> Same problem here. Any solution?
>
>
> Mit freundlichen Grüßen,
>
> --
>
> [*] sys4 AG
>
> https://sys4.de, +49 (89) 30
Sorry. Wrong link. This is the one:
https://www.mail-archive.com/freeipa-users@lists.fedorahosted.org/msg12583.html
Sent from my iPhone
On 22 Dec 2021, at 16:14, Vinícius Ferrão wrote:
Is this related?
https://pagure.io/freeipa/issue/9041
Sent from my iPhone
On 22 Dec 2021, at 15:35, Dung
Is this related?
https://pagure.io/freeipa/issue/9041
Sent from my iPhone
On 22 Dec 2021, at 15:35, Dungan, Scott A. via FreeIPA-users
wrote:
Prior to running yum update on one of our IPA servers running RHEL8 version
4.9.6-6, ipa-healthcheck showed no errors. After running the update to
2021, at 05:29, Florence Renaud
mailto:f...@redhat.com>> wrote:
Hi,
On Thu, Aug 19, 2021 at 7:09 PM Vinícius Ferrão via FreeIPA-users
mailto:freeipa-users@lists.fedorahosted.org>>
wrote:
Hello,
I had to reinstall our IPA server since we had Filesystem corruption beyond
repair on it.
After
Hi Florence.
On 20 Aug 2021, at 05:29, Florence Renaud
mailto:f...@redhat.com>> wrote:
Hi,
On Thu, Aug 19, 2021 at 7:09 PM Vinícius Ferrão via FreeIPA-users
mailto:freeipa-users@lists.fedorahosted.org>>
wrote:
Hello,
I had to reinstall our IPA server since we had Filesyste
Take a look at this blog article:
https://rcritten.wordpress.com/2015/01/05/freeipa-and-no-dna-range/
Sent from my iPhone
On 19 Aug 2021, at 20:35, Kathy Zhu via FreeIPA-users
wrote:
Hello,
ipa-healthcheck is a great tool! Really appreciate Rob to make it working for
Centos.
When I ran
Hello,
I had to reinstall our IPA server since we had Filesystem corruption beyond
repair on it.
After the reinstall (with ipa-replica-install) AD Trust does not seems to be
working anymore.
I tried to delete the trust and them re add it but there's no effect. Here's
the outputs:
[root@idm1
Hi guys! Good news.
On 15 Feb 2021, at 20:11, Rob Crittenden
mailto:rcrit...@redhat.com>> wrote:
Vinícius Ferrão via FreeIPA-users wrote:
Hi Robbie.
On 15 Feb 2021, at 18:45, Robbie Harwood
mailto:rharw...@redhat.com>> wrote:
Vinícius Ferrão writes:
[10/Feb/2021:23:05:57.501
Hi Robbie.
> On 15 Feb 2021, at 18:45, Robbie Harwood wrote:
>
> Vinícius Ferrão writes:
>
>> [10/Feb/2021:23:05:57.501853962 -0300] conn=92 op=1 RESULT err=49 tag=97
>> nentries=0 etime=0.001927716 - SASL(-1): generic failure: GSSAPI Error:
>> Unspecified GSS failure. Minor code may provid
eb 2021, at 18:11, Rob Crittenden
mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com>> wrote:
Just to confirm, the system is working with the exception of
ipa-dnskeysyncd.service?
Does this work?
# kinit -kt /etc/ipa/dnssec/ipa-dnskeysyncd.keytab
ipa-dnskeysyncd/neumann2.clust
nn2.cluster.cetene.gov.br/ipa/session/json': Exceeded number of
tries to forward a request.
Thank you.
On 12 Feb 2021, at 18:11, Rob Crittenden
mailto:rcrit...@redhat.com>> wrote:
Just to confirm, the system is working with the exception of
ipa-dnskeysyncd.service?
Does this w
ot;, line 99, in _ldap_call
Feb 10 23:05:16 neumann2 ipa-dnskeysyncd: result = func(*args,**kwargs)
Feb 10 23:05:16 neumann2 ipa-dnskeysyncd: INVALID_CREDENTIALS: {'desc':
'Invalid credentials'}
Feb 10 23:05:16 neumann2 systemd: ipa-dnskeysyncd.service: main process exited
Hello,
FreeIPA on CentOS 7.8 just stopped working and I’m unable to fix it by myself.
After reading a lot of threads here on the list, it appears that I’ve the same
issue as this topic:
https://www.mail-archive.com/freeipa-users@lists.fedorahosted.org/msg05501.html
Since Kerberos is apparently
If I understood correct you have a local Windows Server with AD role up and
running and also have Azure AD Sync installed to sync data from local AD to the
cloud.
If this is your scenario I have this running without any issues. FreeIPA does
the Trust with local AD.
Sent from my iPhone
> On 1
th Java:
https://pastebin.com/CH5g3kBw
On the end of the paste there’s the Java errors.
Thank you.
On 7 Jan 2021, at 11:01, Rob Crittenden
mailto:rcrit...@redhat.com>> wrote:
Vinícius Ferrão via FreeIPA-users wrote:
Hello, I’ve a single IPA machine that provides authentication for
Hello, I’ve a single IPA machine that provides authentication for itself. It
does not even have any client or host.
After def -y update and reboot, IPA fails to load an it’s in broken state.
[root@headnode ~]# systemctl status ipa
● ipa.service - Identity, Policy, Audit
Loaded: loaded (/usr/l
Mark, the code was updated to EL8 on the last week, if you’re already
interested.
On 2 Sep 2020, at 09:18, Mark Potter mailto:ma...@dug.com>>
wrote:
I'll dig through it today! We use a homegrown deployment system but I am
personally very familiar with xcat so I ought to be able to work somethi
Alexander, as a user without support from Red Hat, can we report bugs/issues
for the IdM product here on the FreeIPA list? Because, as far as I know, with
RHEL there's no way to install FreeIPA branded as it. It will always be Red Hat
IdM.
Thank you.
-Original Message-
From: Alexander
Hello,
I’m aware that we can make overrides on AD users with the Default Trust View
object on IPA. I’ve created another one for specific users named “Clients
Trust” and added three user accounts there. Made the overrides that I want, and
when I checked with getent on a Linux client, the overrid
Hi Mark, I’ve the same question in the past.
At the end of the day we “reverse engineered” what ipa-client-install does to
avoid the force-join and passing the password in plaintext. So it’s basically a
bunch of files that must be configured on the target system, so we configured
it directly on
t, Jul 18, 2020 at 12:45:03AM +, Vinícius Ferrão via
> FreeIPA-users wrote:
>> Hello,
>>
>> I need to issue some certificates for the AD Environment and I
>> don’t have ADCS in place. So my FreeIPA deployment was with a self
>> signed CA and the common AD Tru
Hello,
I need to issue some certificates for the AD Environment and I don’t have ADCS
in place. So my FreeIPA deployment was with a self signed CA and the common AD
Trust enabled.
Now with this issue I’m looking on the IPA’s documentation and there’s some
recommendations to deploy IPA as as su
It may seem out of scope, and I agree with this.
But IMHO it should have a better integration with DHCP. Look at MS Active
Directory, it’s so deeply integrated with MS DHCP that you just install it as
an add-on. The same thing does not happen on IPA. A better integration would be
extremely good
> On 3 Jul 2020, at 05:50, Alexander Bokovoy wrote:
>
> On pe, 03 heinä 2020, Vinícius Ferrão wrote:
>> As you can see randomuser1 wasn’t being detected, then it recognised after a
>> full UPN query.
>>
>> I’m guessing it may be related with what you said about the default domain
>> order.
>
> On 3 Jul 2020, at 05:21, Alexander Bokovoy wrote:
>
> On pe, 03 heinä 2020, Vinícius Ferrão wrote:
>> Hi again Alexander,
>>
>>On 3 Jul 2020, at 04:4
mple.com>
Domain NetBIOS name: EXAMPLE
Domain Security Identifier: S-1-5-21-3644117338-1171143469-618167831
Domain enabled: True
Thank you.
On 3 Jul 2020, at 04:20, Alexander Bokovoy
mailto:aboko...@redhat.com>> wrote:
On pe, 03 heinä 2020, Vinícius Ferrão via FreeIPA-users wrote:
Hello
Domain name: ad.example.com
Domain NetBIOS name: EXAMPLE
Domain Security Identifier: S-1-5-21-3644117338-1171143469-618167831
Domain enabled: True
Thank you.
> On 3 Jul 2020, at 04:20, Alexander Bokovoy wrote:
>
> On pe, 03 heinä 2020, Vinícius Ferrão via FreeIPA-users wrote:
Hello,
I have two FreeIPA servers with AD trust enabled. Usually I do everything on
the IPA #1 server, but I just observed that SIDs aren’t resolved on the
replica, is it normal?
I’m attaching a picture of the issue to illustrate it.
[cid:E1C493F7-5F5F-437D-BF6F-4A33BDAB61FC]
If this is not r
if krb5-self and ms-self does not work because I’m running the
reverse for 172.21.0.0/16 and not for 172.21.1.0/24; can this be the issue?
Thanks all,
On 22 May 2020, at 13:37, Vinícius Ferrão via FreeIPA-users
mailto:freeipa-users@lists.fedorahosted.org>>
wrote:
Thanks Rafael,
I still h
ords on IPA side. You'll also need to grant
permission for the dynamic updates as stated in that same thread.
Rafael
[1] https://www.freeipa.org/page/Deployment_Recommendations
[2] https://www.redhat.com/archives/freeipa-users/2015-June/msg00555.html
On Wed, May 20, 2020 at 10:
Hello,
I would like to know how to handle reverse DNS zones when AD trust is enabled.
I do have separate domains for AD and IPA as required, but the reverse zones
are mixed, since the hosts are on the same network, which is common. In this
scenario where should the reverse DNS zone be hosted? O
Hi all.
On 18 May 2020, at 03:14, Alexander Bokovoy
mailto:aboko...@redhat.com>> wrote:
On ma, 18 touko 2020, Vinícius Ferrão via FreeIPA-users wrote:
On 18 May 2020, at 01:57, Alexander Bokovoy
mailto:aboko...@redhat.com><mailto:aboko...@redhat.com>>
wrote:
On ma, 18 to
On 18 May 2020, at 01:57, Alexander Bokovoy
mailto:aboko...@redhat.com>> wrote:
On ma, 18 touko 2020, Vinícius Ferrão via FreeIPA-users wrote:
Hello,
This may sound like a noobish question, but how can I make DNSSEC play nicely
when the external domain have DNSSEC enabled and this
Hello,
This may sound like a noobish question, but how can I make DNSSEC play nicely
when the external domain have DNSSEC enabled and this makes internal zones
failing when creating an AD trust, since we are using subdomains for our LAN?
Our case:
example.com (External DNS name with DNSSEC ena
Hello,
I wasn't able to find any documentation regarding this specific topic, so I
don’t even know if this is support.
Consider that my FreeIPA server have two network interfaces:
eth0 on 192.168.0.0/16
eth1 on 172.16.0.0/12
I would like the Dynamic DNS to register in different DNS domain zone
t 9:29 PM Vinícius Ferrão via FreeIPA-users
mailto:freeipa-users@lists.fedorahosted.org>>
wrote:
Hello,
My FreeIPA server have two IP addresses. It registers itself with the internal
and the external addresses. There’s a way to only register the IPs from the
internal interfaces?
usua
Hello,
My FreeIPA server have two IP addresses. It registers itself with the internal
and the external addresses. There’s a way to only register the IPs from the
internal interfaces?
Example:
ipa-ca
A
172.26.255.254
A
146.164.29.90
nodacabeca
A
146.164.29.90
A
172.26.255.254
I only want th
Kevin, did you find something about your question? I’m interested on it too.
Thanks,
Sent from my iPhone
> On 24 Nov 2019, at 02:13, Kevin Vasko via FreeIPA-users
> wrote:
>
> So I feel we have a decent process for users on Linux (Ubuntu/CentOS)
> to access NFS shares, however there is rumbl
Hi Christian
> On 6 Dec 2019, at 14:04, Christian Heimes via FreeIPA-users
> wrote:
>
> On 06/12/2019 17.48, Vinícius Ferrão via FreeIPA-users wrote:
>> Hello, this is probably a comercial question and not a technical one,
>> but I’m curious about it.
>>
>&g
Hello, this is probably a comercial question and not a technical one, but I’m
curious about it.
As today RHEL8 ships with FreeIPA (IdM) 4.7. The latest release is 4.8 with
some interesting features.
Since RHEL8 is still fresh, there’s any rebase to a higher version on the map?
I see that IdM i
Hi Christian
Sent from my iPhone
On 5 Dec 2019, at 15:59, Christian Heimes via FreeIPA-users
wrote:
On 05/12/2019 18.41, Vinícius Ferrão via FreeIPA-users wrote:
Hello,
Is it supported to install mod_ssl on the same machine of FreeIPA? I’m asking
this because FreeIPA ships by default
> On 5 Dec 2019, at 15:22, Rob Crittenden wrote:
>
> Vinícius Ferrão via FreeIPA-users wrote:
>> Hello,
>>
>> Is it supported to install mod_ssl on the same machine of FreeIPA? I’m
>> asking this because FreeIPA ships by default mod_nss and this may lead to
Hello,
Is it supported to install mod_ssl on the same machine of FreeIPA? I’m asking
this because FreeIPA ships by default mod_nss and this may lead to conflicting
issues inside /etc/httpd/conf.d. For example:
[root@headnode conf.d]# grep -iR virtualhost
nss.conf:
nss.conf:
On 3 Dec 2019, at 13:19, Rob Crittenden
mailto:rcrit...@redhat.com>> wrote:
Vinícius Ferrão via FreeIPA-users wrote:
Hi Rob,
On 3 Dec 2019, at 12:57, Rob Crittenden
mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com>> wrote:
Vinícius Ferrão via FreeIPA-users wro
Hi Rob,
On 3 Dec 2019, at 12:57, Rob Crittenden
mailto:rcrit...@redhat.com>> wrote:
Vinícius Ferrão via FreeIPA-users wrote:
Hello, this is probably to the developers.
I’m deploying FreeIPA clients in automated fashion and hit an issue on some
ancillary softwares, like ipa-client-aut
Hello, this is probably to the developers.
I’m deploying FreeIPA clients in automated fashion and hit an issue on some
ancillary softwares, like ipa-client-automount.
After a successful manual join of a FreeIPA client, this command specifically
fails, saying that the machine isn’t joined to Fre
> On 22 Nov 2019, at 15:07, Alexander Bokovoy wrote:
>
> On pe, 22 marras 2019, Vinícius Ferrão via FreeIPA-users wrote:
>> Hello,
>>
>> I would like to know if someone was able to use OpenSSH with
>> certificates managed from the Dogtag CA of FreeIPA.
>
Hello,
I would like to know if someone was able to use OpenSSH with certificates
managed from the Dogtag CA of FreeIPA.
My goal is to be able to issue certificates for users and perhaps using host
keys generated from this CA. I know this may be redundant since FreeIPA already
manage host keys,
Thanks François,
> On 31 Oct 2019, at 15:04, François Cami wrote:
>
> Hi,
>
> On Thu, Oct 31, 2019 at 4:54 PM Vinícius Ferrão via FreeIPA-users
> wrote:
>>
>> Hello,
>>
>> As today there’s any way to create a trust between two FreeIPA servers? I
Hello,
As today there’s any way to create a trust between two FreeIPA servers? I know
that up to version 4.5 this isn’t possible yet.
If there’s no way to create a trust, at least one server can consume it’s users
from another one? They are in different domain level, one being a subdomain
(DNS
Guys, thank you all.
I’ve opened an issue on the SSSD page:
https://pagure.io/SSSD/sssd/issue/4106
Feel free to add anything related.
Thanks.
On 18 Oct 2019, at 03:24, Vinícius Ferrão via FreeIPA-users
mailto:freeipa-users@lists.fedorahosted.org>>
wrote:
On 18 Oct 2019, at 03:20,
...@redhat.com><mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com>> wrote:
Vinícius Ferrão wrote:
Hi Rob
On 15 Oct 2019, at 10:22, Rob Crittenden
mailto:rcrit...@redhat.com><mailto:rcrit...@redhat.com><mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com&
rcrit...@redhat.com>
<mailto:rcrit...@redhat.com>> wrote:
Vinícius Ferrão via FreeIPA-users wrote:
Hello,
I’m trying to implement SSH Hostbased Authentication between IPA
joined machines but I’m with difficulties regarding:
* The /etc/ssh/ssh_known_hosts file.
In a FreeIPA environ
22, Rob Crittenden
mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com>> wrote:
Vinícius Ferrão via FreeIPA-users wrote:
Hello,
I’m trying to implement SSH Hostbased Authentication between IPA
joined machines but I’m with difficulties regarding:
* The
On 15 Oct 2019, at 17:49, Rob Crittenden
mailto:rcrit...@redhat.com>> wrote:
Vinícius Ferrão wrote:
Hi Rob
On 15 Oct 2019, at 10:22, Rob Crittenden
mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com>> wrote:
Vinícius Ferrão via FreeIPA-users wrote:
Hello,
I’m tryin
Hi Rob
On 15 Oct 2019, at 10:22, Rob Crittenden
mailto:rcrit...@redhat.com>> wrote:
Vinícius Ferrão via FreeIPA-users wrote:
Hello,
I’m trying to implement SSH Hostbased Authentication between IPA joined
machines but I’m with difficulties regarding:
* The /etc/ssh/ssh_known_hosts file.
Hello,
I’m trying to implement SSH Hostbased Authentication between IPA joined
machines but I’m with difficulties regarding:
* The /etc/ssh/ssh_known_hosts file.
In a FreeIPA environment the known_hosts are stored on IPA, and I’m
aware of the ProxyCommand /usr/bin/sss_ssh_knownhostspro
the issue.
On 9 Oct 2019, at 12:40, Vinícius Ferrão via FreeIPA-users
mailto:freeipa-users@lists.fedorahosted.org>>
wrote:
Hello,
On 9 Oct 2019, at 05:59, Jakub Hrozek via FreeIPA-users
mailto:freeipa-users@lists.fedorahosted.org>>
wrote:
On Wed, Oct 09, 2019 at 12:25:33AM +00
Hello, IPA utilizes BIND in the backend, so have you tried to create the
subzone with the way BIND expects?
0-31.0.168.192.in-addr.arpa.
This one is for /27 for instance. Modify it for your needs and see if it works.
Never tried this myself but I worth checking.
Sent from my iPhone
On 10 Oc
Hello,
On 9 Oct 2019, at 05:59, Jakub Hrozek via FreeIPA-users
mailto:freeipa-users@lists.fedorahosted.org>>
wrote:
On Wed, Oct 09, 2019 at 12:25:33AM +, Vinícius Ferrão via FreeIPA-users
wrote:
Hello,
The /var/lib/sss/pubconf/known_hosts file is empty on a new installed FreeIPA
Hello,
The /var/lib/sss/pubconf/known_hosts file is empty on a new installed FreeIPA
server. I’ve already joined a machine to the domain but the file is still empty.
I can’t get it populated, already rebooted and/or restarted sssd without
success.
Looking on the web I came across this bug:
htt
:
Vinícius Ferrão via FreeIPA-users wrote:
Hello all,
On 23 Sep 2019, at 12:59, Alexander Bokovoy
mailto:aboko...@redhat.com>
<mailto:aboko...@redhat.com>
<mailto:aboko...@redhat.com>> wrote:
On Mon, 23 Sep 2019, Vinícius Ferrão via FreeIPA-users wrote:
Florence and Angus, than
Hello,
First of all thanks for everyone helping out. Answers inline.
On 24 Sep 2019, at 20:48, Rob Crittenden
mailto:rcrit...@redhat.com>> wrote:
Vinícius Ferrão via FreeIPA-users wrote:
Hello all,
On 23 Sep 2019, at 12:59, Alexander Bokovoy
mailto:aboko...@redhat.com>
<
Hello all,
On 23 Sep 2019, at 12:59, Alexander Bokovoy
mailto:aboko...@redhat.com>> wrote:
On Mon, 23 Sep 2019, Vinícius Ferrão via FreeIPA-users wrote:
Florence and Angus, thanks for the replies.
xCAT definitely can run scripts at boot time. And the kickstart method seems to
be the way
e node automatically? Do I
really need to fill the hostname? Because this kills the ideia of a generic
image.
Thank you all guys.
> On 23 Sep 2019, at 04:04, Florence Blanc-Renaud wrote:
>
> On 9/23/19 1:10 AM, Vinícius Ferrão via FreeIPA-users wrote:
>> Hello, the subject of the messa
Hello, the subject of the message may sound a little bit strange, but let me
explain what I’m trying to do.
I have a machine with an provisioner (xCAT) that is able to boot and control
different types of computer nodes. A stateless node is just a machine that
boots over the network from a share
69 matches
Mail list logo