Pieter Baele wrote:
Hi,
I have a known problem when using the migration tool.
Is there already a solution for this?
As in: https://www.redhat.com/archives/freeipa-users/2012-January/msg00200.html
ipa migrate-ds ldap://x.x.x.x:389 --base-dn=xxx
--group-container=ou=People --continue
Password:
On 09/20/2012 02:55 PM, Rob Crittenden wrote:
Pieter Baele wrote:
Hi,
I have a known problem when using the migration tool.
Is there already a solution for this?
As in:
https://www.redhat.com/archives/freeipa-users/2012-January/msg00200.html
ipa migrate-ds ldap://x.x.x.x:389
Hi Everyone,
I am new to IPA and I am trying to start the IPA service but I get the
following error message:
ipactl start
Starting Directory Service
Failed to read data from Directory Service: Unknown error when
retrieving list of services from LDAP: [Errno 111] Connection refused
Shutting down
On 09/20/2012 08:10 AM, Ikaro Silva wrote:
Hi Everyone,
I am new to IPA and I am trying to start the IPA service but I get the
following error message:
ipactl start
Starting Directory Service
Failed to read data from Directory Service: Unknown error when
retrieving list of services from LDAP:
Hi Rich,
We did not upgrade from a previous version, this is our original
master server (but we do have 2 other replications of this one). The
architecture is
Linux 3.4.9-2.fc16.i686.PAE #1 SMP Thu Aug 23 18:41:34 UTC 2012 i686
i686 i386 GNU/Linux
On Thu, Sep 20, 2012 at 10:16 AM, Rich
On 09/20/2012 08:53 AM, Ikaro Silva wrote:
Hi Rich,
We did not upgrade from a previous version, this is our original
master server (but we do have 2 other replications of this one). The
architecture is
Linux 3.4.9-2.fc16.i686.PAE #1 SMP Thu Aug 23 18:41:34 UTC 2012 i686
i686 i386 GNU/Linux
ok
Lager, Nathan T. wrote:
- Original Message -
From: Rob Crittenden rcrit...@redhat.com
To: Nathan Lager lag...@lafayette.edu
Cc: freeipa-users@redhat.com
Sent: Wednesday, September 19, 2012 4:35:30 PM
Subject: Re: [Freeipa-users] sudden ipa errors.
Nathan Lager wrote:
-BEGIN PGP
Yes config mod is enabled
2012/9/20 Dmitri Pal d...@redhat.com
On 09/20/2012 12:30 PM, James James wrote:
Hi,
I've done a migration from ldap to ipa. Everything works well but when I
try to change my password in the ui (https://ipa.example.com/ipa/migration)
I have this error message :
Oups .. migration mode is enable ...
2012/9/20 James James jre...@gmail.com
Yes config mod is enabled
2012/9/20 Dmitri Pal d...@redhat.com
On 09/20/2012 12:30 PM, James James wrote:
Hi,
I've done a migration from ldap to ipa. Everything works well but when I
try to change my password
On 09/20/2012 12:50 PM, James James wrote:
Oups .. migration mode is enable ...
The ldap (access, error) and kerberos logs from the server would be
helpful to troubleshoot.
/var/log/dirsrv/...
krb5kdc.log
2012/9/20 James James jre...@gmail.com mailto:jre...@gmail.com
Yes config mod is
Dmitri Pal wrote:
On 09/20/2012 12:50 PM, James James wrote:
Oups .. migration mode is enable ...
The ldap (access, error) and kerberos logs from the server would be
helpful to troubleshoot.
/var/log/dirsrv/...
krb5kdc.log
This is usually seen when there is no password in LDAP.
You can
Thanks for your help.
I've got in krb5kdc.log :
Sep 20 17:00:47 ipa.example.com krb5kdc[14155](info): TGS_REQ (4 etypes {18
17 16 23}) 129.104.11.72: ISSUE: authtime
1348153247, etypes {rep=18 tkt=18 ses=18}, host/
elide.example@example.com for ldap/ipa.lix.polytechniqu
e...@example.com
Sep
You 're right. The request return :
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base cn=users,cn=accounts,dc=example,dc=com with scope subtree
# filter: uid=test
# requesting: userPassword
#
# test, users, accounts, example.com
dn: uid=test,cn=users,cn=accounts,dc=example,dc=com
# search
James James wrote:
You 're right. The request return :
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base cn=users,cn=accounts,dc=example,dc=com with scope subtree
# filter: uid=test
# requesting: userPassword
#
# test, users, accounts, example.com http://example.com
dn:
Nathan Lager wrote:
On 09/20/2012 11:43 AM, Rob Crittenden wrote:
Lager, Nathan T. wrote:
- Original Message -
From: Rob Crittenden rcrit...@redhat.com To: Nathan Lager
lag...@lafayette.edu Cc: freeipa-users@redhat.com Sent:
Wednesday, September 19, 2012 4:35:30 PM Subject: Re:
On 09/20/2012 11:43 AM, Rob Crittenden wrote:
Lager, Nathan T. wrote:
- Original Message -
From: Rob Crittenden rcrit...@redhat.com To: Nathan Lager
lag...@lafayette.edu Cc: freeipa-users@redhat.com Sent:
Wednesday, September 19, 2012 4:35:30 PM Subject: Re:
[Freeipa-users]
On 09/20/2012 01:42 PM, Rob Crittenden wrote:
James James wrote:
You 're right. The request return :
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base cn=users,cn=accounts,dc=example,dc=com with scope subtree
# filter: uid=test
# requesting: userPassword
#
# test, users,
On 09/20/2012 02:28 PM, Rob Crittenden wrote:
Nathan Lager wrote:
On 09/20/2012 11:43 AM, Rob Crittenden wrote:
Lager, Nathan T. wrote:
- Original Message -
From: Rob Crittenden rcrit...@redhat.com To: Nathan
Lager lag...@lafayette.edu Cc: freeipa-users@redhat.com
Sent:
Dmitri Pal wrote:
On 09/20/2012 01:42 PM, Rob Crittenden wrote:
James James wrote:
You 're right. The request return :
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base cn=users,cn=accounts,dc=example,dc=com with scope subtree
# filter: uid=test
# requesting: userPassword
#
# test,
On 09/20/2012 12:08 AM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 09/19/2012 11:05 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 09/19/2012 10:48 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I noticed an updated krb5-server package today advertising that it's
fixing the issue
Sigbjorn Lie wrote:
On 09/20/2012 12:08 AM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 09/19/2012 11:05 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 09/19/2012 10:48 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,
I noticed an updated krb5-server package today advertising that
Sigbjorn Lie wrote:
On 09/20/2012 10:17 PM, Rob Crittenden wrote:
bind isn't my strongest suite.
My guess is that this file is the ccache for bind. I'm guessing that
25 is the UID of the named user. If this is the case, then it should
be safe to stop named, rename the file, and restart.
Hi,
I see that I can add hosts with either an IPv4 or an IPv6 address when
using ipa host-add --ip-address=.
Is there a way to add a host specifying both an IPv4 and an IPv6 address
at the same time?
Adding the --ip-address option twice yells this error:
ipa: ERROR: invalid 'ip_address':
I have hundreds of disable users in IPA now transferred from AD, is there a
quick/clean way to purge them from IPA?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
___
Freeipa-users
On 09/20/2012 10:34 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 09/20/2012 10:17 PM, Rob Crittenden wrote:
bind isn't my strongest suite.
My guess is that this file is the ccache for bind. I'm guessing that
25 is the UID of the named user. If this is the case, then it should
be safe to
On 09/20/2012 02:43 PM, Steven Jones wrote:
Some comments on the win sync agreement syntax.
Hi,
I'd like that command ipa-replica-manage connect improved if possible,
1) A flag on --win-subtree not to include sub-directories under the
specified OU= as I think it is why Ive picked up lots of
On 09/20/2012 04:43 PM, Steven Jones wrote:
Some comments on the win sync agreement syntax.
Hi,
I'd like that command ipa-replica-manage connect improved if possible,
1) A flag on --win-subtree not to include sub-directories under the
specified OU= as I think it is why Ive picked up lots
It will be fine to have this info in the doc.
2012/9/20 Rob Crittenden rcrit...@redhat.com
Dmitri Pal wrote:
On 09/20/2012 01:42 PM, Rob Crittenden wrote:
James James wrote:
You 're right. The request return :
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
Hi,
I have imported users, but there are 5700 of them but I only have 2000 which
corresponds to the view that AD gives you by default. This makes me think that
that limit is all the AD is allowing the query to see?
Is there a way to expand it?
regards
Steven Jones
Technical Specialist -
uhI just deleted the ad user templates but it puts them back, also the
disabled users are in a sub-container and when I delete them in IPA they
re-appear a few minutes later..
:(
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463
disabled may not be logical as then once a user becomes disabled in AD, IPA
will remove it rather than act and disable it.
The way I read this winsync is its running the same command as I did initially
by hand every 5mins...
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria
On 09/20/2012 03:52 PM, Steven Jones wrote:
Hi,
I have imported users, but there are 5700 of them but I only have 2000
which corresponds to the view that AD gives you by default. This
makes me think that that limit is all the AD is allowing the query to see?
You can use
Well, after all of this, RedHat support just resolved my issue!
It came down the the domain_realm definitions in /etc/krb5.conf.
They had me change:
[domain_realm]
.systems.lafayette.edu = SYSTEMS.LAFAYETTE.EDU
systems.lafayette.edu = SYSTEMS.LAFAYETTE.EDU
To:
[domain_realm]
- Original Message -
Sigbjorn Lie wrote:
On 09/20/2012 10:17 PM, Rob Crittenden wrote:
bind isn't my strongest suite.
My guess is that this file is the ccache for bind. I'm guessing
that
25 is the UID of the named user. If this is the case, then it
should
be safe to stop
Hi,
It seems IPA has some sort of limit of searching it will only show the first 2k
of user entries?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: Rich Megginson [rmegg...@redhat.com]
Sent:
35 matches
Mail list logo