Re: [Freeipa-users] problem creating replica

I opened all the ports that seemed to be listening n the master. I also ran the setup again without disabling the connection check to see what else needed fixing. It seems after much investigation and log dredging it seems my admin password had expired. I wasn't aware that was possible. I reset the

[Freeipa-users] help: ipa error 4301

Hi , While running the ipa-client-install script on a RHEL 6.4 server, I get the following output (please note the indicated line with the arrow): [root@[hostname]]# ipa-client-install Discovery was successful! Hostname: [hostname] Realm: example.com DNS Domain: example.com IPA Server: chtvm-389

[Freeipa-users] kinit admin password expired

Hello, I've seem to run into an issue with our admin account on our FreeIPA server. Our password expired (I thought I disabled the password expiration for this account) and when I run kinit admin it prompts me for a new password. I type in the old password and then the new one two times but then

Re: [Freeipa-users] sudo rules user and host group bugs?

On Wed, Jul 17, 2013 at 04:39:32PM +, Tovey, Mark wrote: > > Okay, I get it (pardon my obtuseness). > > host1-> getent netgroup hgroup1 > hgroup1 (host1.my_domain.com, -, my_domain.com) > > So netgroups are working. The host group is defined in IPA and gete

[Freeipa-users] Announcing FreeIPA 3.2.2

The FreeIPA team is proud to announce FreeIPA v3.2.2. It can be downloaded from http://www.freeipa.org/page/Downloads. The new version has also been built for Fedora 19 and is on its way to updates-testing. == Highlights in 3.2.2 == === New features for 3.2.2 === * Significant improvement of per

Re: [Freeipa-users] sudo rules user and host group bugs?

Okay, I get it (pardon my obtuseness). host1-> getent netgroup hgroup1 hgroup1 (host1.my_domain.com, -, my_domain.com) So netgroups are working. The host group is defined in IPA and getent is able to access that information. Thanks, -Mark ___

Re: [Freeipa-users] Problems creating trust between FreeIPA and AD

On Wed, 17 Jul 2013, Paulo Silva wrote: Hi, I'm using FreeIPA 3.0.0 (from CentOS 6) to establish a trust with an Windows 2008 AD using the procedure described in http://www.freeipa.org/page/IPAv3_AD_trust From the Linux server everything seems to be working, I can login using both AD and IPA

Re: [Freeipa-users] sudo rules user and host group bugs?

On Wed, Jul 17, 2013 at 03:01:58PM +, Tovey, Mark wrote: > > We have sssd-1.5.1-58.el5 and ipa-client-2.1.3-5.el5_9.2 installed. OK, these are recent enough to support netgroups and the compat tree should be configured automatically. >Those came out of the 'latest' repository. We do no

[Freeipa-users] Problems creating trust between FreeIPA and AD

Hi, I'm using FreeIPA 3.0.0 (from CentOS 6) to establish a trust with an Windows 2008 AD using the procedure described in http://www.freeipa.org/page/IPAv3_AD_trust >From the Linux server everything seems to be working, I can login using both AD and IPA users but on the AD I can't use IPA users.

Re: [Freeipa-users] sudo rules user and host group bugs?

We have sssd-1.5.1-58.el5 and ipa-client-2.1.3-5.el5_9.2 installed. Those came out of the 'latest' repository. We do not have any netgroups defined (there is no /etc/netgroup file), so getent does not return anything. Thanks, -Mark

Re: [Freeipa-users] one last SSH question

Thanks! I changed that last line in my ssh_config, reloaded sshd, and was able to log in! -Kenny On Wed, 2013-07-17 at 16:46 +0200, Jan Cholasta wrote: On 17.7.2013 16:22, Armstrong, Kenneth Lawrence wrote: > Ok, hopefully my last SSH key question. > > I've been following the instructions her

Re: [Freeipa-users] one last SSH question

On 17.7.2013 16:22, Armstrong, Kenneth Lawrence wrote: Ok, hopefully my last SSH key question. I've been following the instructions here: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/host-keys.html#installing-host-keys and here: h

[Freeipa-users] one last SSH question

Ok, hopefully my last SSH key question. I've been following the instructions here: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/host-keys.html#installing-host-keys and here: https://access.redhat.com/site/documentation/en-US/Red_Hat

Re: [Freeipa-users] new issue with ssh key in the interface

I can't help but wonder if it is something with the browser cache, as after I posted my notes from yesterday to the mailing list, I logged into the web UI and see that my keys are now there. And yes, I did recently upgrade this server, so the cache must have been trying to work with old data.

Re: [Freeipa-users] new issue with ssh key in the interface

I've tested your key on a fresh install of ipa-server-3.0.0-25.el6.x86_64 and it works for me. On the other hand, the description of the problem looks like a Web UI bug. Is it possible, that you recently upgraded IPA server and Web browser still contains some old files in a cache? Please try

Re: [Freeipa-users] Question about design of ldap dns

On 17.7.2013 13:02, James Hogarth wrote: Could you post some real world examples, please? I would love to see some real world records with real TTLs and statistics. How many names with different TTLs have you? How many names and records have you in total? As one example TXT record and SSHFP to

Re: [Freeipa-users] new issue with ssh key in the interface

Thanks Petr, I am 100% positive that I pressed 'Set' and not 'Cancel'. Here are the exact steps and keys I used: Generate an ssh public key (for user): ssh-keygen -t rsa -C karmstr...@liberty.edu Cat out the key, paste into web interface for user: cat .ssh/id_rs

Re: [Freeipa-users] Question about design of ldap dns

> Please contact me on IRC (pspacek in #freeipa @ FreeNode) or via e-mail. > We need to coordinate, because bind-dyndb-ldap is undergoing heavy > refactoring right now. > > Also, remember that modification in bind-dyndb-ldap will require > modification on FreeIPA side (CLI/WebUI/API). > > Sure - I'

Re: [Freeipa-users] new issue with ssh key in the interface

On 07/16/2013 07:24 PM, Armstrong, Kenneth Lawrence wrote: Hello all, i have a new problem with the SSH Key bit in the web interface. I created a new ssh key for a user, and pasted it into the web interface for the user. Afterward, it said that the key was not set. So I attempted again from

Re: [Freeipa-users] sudo rules user and host group bugs?

On Tue, Jul 16, 2013 at 09:13:00PM +, Tovey, Mark wrote: > > > We are using sssd. The sssd.conf file is mostly unchanged from how it was > installed by the ipa-client-install script: Hi Mark, you said your client is OEL *5.5* ? The SSSD first appeared in RHEL (and by extension OEL) in