[Freeipa-users] Fwd: Fwd: Fwd: Scorched earth

Morning update. I made the change Rob suggested to /etc/ipa/default.conf, which appeared to work, but didn't quite. It asked me to back out the whole server installation and start over: [ipamaster2]# ipa-ca-install --skip-conncheck replica-info-ipamaster2.foo.net.gpg Directory Manager (existing

Re: [Freeipa-users] setting up a client on Debian squeeze

On Thu, Aug 29, 2013 at 10:04:43PM -0400, Rob Crittenden wrote: Michał Dwużnik wrote: Sorry for quick continuation... Certificate added to nss DB in /etc/pki certutil -A -d /etc/pki/ -n IPA CA -t CT,C,C -a -i pki/ca.crt sssd configured according to

Re: [Freeipa-users] Fwd: Fwd: Fwd: Scorched earth

On 08/30/2013 10:23 AM, Bret Wortman wrote: Morning update. I made the change Rob suggested to /etc/ipa/default.conf, which appeared to work, but didn't quite. It asked me to back out the whole server installation and start over: [ipamaster2]# ipa-ca-install --skip-conncheck

Re: [Freeipa-users] Fwd: Fwd: Fwd: Scorched earth

Bret Wortman wrote: Still odder ... I went ahead and tried to delete the agreement: [ipamaster]# ipa-replica-manage del ipamaster3.foo.net http://ipamaster3.foo.net --force 'ipamaster.foo.net http://ipamaster.foo.net' has no replication agreement for 'ipamaster3.foo.net

Re: [Freeipa-users] setting up a client on Debian squeeze

Ok, I somehow assumed certs are very much needed for ldaps... In the meantime, I set up a debian wheezy machine to try the freeipa-client from debs. I managed to get working ipa-client (with a few quirks...- default nss database needed to be created) with packages from deb http://apt.numeezy.fr

Re: [Freeipa-users] setting up a client on Debian squeeze

On Fri, Aug 30, 2013 at 03:54:54PM +0200, Michał Dwużnik wrote: Ok, I somehow assumed certs are very much needed for ldaps... Well, for most operations the SSSD uses GSSAPI authentication. Only when passwords are migrated, we do an LDAP bind with StartTLS. In the meantime, I set up a debian

Re: [Freeipa-users] IPA Load Problems?

Rob or anyone else, So while struggling along on this server I just grabbed the logs off it and ran that log program with the options you suggested. There are a lot of unindexed requests. These are the top issues I've removed the one username that showed up. So just to double check

Re: [Freeipa-users] IPA Load Problems?

If objectclass eq is already indexed how are these on my top unindexed list? Wouldn't objectclass eq cover this (objectclass=inetorgperson)? and the third and fourth entry? I apologize if I'm way off as I am new to the intricacies of LDAP indexing. Thanks,

[Freeipa-users] FreeIPA on Debian

Hello, Sorry for cross posting to 4 different lists but it seems that this is the best way to include most of people who might be interested in this discussion. The question of When FreeIPA will be available on Debian? has been coming up periodically on the list(s) without any resolution.

Re: [Freeipa-users] IPA Load Problems?

On 08/30/2013 01:31 PM, John Moyer wrote: Rob or anyone else, So while struggling along on this server I just grabbed the logs off it and ran that log program with the options you suggested. There are a lot of unindexed requests. These are the top issues I've removed the one username

Re: [Freeipa-users] IPA Load Problems?

I'm sorry that was my top unique filter list not my unindexed list. Please disregard my last email. Thanks, _ John Moyer Director, IT Operations Digital Reasoning Systems, Inc. john.mo...@digitalreasoning.com Office: 703.678.2311 Mobile: