On Tue, Nov 26, 2013 at 03:07:30PM +1000, Matt Bryant wrote:
OK so been running some tcpdumps on this issue and the wierd thing is ..
can see the initial sasl bind request followed by ack from ldap ...
then nothing ldap/gssapi related until the unbind request post the
6s timeout period ...
On 26/11/13 01:05, Rich Megginson wrote:
On 11/25/2013 04:57 PM, Rich Megginson wrote:
On 11/25/2013 11:51 AM, Emil Petersson wrote:
On 25 Nov 2013, at 17:21, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 11/25/2013 08:14 AM, Emil Petersson wrote:
Hi,
I'm
Hi,
I've got an issue where I can't seem to remove a host from my freeipa
install. It gives me an error:
Certificate operation cannot be completed: EXCEPTION (Certificate serial
number 0xfff0006 not found)
I thought it might be a replica issue, so I forced sync and also tried
re-initializing
Andrew Lau wrote:
Hi,
I've got an issue where I can't seem to remove a host from my freeipa
install. It gives me an error:
Certificate operation cannot be completed: EXCEPTION (Certificate serial
number 0xfff0006 not found)
I thought it might be a replica issue, so I forced sync and also
On Wed, Nov 27, 2013 at 12:58 AM, Rob Crittenden rcrit...@redhat.comwrote:
Andrew Lau wrote:
Hi,
I've got an issue where I can't seem to remove a host from my freeipa
install. It gives me an error:
Certificate operation cannot be completed: EXCEPTION (Certificate serial
number 0xfff0006
On 11/26/2013 04:16 AM, Emil Petersson wrote:
On 26/11/13 01:05, Rich Megginson wrote:
On 11/25/2013 04:57 PM, Rich Megginson wrote:
On 11/25/2013 11:51 AM, Emil Petersson wrote:
On 25 Nov 2013, at 17:21, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 11/25/2013
On 11/26/2013 09:17 AM, Andrew Lau wrote:
On Wed, Nov 27, 2013 at 12:58 AM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.comwrote:
Andrew Lau wrote:
Hi,
I've got an issue where I can't seem to remove a host from my
freeipa
install. It
I'm seeing an issue with logging into the web UI of ipa. I've been using
IPA for 6 months or so in production, and all has been well so far.
The last thing i did in terms of IPA was run ipa-dns-install, which
completed successfully, but i suspect this issue occured before that i
never noticed as
On 11/26/2013 03:37 PM, siology.io wrote:
I'm seeing an issue with logging into the web UI of ipa. I've been
using IPA for 6 months or so in production, and all has been well so
far.
The last thing i did in terms of IPA was run ipa-dns-install, which
completed successfully, but i suspect
On 27 November 2013 10:21, Dmitri Pal d...@redhat.com wrote:
On 11/26/2013 03:37 PM, siology.io wrote:
I'm seeing an issue with logging into the web UI of ipa. I've been using
IPA for 6 months or so in production, and all has been well so far.
The last thing i did in terms of IPA was run
On 11/26/2013 04:32 PM, siology.io wrote:
On 27 November 2013 10:21, Dmitri Pal d...@redhat.com
mailto:d...@redhat.com wrote:
On 11/26/2013 03:37 PM, siology.io http://siology.io wrote:
I'm seeing an issue with logging into the web UI of ipa. I've
been using IPA for 6 months
yeah maybe. I do see from the install log of the ipa-dns-install that it
changed the /etc/resolv.conf to point to its own ip - which seems a little
odd (and unwanted, more importantly). I've changed that back to how it
should be and restarted ipa but still nothing.
There's no other KDC in the
Sumit,
Its a little tricky but ran up a script that did a ldapsearch every 2
seconds ... the following took place almost same time as one of the
sasl_bind timeouts ...
Start: .Wed Nov 27 07:55:03 EST 2013
ldap_url_parse_ext(ldap://tardis.ipa.server-noc.com)
ldap_create
for what it's worth, kinit on the command line of the ipa server works just
fine, and detects the realm ok.
On 27 November 2013 11:00, siology.io siology...@gmail.com wrote:
yeah maybe. I do see from the install log of the ipa-dns-install that it
changed the /etc/resolv.conf to point to its
On 11/26/2013 05:15 PM, siology.io wrote:
for what it's worth, kinit on the command line of the ipa server works
just fine, and detects the realm ok.
OK then let us rule out DNS for a moment.
Have you checked the KDC log to see whether the authentication actually
occurred?
If kinit works, I
All,
Is there any documentation anywhere that describes whether this can be
done and how to do it ?? Would like to set up a one way trust between a
new IPA realm and a legacy kerberos realm. The doco explicitly says dont
use kadmin/kadmin.local so not sure how to get the
Matt Bryant wrote:
All,
Is there any documentation anywhere that describes whether this can be
done and how to do it ?? Would like to set up a one way trust between a
new IPA realm and a legacy kerberos realm. The doco explicitly says dont
use kadmin/kadmin.local so not sure how to get the
Hmm just upgraded to 3 so thought I woudl give it a go ... but (aint
there always one of those :() can't seem to add the principle ..
kadmin.local: add_principal krbtgt/OLD-REALM@IPA-REALM
WARNING: no policy specified for krbtgt/OLD-REALM@IPA-REALM; defaulting
to no policy
Enter password for
18 matches
Mail list logo
