I have gotten a little further along with this but am having problems
connecting to the AD LDAP.
[r...@ipa.wibble.com cacerts]# ipa-replica-manage connect --winsync
--binddn cn=administrator,cn=users,dc=prattle,dc=com --bindpw
X9deiX9dei --passsync X9deiX9dei --cacert
On 01/02/2014 07:38 AM, Andrew Holway wrote:
I have gotten a little further along with this but am having problems
connecting to the AD LDAP.
[r...@ipa.wibble.com cacerts]# ipa-replica-manage connect --winsync
--binddn cn=administrator,cn=users,dc=prattle,dc=com --bindpw
X9deiX9dei
Hello,
I've recently had to restart my IPA servers and my NIS compatibility mode has
stopped working.
I've configured my IPA server to run in NIS compatibility mode by doing the
following.
[root@ipaserver ~]# ipa-nis-manage enable
[root@ipaserver ~]# ipa-compat-manage enable
Restart the DNS and
On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote:
Hello,
I've recently had to restart my IPA servers and my NIS compatibility
mode has stopped working.
I've configured my IPA server to run in NIS compatibility mode by
doing the following.
[root@ipaserver ~]# ipa-nis-manage enable
Ah, I see this thread was resolved already, my MUA just failed to properly
attach it to the thread. Please disregard this mail then (but I was right with
the root cause though :)
Martin
On 01/02/2014 05:46 PM, Martin Kosek wrote:
Hello Les,
Did you manage to resolve the issue? I just got to
I have taken out the winsync.
[r...@ipa.wibble.com ~]# ipa-replica-manage connect --binddn
cn=administrator,cn=users,dc=prattle,dc=com --bindpw pa$$ --passsync
pa$$ --cacert /etc/openldap/cacerts/prattle.crt
win-5uglhak7rin.prattle.com. -vvv
Added CA certificate /etc/openldap/cacerts/prattle.crt
On 12/28/2013 06:50 PM, Rob Crittenden wrote:
Will Sheldon wrote:
Hello :)
I'm trying to setup a ubuntu 12.04.3 client running freeipa-client
3.2.0-0ubuntu1~precise1 form the apt repo at
http://ppa.launchpad.net/freeipa/ppa/ubuntu
The server is a (fully updated) centos 6.5 box running
On 01/02/2014 12:07 PM, Andrew Holway wrote:
I have taken out the winsync.
[r...@ipa.wibble.com ~]# ipa-replica-manage connect --binddn
cn=administrator,cn=users,dc=prattle,dc=com --bindpw pa$$ --passsync
pa$$ --cacert /etc/openldap/cacerts/prattle.crt
win-5uglhak7rin.prattle.com. -vvv
I turned off all the AD processed on my windows domain controller.
The error did not change.
On 2 January 2014 17:07, Andrew Holway andrew.hol...@gmail.com wrote:
I have taken out the winsync.
[r...@ipa.wibble.com ~]# ipa-replica-manage connect --binddn
On 01/02/2014 12:30 PM, Joseph, Matthew (EXP) wrote:
Hello,
All of the IPA services are running.
When I tried running the ipa-compat-manage enable and ipa-nis-manage
enable they are both loaded and running.
Have you checked the logs to confirm that the DS server actually loaded
the
Joseph, Matthew (EXP) wrote:
Hello,
All of the IPA services are running.
When I tried running the ipa-compat-manage enable and ipa-nis-manage
enable they are both loaded and running.
On the IPA master you should be able to run something like:
$ ypcat -h `hostname` -d your nis domain name
You are still setting up a replication agreement not a trust.
Oh, I am following the redhat documentation here:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/managing-sync-agmt.html
This seems to indicate that the directory server
On Thu, 2014-01-02 at 19:12 +, Andrew Holway wrote:
You are still setting up a replication agreement not a trust.
Oh, I am following the redhat documentation here:
As for AD users we need to look at the client and see what is going on
there. What is your client? Version and component? Is it using latest SSSD?
If not additional steps might be needed. Please provide the details
about the clients. Please start with trying AD users on the IPA server
itself,
Sorry, I forgot this. It works fine for the wibble.com linux domain.
[r...@ipa.wibble.com log]# ldapsearch -x -ZZ -H ldap://localhost -b
dc=prattle,dc=com
# extended LDIF
#
# LDAPv3
# base dc=prattle,dc=com with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 3
Hi all.
I have a running IPA Server (3.0.0-37) on RHEL 6.2.
I'm trying to create Trust between IPA server and AD (In different DNS
domains). I followed the red hat guide
Genadi Postrilko wrote:
Hi all.
I have a running IPA Server (3.0.0-37) on RHEL 6.2.
I'm trying to create Trust between IPA server and AD (In different DNS
domains). I followed the red hat guide
Its a newly installed IPA Server, haven't added any Rules.
The relevant output from /var/log/secure :
Jan 2 13:36:24 ipaserver sshd[4864]: Invalid user from 192.168.227.100
Jan 2 13:36:24 ipaserver sshd[4865]: input_userauth_request: invalid user
Jan 2 13:36:26 ipaserver sshd[4865]:
On 01/02/2014 04:45 PM, Genadi Postrilko wrote:
Its a newly installed IPA Server, haven't added any Rules.
The relevant output from /var/log/secure :
Jan 2 13:36:24 ipaserver sshd[4864]: Invalid user from 192.168.227.100
Jan 2 13:36:24 ipaserver sshd[4865]: input_userauth_request: invalid
If you add debug_level = 5 into every section of /etc/sssd/sssd.conf
Restart sssd
Try and log in again
cat /var/log/sssd/*
And paste that somewhere.
On 2 January 2014 21:45, Genadi Postrilko genadip...@gmail.com wrote:
Its a newly installed IPA Server, haven't added any Rules.
The
Here are the *sssd.log, **sssd_nss.log. *Other logs where empty of did not
contain the output for the relevant log in.
https://gist.github.com/anonymous/8228284
2014/1/2 Dmitri Pal d...@redhat.com
On 01/02/2014 04:45 PM, Genadi Postrilko wrote:
Its a newly installed IPA Server, haven't
Thanks guys.
For now I've just reverted the reported version while the install script
runs. It seems to work OK.
On Thu, Jan 2, 2014 at 9:06 AM, Martin Kosek mko...@redhat.com wrote:
On 12/28/2013 06:50 PM, Rob Crittenden wrote:
Will Sheldon wrote:
Hello :)
I'm trying to setup a
This is cause for concern. Is there a hardening / best practices for
production guide anywhere, did I miss a section of the documentation?
What else do I need to secure?
I understand that there is a tradeoff between security and compatibility,
but maybe there should be a ipa-secure script
23 matches
Mail list logo