Ok, So I have my replication agreement set up.
and I see accounts coming in to my IDM server from AD
I have followed this guide from redhat
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html
to set up my password sync.
I
On 02/04/2014 10:17 AM, Todd Maugh wrote:
also I have verified the password synchronization service is started
and running on the windows 2008 R2 server
but I cant tell if or what it is doing because iM not getting
passwords to my IDM
also I have verified the password synchronization service is started and
running on the windows 2008 R2 server
but I cant tell if or what it is doing because iM not getting passwords to my
IDM
From: freeipa-users-boun...@redhat.com
Hello IPA users :)
We have implemented IPA using the packaged version in centos 6.5 (which is
3.0.0-37.el6), but have been playing with the more recent version in Fedora
19 (3.3.3-2.fc19) and are quite keen to take advantage of the shiny new
features, so are thinking about migrating.
Has anyone
Im seeing these errors in the passsync.log
32: No such object
02/03/14 16:23:40: Ldap error in QueryUsername
32: No such object
02/03/14 16:57:48: Abandoning password change for scottb, backoff expired
02/03/14 16:57:48: Ldap bind error in Connect
32: No such object
02/03/14 16:57:48: Ldap error
now I am getting this after rerunning the install and trying to reinstall my
cert
LDAP bind error in connect
81: Can't Contact LDAP Server
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Todd Maugh [tma...@boingo.com]
my passhook.log file is empty
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Todd Maugh [tma...@boingo.com]
Sent: Tuesday, February 04, 2014 11:56 AM
To: Rich Megginson; d...@redhat.com
Cc: freeipa-users@redhat.com
Subject:
has anyone worked it out. Secondly cifs-utils has dependency on samba3
packages and ipa-ad-trust needs samba4 but samba3 and samba4 don't like
each other , so this is the story of my experience with ipa. Any
suggestions ?
Why do you need cifs-utils on the same server?
cifs-utils to
On 02/04/2014 01:13 PM, Todd Maugh wrote:
now I am getting this after rerunning the install and trying to
reinstall my cert
LDAP bind error in connect
81: Can't Contact LDAP Server
That means
1) ipa ldap server is down
2) some sort of network problem
3) incorrect host/port specified in
On 02/04/2014 01:20 PM, Todd Maugh wrote:
my passhook.log file is empty
Have you changed any passwords in AD?
*From:* freeipa-users-boun...@redhat.com
[freeipa-users-boun...@redhat.com] on behalf of Todd Maugh
I have not changed any passwords in AD yet.
and the users I have in IDM from AD, their passwords are not working
From: Rich Megginson [rmegg...@redhat.com]
Sent: Tuesday, February 04, 2014 12:40 PM
To: Todd Maugh; d...@redhat.com
Cc: freeipa-users@redhat.com
I tried changing the password for a user in AD
this is what the passsync log shows:
02/04/14 12:29:14: Ldap bind error in Connect
81: Can't contact LDAP server
02/04/14 12:49:34: Ldap bind error in Connect
81: Can't contact LDAP server
02/04/14 12:49:34: Ldap error in QueryUsername
81: Can't
On 02/04/2014 01:57 PM, Todd Maugh wrote:
I tested a ssl connection from my ldap server to AD
Ok. What about the ssl connection from the windows AD machine to your
IdM ldap server?
this is the output
openssl s_client -connect qatestdc2.boingoqa.local:636
CONNECTED(0003)
depth=0
On 02/04/2014 01:53 PM, Todd Maugh wrote:
I tried changing the password for a user in AD
this is what the passsync log shows:
02/04/14 12:29:14: Ldap bind error in Connect
81: Can't contact LDAP server
02/04/14 12:49:34: Ldap bind error in Connect
81: Can't contact LDAP server
02/04/14
Following this guide:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html
STEP 4:
ipa-server-install --setup-dns -p 'password' -a 'password' -r
MIOVISION.LINUX -n miovision.linux --hostname ipa1.miovision.linux
but what about the cant contact LDAP server in the passsync log
and are you saying I should try to change one of the passwords in AD for it to
go to IDM, or vice versa?
thanks
From: Rich Megginson [rmegg...@redhat.com]
Sent: Tuesday, February 04, 2014 12:45 PM
On 02/04/2014 01:48 PM, Todd Maugh wrote:
but what about the cant contact LDAP server in the passsync log
LDAP bind error in connect
81: Can't Contact LDAP Server
That means
1) ipa ldap server is down
2) some sort of network problem
3) incorrect host/port specified in passsync config
4)
I tested a ssl connection from my ldap server to AD
this is the output
openssl s_client -connect qatestdc2.boingoqa.local:636
CONNECTED(0003)
depth=0
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
verify error:num=27:certificate not trusted
verify
trying to find a command to check that connection
From: Rich Megginson [rmegg...@redhat.com]
Sent: Tuesday, February 04, 2014 1:02 PM
To: Todd Maugh; d...@redhat.com
Cc: freeipa-users@redhat.com
Subject: Re: Creating password sync
On 02/04/2014 01:57 PM, Todd
Ok. What about the ssl connection from the windows AD machine to your IdM ldap
server?
ld = ldap_sslinit(se-idm-01.boingo.com:636http://se-idm-01.boingo.com:636,
389, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 0 = ldap_connect(hLdap, NULL);
Error 0 =
I'm trying to configure our CentOS IPA Client for Single Sign On from our
trusted AD domain.
SSO works fine when I ssh to the IPA server, but not to the CentOS Client.
It prompts for password which it accepts, so it's getting the
authentication from the AD domain.
Fedora 20 IPA Server
CentOS 6.5
How did you specify the CA cert of the CA that issued the IdM ldap server cert?
On the AD server (qatestdc2) i downloaded the CA from the IDM server
(se-idm-01) from the web url
http://se-idm-01.boingo.com/ipa/config/ca.crt
then I ran this
cd C:\Program Files\Red Hat Directory Password
Hello
I have an ipa-server-2.2.0-16.el6.x86_64 server serving different version
of ipa-clients and so far it has been good. I have noticed that some of our
DEVs have started to ssh into some of the systems that I had no intention
of making available through ssh.
I have tried to revoke specific
I am just doing this now and works fine for me.
The password has to be changed as there is no way to de-crypt the password in
AD and send that. So the .msi you install on each AD server intercepts the
password change while its in plain text and sends it over to IPA, hence only
changes.
I
I would be so grateful for your notes as it looks like im most likely having a
cert issue as well
I'm so damn close to having this thing working, (doesn't help to have your boss
come by every 10 minutes)
I understand the changes concept now, if I can just get it to work
notes just sent
regards
Steven
From: Todd Maugh tma...@boingo.com
Sent: Wednesday, 5 February 2014 11:15 a.m.
To: Steven Jones; Rich Megginson; d...@redhat.com
Cc: freeipa-users@redhat.com
Subject: RE: Creating password sync
I would be so grateful for your
On Tue, 04 Feb 2014, Mark Gardner wrote:
I'm trying to configure our CentOS IPA Client for Single Sign On from our
trusted AD domain.
SSO works fine when I ssh to the IPA server, but not to the CentOS Client.
It prompts for password which it accepts, so it's getting the
authentication from the
On Tue, 04 Feb 2014, William Muriithi wrote:
Hello
I have an ipa-server-2.2.0-16.el6.x86_64 server serving different version
of ipa-clients and so far it has been good. I have noticed that some of our
DEVs have started to ssh into some of the systems that I had no intention
of making available
28 matches
Mail list logo