never mind the problem on the server side, somehow it got fixed , I really
don't know how though
so in the client side , It is successful when installing free ipa client and
the server discovery is fine, my freipa Client is 4.1.0 and my server is 4.0.3
(although somewhere I've read that
It is still really hard to give advise as I do not know what's actually wrong.
So are you trying to set up a sudo on your client or are you trying to log in
with your client browser to FreeIPA server? These are 2 orthogonal actions.
Who gives the Can't I connect to the ipa server error? As I said
well I'm trying to setup sudo in my client machine, also I want to access the
server web browser In the client machine ( is it possible though ? )
well I'm having this error in the client side when using the command su - (
user )
su - u...@example.com
su : u...@example.com does not exist.
On Tue, Nov 11, 2014 at 07:56:14AM +0100, Martin Kosek wrote:
On 11/11/2014 06:37 AM, Rolf Nufable wrote:
or could you guys direct me or guide me on how to deploy this ipa server?
I've been successful deploying ipa version 3.3.5 before but this 4.0 and
above series is really giving me a
On Tue, Nov 11, 2014 at 02:07:57AM -0800, Rolf Nufable wrote:
well I'm trying to setup sudo in my client machine, also I want to access the
server web browser In the client machine ( is it possible though ? )
well I'm having this error in the client side when using the command su - (
user
On 11/10/2014 06:58 PM, Janelle wrote:
Hi --
Has anyone seen this before?
# ipa-replica-manage del kermit.xyzzy.com --force
unexpected error: [Errno -2] Name or service not known
?? Very confused as to What service or name is not known?
This is 4.0.5 running on CentOS 7.
~J
This
On 11.11.2014 11:11, Jakub Hrozek wrote:
On Tue, Nov 11, 2014 at 02:07:57AM -0800, Rolf Nufable wrote:
well I'm trying to setup sudo in my client machine, also I want to access the
server web browser In the client machine ( is it possible though ? )
well I'm having this error in the client
IMHO It's DS bug, can you share DS error log?
pspacek CCed to examine named logs.
Martin^2
On 11/11/14 12:13, Walter van Lille wrote:
Hi Martin, thanks for the reply.
My version: bind-dyndb-ldap-2.3-5.el6.x86_64
The server doesn't have journalctl installed but I have the outputs
from the
I'd like to adjust process settings on freeipa server to fit it better
into virtual instance.
Is it possible to change settings of java, ns-slapd and apache processes
somewhere in config files and what those files are?
For example: ServerLimit, StartServers and things like that typically
set
On 10.11.2014 09:25, Martin Kosek wrote:
On 11/08/2014 12:16 AM, Andrew Powell wrote:
Is there a way to add a Bind $GENERATE directive line to FreeIPA to
automatically name DHCP-assigned ranges?
In a file-based Bind installation, I can have the following line in the
forward
example.com
On Tue, 11 Nov 2014, Roman Naumenko wrote:
I'd like to adjust process settings on freeipa server to fit it better
into virtual instance.
Is it possible to change settings of java, ns-slapd and apache
processes somewhere in config files and what those files are?
Hi,
I'm getting Installed OpenSSH server does not support dynamically loading
authorized user keys. Public key authentication of IPA users will not be
available during ipa client install on CentOS 6.6
Packages openssh-server-6.1p1-5.el6.1.x86_64 and
ipa-client-3.0.0-42.el6.centos.x86_64
Manual
On 11/11/2014 08:48 AM, Natxo Asenjo wrote:
Hi Nalin,
On Mon, Nov 10, 2014 at 5:19 PM, Nalin Dahyabhai na...@redhat.com wrote:
On Mon, Nov 10, 2014 at 04:17:49PM +0100, Natxo Asenjo wrote:
How can I debug this?
First thing would be to run the daemon with additional logging - I
usually use
I've just cleaned out a ton of slapd_poll timed out messages from the
output and changed the names to protect the innocent, :-)
Here is the output as requested:
*[05/Nov/2014:11:44:05 +0200] - SASL encrypted packet length exceeds
maximum allowed limit (length=805634565, limit=2097152). Change
hi Nali,
On Tue, Nov 11, 2014 at 12:57 PM, Martin Kosek mko...@redhat.com wrote:
So if the lurking double encoded certificate is in LDAP, and thus Apache DS
shows is invalid (it shows as OK in my RHEL-7.0 server), maybe the easiest way
to fix it would be to:
- Open your Apache DS
- Back up
On 11.11.2014 13:13, Walter van Lille wrote:
SASL encrypted packet length exceeds
maximum allowed limit
Martin, do you remember where is the appropriate knob?
--
Petr^2 Spacek
--
Manage your subscription for the Freeipa-users mailing list:
Alexander Bokovoy wrote on 11-11-14 6:52:
On Tue, 11 Nov 2014, Roman Naumenko wrote:
I'd like to adjust process settings on freeipa server to fit it
better into virtual instance.
Is it possible to change settings of java, ns-slapd and apache
processes somewhere in config files and what those
On Tue, 11 Nov 2014, Roman Naumenko wrote:
Alexander Bokovoy wrote on 11-11-14 6:52:
On Tue, 11 Nov 2014, Roman Naumenko wrote:
I'd like to adjust process settings on freeipa server to fit it
better into virtual instance.
Is it possible to change settings of java, ns-slapd and apache
On 11/11/2014 01:28 PM, Natxo Asenjo wrote:
hi Nali,
On Tue, Nov 11, 2014 at 12:57 PM, Martin Kosek mko...@redhat.com wrote:
So if the lurking double encoded certificate is in LDAP, and thus Apache DS
shows is invalid (it shows as OK in my RHEL-7.0 server), maybe the easiest
way
to fix it
Ludiwg (CCed) this seems like old (fixed?) DS bug.
On 11/11/14 13:13, Walter van Lille wrote:
I've just cleaned out a ton of slapd_poll timed out messages from the
output and changed the names to protect the innocent, :-)
Here is the output as requested:
*[05/Nov/2014:11:44:05 +0200] - SASL
On 11/11/2014 01:29 PM, Petr Spacek wrote:
On 11.11.2014 13:13, Walter van Lille wrote:
SASL encrypted packet length exceeds
maximum allowed limit
Martin, do you remember where is the appropriate knob?
Do you mean nsslapd-sasl-max-buffer-size setting in cn=config? This is a
related ticket
On 11/11/2014 02:14 PM, Martin Basti wrote:
Ludiwg (CCed) this seems like old (fixed?) DS bug.
hmm, it says limit is 2097152, so it already has the new setting, but
the error message says the packet is 800MB*
*
On 11/11/14 13:13, Walter van Lille wrote:
I've just cleaned out a ton of
On Mon, Nov 10, 2014 at 09:29:04AM -0800, Michael Lasevich wrote:
I can certainly try, it would need to be compatible with CentOS 6.6 though.
-M
Thank you very much, can you try these packages?
Please note they wouldn't fix your problem, but will hopefully shed some
more light on what's
hi,
On Tue, Nov 11, 2014 at 2:13 PM, Martin Kosek mko...@redhat.com wrote:
I meant IPA server running on RHEL/CentOS 6.5 or older... This is the one that
can regenerate CAcert entry without double encoding.
ok.
So I removed the cacert object and ran
ipa-ldap-updater --upgrade --ldapi
(it
Alexander Bokovoy wrote:
On Tue, 11 Nov 2014, Roman Naumenko wrote:
Alexander Bokovoy wrote on 11-11-14 6:52:
On Tue, 11 Nov 2014, Roman Naumenko wrote:
I'd like to adjust process settings on freeipa server to fit it
better into virtual instance.
Is it possible to change settings of java,
Vaclav Adamec wrote:
Hi,
I'm getting Installed OpenSSH server does not support dynamically
loading authorized user keys. Public key authentication of IPA users
will not be available during ipa client install on CentOS 6.6
Packages openssh-server-6.1p1-5.el6.1.x86_64 and
Here it is:
2014-11-11T11:45:33Z DEBUG stderr=
2014-11-11T11:45:33Z DEBUG Backing up system configuration file
'/etc/ssh/ssh_config'
2014-11-11T11:45:33Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2014-11-11T11:45:33Z INFO Configured /etc/ssh/ssh_config
Vaclav Adamec wrote:
Here it is:
2014-11-11T11:45:33Z DEBUG stderr=
2014-11-11T11:45:33Z DEBUG Backing up system configuration file
'/etc/ssh/ssh_config'
2014-11-11T11:45:33Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2014-11-11T11:45:33Z INFO Configured
On 11/11/2014 06:20 AM, Ludwig Krispenz wrote:
On 11/11/2014 02:14 PM, Martin Basti wrote:
Ludiwg (CCed) this seems like old (fixed?) DS bug.
hmm, it says limit is 2097152, so it already has the new setting, but
the error message says the packet is 800MB*
*
*Right. That usually means the
On 11/11/2014 02:47 PM, Natxo Asenjo wrote:
hi,
On Tue, Nov 11, 2014 at 2:13 PM, Martin Kosek mko...@redhat.com wrote:
I meant IPA server running on RHEL/CentOS 6.5 or older... This is the one
that
can regenerate CAcert entry without double encoding.
ok.
So I removed the cacert
hi,
This seems to happen only in 32bits vm's. At least in my limited
testing, 2 out 2 32bits hosts running 6.5 after upgrading have this
problem. A amd64 host is ok.
$ rpm -qa | grep certmonger
certmonger-0.75.13-1.el6.x86_64
$ rpm -qa | grep certmonger
certmonger-0.75.13-1.el6.i686
--
On Tue, Nov 11, 2014 at 08:48:18AM +0100, Natxo Asenjo wrote:
2014-11-11 08:34:33 [11677] Certificate Local Signing Authority
valid for 31473668s.
2014-11-11 08:34:33 [11677] Running result is 1481416576.
2014-11-11 08:34:33 [11677] Final result is 1481416576.
Okay, that's weird. The result
openssh-6.1p1-5.el6.1.x86_64
libssh2-1.4.2-1.el6.x86_64
openssh-clients-6.1p1-5.el6.1.x86_64
openssh-server-6.1p1-5.el6.1.x86_64
it's up2date centos66 with 6.1 openssh, but same issue is for 6.7. I'll
check rpmspec if there is no issue with dynamically loading authorized user
keys, I'm not aware
On 11/11/14 15:58, Rich Megginson wrote:
On 11/11/2014 06:20 AM, Ludwig Krispenz wrote:
On 11/11/2014 02:14 PM, Martin Basti wrote:
Ludiwg (CCed) this seems like old (fixed?) DS bug.
hmm, it says limit is 2097152, so it already has the new setting, but
the error message says the packet is
On 11/11/2014 10:37 AM, Martin Basti wrote:
On 11/11/14 15:58, Rich Megginson wrote:
On 11/11/2014 06:20 AM, Ludwig Krispenz wrote:
On 11/11/2014 02:14 PM, Martin Basti wrote:
Ludiwg (CCed) this seems like old (fixed?) DS bug.
hmm, it says limit is 2097152, so it already has the new setting,
On Tue, Nov 11, 2014 at 11:13:12AM -0500, Nalin Dahyabhai wrote:
Since you mention that this seems to be specific to 32-bit boxes, I
think I need to switch to that one to try to sort out what's happening
here, since I'm on a 64-bit box.
Okay, found it, and as 64-bit cleanliness sometimes is,
Hi all..
I continue to come up with strange and unusual problems. Here is a new
one - use the dbmon.sh script and trying to tune the dbcache...
This is on a replica BTW
First -- THIS WORKS:
INCR=60 BINDDN=cn=directory manager BINDPW=asecret VERBOSE=2 dbmon.sh
and I see all the info I
On 11/11/2014 11:30 AM, Janelle wrote:
Hi all..
I continue to come up with strange and unusual problems. Here is a new
one - use the dbmon.sh script and trying to tune the dbcache...
This is on a replica BTW
First -- THIS WORKS:
INCR=60 BINDDN=cn=directory manager BINDPW=asecret VERBOSE=2
On Tue, 11 Nov 2014 04:17:37 +
Les Stott l...@imagine-sw.com wrote:
-Original Message-
From: Fraser Tweedale [mailto:ftwee...@redhat.com]
Sent: Tuesday, 11 November 2014 1:59 PM
To: Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] how to overcome same
On Tue, 11 Nov 2014 14:19:02 -0500
Simo Sorce s...@redhat.com wrote:
On Tue, 11 Nov 2014 04:17:37 +
Les Stott l...@imagine-sw.com wrote:
-Original Message-
From: Fraser Tweedale [mailto:ftwee...@redhat.com]
Sent: Tuesday, 11 November 2014 1:59 PM
To: Les Stott
Cc:
Fraser Tweedale wrote:
On Tue, Nov 11, 2014 at 04:17:37AM +, Les Stott wrote:
-Original Message-
From: Fraser Tweedale [mailto:ftwee...@redhat.com]
Sent: Tuesday, 11 November 2014 1:59 PM
To: Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] how to overcome
In this case it is the exact password and it worked in the first line
but not in the second.
Now to make things even more strange -- I have 8 replicas -- and 3 of
them show this problem, the others do not -- WOW..
My brain is going to explode today. :-)
~J
Rich Megginson
On 11/11/2014 12:33 PM, Janelle wrote:
In this case it is the exact password and it worked in the first line
but not in the second.
Now to make things even more strange -- I have 8 replicas -- and 3 of
them show this problem, the others do not -- WOW..
My brain is going to explode today.
On Tue, 11 Nov 2014, Janelle wrote:
In this case it is the exact password and it worked in the first line
but not in the second.
Now to make things even more strange -- I have 8 replicas -- and 3 of
them show this problem, the others do not -- WOW..
cn=config subtree is not replicated in
Sending you logs directly. Thanks.
-M
On 11/11/14, 5:33 AM, Jakub Hrozek wrote:
On Mon, Nov 10, 2014 at 09:29:04AM -0800, Michael Lasevich wrote:
I can certainly try, it would need to be compatible with CentOS 6.6 though.
-M
Thank you very much, can you try these packages?
Please note
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Wednesday, 12 November 2014 6:33 AM
To: Fraser Tweedale; Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] how to overcome same serial number in cert
issue on different master servers?
Adding freeipa-users list back. Would the ipa.strace log below then tell which
name resolution fail?
On 11/11/2014 05:36 PM, Janelle wrote:
On all the systems, besides being in DNS (external server) they are all in
/etc/hosts, so not sure why that would error.
But indeed they all resolve in
On 11/12/2014 04:09 AM, Rolf Nufable wrote:
I have another question, well I've achieved the state where I can't log in to
my admin account in the server side, it happens because I'm changing the time
of the server machine.
but the time is really wrong. and I disabled NTP and the server
48 matches
Mail list logo