On Mon, Apr 06, 2015 at 08:01:46PM -0500, Dan Mossor wrote:
On 04/05/2015 12:51 PM, Dmitri Pal wrote:
On 04/05/2015 12:10 AM, Dan Mossor wrote:
I've recently deployed a new domain based on 4.1.2 in F21. We've
noticed an issue and can't quite seem to nail it down. The problem is
that logins
On 5.4.2015 20:03, Dmitri Pal wrote:
On 04/05/2015 12:51 PM, Janelle wrote:
Hello,
Trying to find a way on a multi-homed server to force IPA and its related
apps to listen on a specific interface. I can find all kinds of info saying
the services listen on all interfaces by default so there
On Sat, 04 Apr 2015, Coy Hile wrote:
Hi all,
What purpose does this package serve? The way I’ve done Kerberos
between Active Directory and AD, the trust was always one way
(outgoing): the MIT realm is authoritative and AD “shadow accounts”
were mapped to ‘real’ principals via the
Hi Thierry,
Thanks for the reply.
Turned out that the slapi-plugin was not ignoring the replicated
operations. Problem solved.
Regards.
--Prashant
On 6 April 2015 at 23:25, thierry bordaz tbor...@redhat.com wrote:
Hello Prashant,
If you are able to reproduce the problem (ipasshpubkey not
Hello,
comments inline
Martin
On 02/04/15 18:54, Christoph Kaminski wrote:
see this in ipupgrade.log
2015-04-02T11:27:02Z ERROR Pre schema upgrade failed with [Errno 111]
Connection refused
2015-04-02T11:27:02Z DEBUG Traceback (most recent call last):
File
Hi,
I gave it a try, but neither ~/.ipa/default.conf or
/etc/ipa/default.conf did work. I also tried "to fool" the
ipa-server-install script by pausing it and wait for the CA to
start. After "un-pausing" the script the same error occurs: "CA did not start
On Tue, Apr 07, 2015 at 11:12:40AM +0200, Martin (Lists) wrote:
Am 05.04.2015 um 11:51 schrieb Martin (Lists):
Hallo
I have a similar issue. On login (graphic systems and ssh) and on the
screen saver I have a delay from about 2 secons to 10 seconds.
According to my logfile i have
I realize the default.conf is replaced during install, pausing IPA will
not help.
The easiest way is modify the source file.
ipalib/constants.py:('startup_timeout', 300),
The file should be in /usr/lib/python2.7/site-packages/ipalib/constants.py
Modify file and run ipa-server-install, it
Am 05.04.2015 um 11:51 schrieb Martin (Lists):
Hallo
I have a similar issue. On login (graphic systems and ssh) and on the
screen saver I have a delay from about 2 secons to 10 seconds.
According to my logfile i have the following timeline at login:
0 pam_unix (auth)
3
I have deployed FreeIPA on RedHat 7 and everything is working perfectly fine
except when I try to configure SUDO. All my clients are all centos 6 and
RedHat 6 clients and have the below config . I have followed every how-to
and I just can't seem to get it.I have configured the sudo commands and
On 04/07/2015 10:51 AM, Prashant Bapat wrote:
Hi Thierry,
Thanks for the reply.
Turned out that the slapi-plugin was not ignoring the replicated
operations. Problem solved.
Great news !
regards
thierry
Regards.
--Prashant
On 6 April 2015 at 23:25, thierry bordaz tbor...@redhat.com
Dear All,
Replication was working fine for the last 1 month and recently the replica
server (ipa2) is having some hardware issue and it was down for a week.
Replication is not working once the machine is up. Please help.
[root@ipa etc]# service dirsrv status
dirsrv PKI-IPA (pid 29954) is
On 04/03/2015 03:36 PM, Brian Topping wrote:
On Apr 3, 2015, at 6:17 AM, Dmitri Pal d...@redhat.com wrote:
On 04/03/2015 01:51 AM, Brian Topping wrote:
Great work on 4.1.0! As a CentOS user, I am able to convey the 3.x -
4.1.0 upgrade went smoothly via the CentOS 7.0 - 7.1 upgrade on my
On 07/04/15 13:13, Sanju A wrote:
Dear All,
Replication was working fine for the last 1 month and recently the
replica server (ipa2) is having some hardware issue and it was down
for a week.
Replication is not working once the machine is up. Please help.
[root@ipa etc]# service dirsrv
On Tue, Apr 07, 2015 at 11:58:35AM +0200, Chamambo Martin wrote:
I have deployed FreeIPA on RedHat 7 and everything is working perfectly fine
except when I try to configure SUDO. All my clients are all centos 6 and
RedHat 6 clients and have the below config . I have followed every how-to
and I
On 04/03/2015 11:39 AM, James James wrote:
Hello,
I want to initialize a new replica with an external CA. My Certificate
Authority wants a CSR with the field emailAddress in the subject like :
/C=FR/O=TESTO/OU=TESTOU/CN=*.example.com/emailAddress=n...@none.com
I am not a bit confused. Do
Sorry for the confusion about that one ,that client I used to aunthenticate
to a pure 389 directory server and I have since changed it to free ipa and
below is the correct configuration.
I managed to add the line sudo_provider = ipa and im getting the below error
on my client
[admin@ironhide
On 04/01/2015 08:42 PM, Janelle wrote:
the example of a blank screen -- anyone seen this before? Seems to be very
random, but across all browsers.
~J
Hello Janelle,
Do you see any errors in browser console (part of browser developer
tools, usually opened by F12 key) when this happen?
On 04/03/2015 04:45 PM, Tamas Papp wrote:
On 04/03/2015 03:46 PM, Brian Topping wrote:
On Apr 3, 2015, at 6:48 AM, Tamas Papp tom...@martos.bme.hu wrote:
hi All,
I have CentOS 6.6 server and want to upgrade to 7.1.
What is the upgrade path, can I do it directly or first I need to make
On 04/03/2015 08:25 PM, Dmitri Pal wrote:
On 04/03/2015 02:03 PM, James James wrote:
Hi everybody, sorry to repost my original question but this time my problem
is better described.
I want to install a ipa sever on centos 6 with an external ca. My problem is
to add emailAddress in the
On Tue, Apr 07, 2015 at 12:48:37PM +0200, Chamambo Martin wrote:
Sorry for the confusion about that one ,that client I used to aunthenticate
to a pure 389 directory server and I have since changed it to free ipa and
below is the correct configuration.
I managed to add the line sudo_provider
On 04/05/2015 08:03 PM, Dmitri Pal wrote:
On 04/05/2015 12:51 PM, Janelle wrote:
Hello,
Trying to find a way on a multi-homed server to force IPA and its related
apps to listen on a specific interface. I can find all kinds of info saying
the services listen on all interfaces by default so
Hello,
I am trying to setup a replica for my master which has been setup with an
external CA to use our godaddy wildcard certificate.
The ipa-replica-prepare is failing with the following debug information.
I am using --http-cert and --dirsrv-cert with my pk12 server certificate.
What can I
On Apr 3, 2015, at 14:40, Bobby Prins bobby.pr...@proxy.nl wrote:
- Oorspronkelijk bericht -
Van: Alexander Bokovoy aboko...@redhat.com
Aan: Bobby Prins bobby.pr...@proxy.nl
Cc: d...@redhat.com, freeipa-users@redhat.com
Verzonden: Vrijdag 3 april 2015 14:26:17
Onderwerp: Re:
ok.
Is there a way to migrate from an external CA to a CA-less or a self-signed
CA ?
2015-04-07 12:51 GMT+02:00 Martin Kosek mko...@redhat.com:
On 04/03/2015 11:39 AM, James James wrote:
Hello,
I want to initialize a new replica with an external CA. My Certificate
Authority wants a
Dear Martin,
Thanks for your help and the replication issue got resolved after syncing
the time. But I am not able to login to the replica server web ui. Keep on
getting Your session has expired. Please re-login.. Please find the
logs.
[07/Apr/2015:17:24:49 +051800] csngen_new_csn - Warning:
Thanx Jakub for pointing me to the right direction .This is what I have now
and I have increased the debug level during troubleshooting
[domain/ai.co.zw]
debug_level=3
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ai.co.zw
id_provider = ipa
sudo_provider = ipa
On Tue, Apr 07, 2015 at 01:55:43PM +0200, Chamambo Martin wrote:
Thanx Jakub for pointing me to the right direction .This is what I have now
and I have increased the debug level during troubleshooting
[domain/ai.co.zw]
debug_level=3
cache_credentials = True
On 04/07/2015 01:44 PM, James James wrote:
ok.
Is there a way to migrate from an external CA to a CA-less or a self-signed
CA ?
Yes, you can use ipa-cacert-manage tool introduced in FreeIPA 4.1.0:
https://www.freeipa.org/page/Howto/CA_Certificate_Renewal
I will try to give a better explanation :
I have a CentOS 6.6 with ipa 3.0 named ipa-master. ipa-master has been
installed with an external CA about 3 years ago and I will have to renew
the certificate soon.
I have created a test server (ipa-dev) with the same configuration (centos
6.6 and ipa
Great!
additional comments inline
Martin
On 07/04/15 13:56, Sanju A wrote:
Dear Martin,
Thanks for your help and the replication issue got resolved after
syncing the time. But I am not able to login to the replica server web
ui. Keep on getting Your session has expired. Please re-login..
On Mon, 2015-04-06 at 21:16 -0400, Coy Hile wrote:
In MIT land, one can potentially have multiple instances tied (by
convention) to a given user (that is, that administratively one knows
are the same set of eyeballs). For example, I might have my normal
user (hile), and I might have another
Thanx for the feedback ,let me read a bit and will share how I managed to
resolve it
-Original Message-
From: Lukas Slebodnik [mailto:lsleb...@redhat.com]
Sent: Tuesday, April 07, 2015 2:16 PM
To: Jakub Hrozek
Cc: Chamambo Martin; freeipa-users@redhat.com
Subject: Re: [Freeipa-users]
On Tue, 2015-04-07 at 14:16 +, coy.h...@coyhile.com wrote:
Quoting Simo Sorce s...@redhat.com
On Mon, 2015-04-06 at 21:16 -0400, Coy Hile wrote:
In MIT land, one can potentially have multiple instances tied (by
convention) to a given user (that is, that administratively one knows
On 04/07/2015 02:08 PM, James James wrote:
I will try to give a better explanation :
I have a CentOS 6.6 with ipa 3.0 named ipa-master. ipa-master has been
installed with an external CA about 3 years ago and I will have to renew
the certificate soon.
I have created a test server
Hey all, I’m having a problem with integrating a FreeIPA4 infrastructure to an
AD environment.
AD Domain is fioptics.int
FreeIPA infrastructure is preprod.fioptics.int
The AD Controller in this environment is at 10.32.145.134
The FreeIPA 4 server is at 10.32.146.40
I’m attaching the
Quoting Simo Sorce s...@redhat.com
On Mon, 2015-04-06 at 21:16 -0400, Coy Hile wrote:
In MIT land, one can potentially have multiple instances tied (by
convention) to a given user (that is, that administratively one knows
are the same set of eyeballs). For example, I might have my normal
user
On Tue, Apr 07, 2015 at 05:57:49PM +0200, Martin (Lists) wrote:
Hallo
attached you can find the data from krb_child.log. As far as I can see
it, the three seconds are due to the communication with the kerberos
server. (1.2.3.4 is my server).
regards
Martin
Yes. It looks like kinit takes
On Tue, 2015-04-07 at 17:57 +0200, Martin (Lists) wrote:
Hallo
attached you can find the data from krb_child.log. As far as I can see
it, the three seconds are due to the communication with the kerberos
server. (1.2.3.4 is my server).
Do you experience the same latency if you kinit manually
On 04/07/2015 03:05 AM, Jakub Hrozek wrote:
On Mon, Apr 06, 2015 at 08:01:46PM -0500, Dan Mossor wrote:
On 04/05/2015 12:51 PM, Dmitri Pal wrote:
Several tips.
Please check your DNS configuration.
Such delay is usually caused by the DNS lookups timing out. That means
that the servers probably
Hello,
I’m wondering if establishing two way trust or one way trust in upcoming 4.2
release somehow is going to affect FreeIPA feature set, like ability to add
windows groups to external groups or anything else I may not think of right now?
Our Windows security team is expressing concerns
hi,
On Fri, Apr 3, 2015 at 4:41 PM, Dmitri Pal d...@redhat.com wrote:
On 04/03/2015 09:46 AM, Brian Topping wrote:
On Apr 3, 2015, at 6:48 AM, Tamas Papp tom...@martos.bme.hu
tom...@martos.bme.hu wrote:
hi All,
I have CentOS 6.6 server and want to upgrade to 7.1.
What is the upgrade
On Tue, 07 Apr 2015, Andrey Ptashnik wrote:
Hello,
I’m wondering if establishing two way trust or one way trust in
upcoming 4.2 release somehow is going to affect FreeIPA feature set,
like ability to add windows groups to external groups or anything else
I may not think of right now?
No, it
On Tue, 2015-04-07 at 18:54 +, Coy Hile wrote:
Quoting Simo Sorce s...@redhat.com:
I guess that makes sense. Is it possible to add a user that simply
doesn't have the posix attributes defined? In the particular case of
*/admin, I would expect that user to login to the ipa ui or
Quoting Simo Sorce s...@redhat.com:
I guess that makes sense. Is it possible to add a user that simply
doesn't have the posix attributes defined? In the particular case of
*/admin, I would expect that user to login to the ipa ui or to be
kinit'd to prior to running ipa administrative
On Tue, Apr 07, 2015 at 01:15:46PM -0500, Dan Mossor wrote:
On 04/07/2015 03:05 AM, Jakub Hrozek wrote:
On Mon, Apr 06, 2015 at 08:01:46PM -0500, Dan Mossor wrote:
On 04/05/2015 12:51 PM, Dmitri Pal wrote:
Several tips.
Please check your DNS configuration.
Such delay is usually caused by the
On 4/6/15, 2:26 PM, Gould, Joshua joshua.go...@osumc.edu wrote:
On 4/4/15, 9:57 AM, Sumit Bose sb...@redhat.com wrote:
Really strange but SSO is working from the test Windows box to both the
IPA server and client. No changes were made other than I added the linux
client to the IPA domain. (It
On 04/07/2015 10:22 AM, Simo Sorce wrote:
On Tue, 2015-04-07 at 14:16 +, coy.h...@coyhile.com wrote:
Quoting Simo Sorce s...@redhat.com
On Mon, 2015-04-06 at 21:16 -0400, Coy Hile wrote:
In MIT land, one can potentially have multiple instances tied (by
convention) to a given user (that
On 04/07/2015 03:04 PM, Natxo Asenjo wrote:
hi,
On Fri, Apr 3, 2015 at 4:41 PM, Dmitri Pal d...@redhat.com
mailto:d...@redhat.com wrote:
On 04/03/2015 09:46 AM, Brian Topping wrote:
On Apr 3, 2015, at 6:48 AM, Tamas Papptom...@martos.bme.hu
mailto:tom...@martos.bme.hu wrote:
On Apr 7, 2015, at 2:58 PM, Simo Sorce s...@redhat.com wrote:
On Tue, 2015-04-07 at 18:54 +, Coy Hile wrote:
Quoting Simo Sorce s...@redhat.com:
I guess that makes sense. Is it possible to add a user that simply
doesn't have the posix attributes defined? In the particular case
On Tue, 2015-04-07 at 22:01 -0400, Coy Hile wrote:
On Apr 7, 2015, at 2:58 PM, Simo Sorce s...@redhat.com wrote:
On Tue, 2015-04-07 at 18:54 +, Coy Hile wrote:
Quoting Simo Sorce s...@redhat.com:
I guess that makes sense. Is it possible to add a user that simply
doesn't
Dne 7.4.2015 v 15:31 Martin Kosek napsal(a):
On 04/07/2015 02:08 PM, James James wrote:
I will try to give a better explanation :
I have a CentOS 6.6 with ipa 3.0 named ipa-master. ipa-master has been
installed with an external CA about 3 years ago and I will have to renew
the certificate
52 matches
Mail list logo