On Mon, Apr 13, 2015 at 01:02:18PM -0400, David Guertin wrote:
Said that, you can set default domain in SSSD configuration on the
legacy clients (RHEL 5) as then SSSD will ensure proper fully-qualified
name will be sent towards compat tree and non-qualified name can be
asked on the client
Just a follow up. I thought that making NFS a service in IPA takes care of
this, but it looks like the issues are unrelated. Home directories are
created automatically if the user logs in to the NFS server, but I haven't
found any solution to trigger this from a client without using
no_root_squah
On Apr 13, 2015, at 1:33 PM, Martin Kosek mko...@redhat.com wrote:
On 04/12/2015 05:27 AM, Brian Topping wrote:
Hi all, trying to figure out if I may have contaminated my ACIs in the
process of upgrading my replicated deployment. I didn't upgrade the
instances at the same time, is there
Hi,
It's an in-house program which runs on one kerberos user.
On Tue, Apr 14, 2015 at 5:34 AM, Dmitri Pal d...@redhat.com wrote:
On 04/13/2015 08:23 AM, Thomas Lau wrote:
Hi,
These problem appear randomly, sometime it still work even under heavy
packet loss, some times would be like this.
One of our environments has a Freeipa3 sever installed and I need to upgrade it
to FreeIPA 4. I brought up RHEL 7 server and installed FreeIPA 4 as a replica
of the FreeIPA3 box. But now I’m stuck. I can’t find any good documentation on
how to promote the new FreeIPA4 server and take the old
On 04/13/2015 07:26 PM, Aric Wilisch wrote:
One of our environments has a Freeipa3 sever installed and I need to
upgrade it to FreeIPA 4. I brought up RHEL 7 server and installed
FreeIPA 4 as a replica of the FreeIPA3 box. But now I'm stuck. I can't
find any good documentation on how to
I didn’t see this guide until now. The IPA3 server started off as a RHEL 6.6
server so no upgrade is necessary, but I simply generated the replica file and
created the IPA 4 server as a replica. Aside from the CA not being there the
server looks to be working fine and shows up as a master.
Hello,
usually domain users used to run services AND to make some administration work.
Some of users only used to run services. Also, there is a number of domain
users, for example, oracle which is very important for application life, so
we duplicating such users locally, to make sure it
On Mon, Apr 13, 2015 at 01:15:09PM +0800, Thomas Lau wrote:
Hi all,
We have cronjob which running on a FreeIPA LDAP user; When connection
between IPA server and client having heavy packet loss, following
error would occur:
CRON[20637]: Authentication service cannot retrieve authentication
Hello!
On 11.4.2015 12:08, Christoph Kaminski wrote:
have some questions about DNS in IPA...
first some info to our DNS structure:
we have 4 internale domains and a lot of subdomains, for example:
domain:
ourdom.int
subdomains:
- mgmt.ourdom.int
- io.ourdom.int
-
On 04/13/2015 08:31 AM, Martin Kosek wrote:
On 04/11/2015 11:34 AM, Christoph Kaminski wrote:
Hi All
with the cmd:
ipa-replica-manage -v list myipaserver
I can see the status of the replication... But I dont understand the field
'last update ended'. What shows the field? The last
On 04/11/2015 11:34 AM, Christoph Kaminski wrote:
Hi All
with the cmd:
ipa-replica-manage -v list myipaserver
I can see the status of the replication... But I dont understand the field
'last update ended'. What shows the field? The last SUCCESSFULLY update?
The last TRY to update?
Thank you, Rob for your response
On 08.04.2015 21:07, Rob Crittenden wrote:
I assume you can't do this because the original host is lost, right?
Year, you right.
Every IPA master is a equal, some are just more equal than others. The
key bit that distinguishes them is whether there is a CA
On 04/11/2015 09:51 PM, Traiano Welcome wrote:
Hi
I got this error while installing an IPA replica of my primary master
IDM server:
.LDAPUpdate: ERRORAdd failure missing required attribute objectclass
Replica add command:
ipa-replica-install --setup-ca --setup-dns
On Mon, 13 Apr 2015, Traiano Welcome wrote:
Hi List
The deployment I'm contemplating is as follows:
1. FreeIPA master at a central site,with AD Trust established to the primary DC.
2. Replicas of the FreeIPA master at 4 other sites (with varying WAN
latency between central and site),with
In our newly-setup IPA environment, users can log in to RHEL clients
with the username username@addomain. This works, but I've run into a
problem with some RHEL 5 clients that are Apache servers -- the Apache
UserDir mappings no longer work. Many of the users have web pages served
from the
On 2015-04-10 12:05, Petr Spacek wrote:
On 10.4.2015 10:52, Janne Blomqvist wrote:
On 2015-04-07 14:29, Martin Kosek wrote:
On 04/05/2015 08:03 PM, Dmitri Pal wrote:
On 04/05/2015 12:51 PM, Janelle wrote:
Hello,
Trying to find a way on a multi-homed server to force IPA and its
On Mon, Apr 13, 2015 at 10:23:08AM -0400, David Guertin wrote:
In our newly-setup IPA environment, users can log in to RHEL clients with
the username username@addomain. This works, but I've run into a problem
with some RHEL 5 clients that are Apache servers -- the Apache UserDir
mappings no
Hi Rob,
So you want to output of the command using pk12 with server cert and key?
or with the ca chain in there too?
Regards,
David
2015-04-13 16:28 GMT+02:00 Rob Crittenden rcrit...@redhat.com:
David Dejaeghere wrote:
Hi,
I get the same error when I use a pk12 with only the server
David Dejaeghere wrote:
Hi,
I get the same error when I use a pk12 with only the server certificate
(and key) in it.
Not sure what else I can try.
I'd need to see the full output again.
rob
Regards,
D
2015-04-11 0:23 GMT+02:00 Rob Crittenden rcrit...@redhat.com
On Mon, 13 Apr 2015, David Guertin wrote:
In our newly-setup IPA environment, users can log in to RHEL clients
with the username username@addomain. This works, but I've run into a
problem with some RHEL 5 clients that are Apache servers -- the Apache
UserDir mappings no longer work. Many of
Hi,
These problem appear randomly, sometime it still work even under heavy
packet loss, some times would be like this. So its hard to catch.
On Apr 13, 2015 3:22 PM, Jakub Hrozek jhro...@redhat.com wrote:
On Mon, Apr 13, 2015 at 01:15:09PM +0800, Thomas Lau wrote:
Hi all,
We have cronjob
Said that, you can set default domain in SSSD configuration on the
legacy clients (RHEL 5) as then SSSD will ensure proper fully-qualified
name will be sent towards compat tree and non-qualified name can be
asked on the client (RHEL 5) side.
I was able to do this on RHEL 6/sssd 1.11 with
On Mon, 13 Apr 2015, Gould, Joshua wrote:
On 4/13/15, 11:37 AM, Alexander Bokovoy aboko...@redhat.com wrote:
Through external users' groups mechanism we use for any other AD users
mapping in HBAC and SUDO. These are not local (not defined in IPA but
defined on the host) groups and users but
On 4/13/15, 11:37 AM, Alexander Bokovoy aboko...@redhat.com wrote:
Through external users' groups mechanism we use for any other AD users
mapping in HBAC and SUDO. These are not local (not defined in IPA but
defined on the host) groups and users but rather AD groups and users.
ipa group-add
Hi Alex,
Just because I gave up doesn't mean there isn't a way. Does your partitioning
of local/domain users allow a domain user to run a service on a machine? I was
trying to run an iPython notebook server as my regular user/domain account via
systemd. Much of the data that the service
I’ve looked at the docs and it looks as if I can specify an external user who
can have sudo rights via IPA.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/defining-sudorules.html#about-external-sudo
The issue
On Mon, 13 Apr 2015, Gould, Joshua wrote:
I’ve looked at the docs and it looks as if I can specify an external
user who can have sudo rights via IPA.
28 matches
Mail list logo
