On 05/05/2015 12:38 PM, Vaclav Adamec wrote:
Hi,
I tried migrate to newest version IPA, but result is quite unstable and
removing old replicas ends with RUV which cannot be decoded (it stucked in
queue forever):
ipa-replica-manage del ipa-master-dmz002.test.com -fc
Cleaning a master is
On 05/05/2015 01:27 PM, Martin Kosek wrote:
On 05/05/2015 12:38 PM, Vaclav Adamec wrote:
Hi,
I tried migrate to newest version IPA, but result is quite unstable and
removing old replicas ends with RUV which cannot be decoded (it stucked in
queue forever):
ipa-replica-manage del
On Tue, May 05, 2015 at 11:43:34PM +0300, Timo Aaltonen wrote:
On 05.05.2015 23:27, Andrew Sacamano wrote:
Thanks again Lukas and Timo,
I'm very sorry it took so long for me to get to this - I got pulled into
an urgent project at work and am just getting my head above water today.
From this link :
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/active-directory-trust.html#comp-trust-krb
The diagram in that section shows the client communicating with FreeIPA and
FreeIPA contacting AD.
So why are you saying the
On Tue, May 05, 2015 at 02:21:40PM -0700, nat...@nathanpeters.com wrote:
I'm a little confused by that.
If I add the AD dc, will my client try to contact AD directly to get a
ticket?
Doesn't it have to do get the ticket through FreeIPA by proxy somehow?
No, authentication is always
Hi
we have some undefinably problems here with IPA inside a VM (rhev/kvm). We
has often zombie processes (defunct) with certmonger and dirsrv and
segfaults (dmesg)... We have 8 IPA servers, 4 Hardware and 4 VM's with
same Install (rhel7.1). We see these problems only on the VM's. Is there
On 05/04/2015 09:38 PM, Janelle wrote:
On 5/4/15 6:06 PM, Nathaniel McCallum wrote:
On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote:
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem trying to figure out. On a
CLIENT, (CentOS 7.1) if I login to account
On 05/05/2015 07:49 AM, Ludwig Krispenz wrote:
On 05/05/2015 01:27 PM, Martin Kosek wrote:
On 05/05/2015 12:38 PM, Vaclav Adamec wrote:
Hi,
I tried migrate to newest version IPA, but result is quite
unstable and
removing old replicas ends with RUV which cannot be decoded (it
stucked in
I am getting some really strange winbindd errors in my logs on a new
install of FreeIPA 4.1.4 server.
Any ideas what these mean? This is on the server, so I don't see how the
server could not contact itself.
The kerberos service is definitely running on this server because i can
kinit and klist
Hmm, so if this is the [realms] section of my /etc/krb5.conf what do I
have to do ?
[realms]
IPADOMAIN.NET = {
kdc = dc1.ipadomain.net:88
master_kdc = dc1.ipadomain.net:88
admin_server = dc1.ipadomain.net:749
default_domain = ipadomain.net
pkinit_anchors = FILE:/etc/ipa/ca.crt
On Tue, May 05, 2015 at 09:09:51AM -0700, nat...@nathanpeters.com wrote:
I am having some strange issues after upgrade from FreeIPA 4.1.2 to
4.1.3/4.1.4 on CentOS 7.
Here is my setup:
FreeIPA domain : ipadomain.net
Trusted AD domain : sub.addomain.net
In my AD domain, we have our UPN set
I am having some strange issues after upgrade from FreeIPA 4.1.2 to
4.1.3/4.1.4 on CentOS 7.
Here is my setup:
FreeIPA domain : ipadomain.net
Trusted AD domain : sub.addomain.net
In my AD domain, we have our UPN set to addomain.net so users typically
login as usern...@addomain.net instead of
Ok, so removing all replicas + uninstall and remove all ruv (except master)
via cleanruv script seems to works. Thanks everybody for help, I'll try it
in production now
Vasek
On Tue, May 5, 2015 at 4:49 PM, Mark Reynolds marey...@redhat.com wrote:
On 05/05/2015 07:49 AM, Ludwig Krispenz
FYI, this is what I get when I added another realm section to my
/etc/krb5.conf
May 05 18:00:26 dc1.ipadomain.net [sssd[krb5_child[2792]]][2792]: Looping
detected inside krb5_get_in_tkt
May 05 18:00:26 dc1.ipadomain.net [sssd[krb5_child[2792]]][2792]: Looping
detected inside krb5_get_in_tkt
May
On 05/02/2015 05:03 PM, Alexander Bokovoy wrote:
- Original Message -
Do we have any plans to implement in future?
Yes, once we get everything ready for fully working AD trusts support
(i.e. IPA users being able to login to Windows machines). The reason for that
is because we will
On Mon, May 04, 2015 at 09:37:11PM -0400, Megan . wrote:
Good Evening!
I'm running 3.0.0-42 on Centos 6.6.
I setup a number of sudo commands today with regular expressions and
now users seem to be having issues running any sudo command. Are
there any known issues with having regex in
On 05/04/2015 08:50 PM, Redmond, Stacy wrote:
I am running a RHEL7 IPA Server ipa-server 3.3.3-28
RHEL6 clients running IPA Client 3.0.0-42
I have setup an AD trust which works great, however I want to make it
so the users don’t have to use @realm to login and that their home
directory
On 05/04/2015 01:19 PM, Harald Dunkel wrote:
Hi folks,
Instead of a self-signed certificate I would like to use an external
CA to sign freeipa's CSR (ipa-server-install --external-ca).
Question:
Is pathlen:0, e.g.
basicConstraints=critical,CA:TRUE, pathlen:0
sufficient for
Hello!
On 05/05/2015 03:37 AM, Megan . wrote:
Good Evening!
I'm running 3.0.0-42 on Centos 6.6.
I setup a number of sudo commands today with regular expressions and
now users seem to be having issues running any sudo command. Are
there any known issues with having regex in sudo commands
On 05/05/2015 03:37 AM, Megan . wrote:
Good Evening!
I'm running 3.0.0-42 on Centos 6.6.
I setup a number of sudo commands today with regular expressions and
now users seem to be having issues running any sudo command. Are
there any known issues with having regex in sudo commands within
Hello, I thought I saw something like this asked before but after searching
the archive it seems I can't find it.
I am using FreeIPA 3.3.3 on Cent 7 from EPEL. Is it possible using native
ldap tools, ldapadd and ldappasswd in particular, for user creation and
password management?
I am trying to
Alan Evans wrote:
Hello, I thought I saw something like this asked before but after
searching the archive it seems I can't find it.
I am using FreeIPA 3.3.3 on Cent 7 from EPEL. Is it possible using
native ldap tools, ldapadd and ldappasswd in particular, for user
creation and password
Thanks again Lukas and Timo,
I'm very sorry it took so long for me to get to this - I got pulled into an
urgent project at work and am just getting my head above water today.
I've filed https://fedorahosted.org/sssd/ticket/2648
Many thanks again, and please let me know if there is anything I
I did notice the same behavior.
This is my setup:
[root@ipa-idm]# yum list installed ipa-*
Installed Packages
ipa-admintools.x86_64
4.1.0-18.el7_1.3
On 05/05/2015 03:48 PM, Alan Evans wrote:
Hello, I thought I saw something like this asked before but after
searching the archive it seems I can't find it.
I am using FreeIPA 3.3.3 on Cent 7 from EPEL. Is it possible using
native ldap tools, ldapadd and ldappasswd in particular, for user
On Tue, May 05, 2015 at 09:53:38AM -0700, nat...@nathanpeters.com wrote:
Hmm, so if this is the [realms] section of my /etc/krb5.conf what do I
have to do ?
[realms]
IPADOMAIN.NET = {
kdc = dc1.ipadomain.net:88
master_kdc = dc1.ipadomain.net:88
admin_server = dc1.ipadomain.net:749
Ok, Thank you.
On Tue, May 5, 2015 at 5:35 AM, Pavel Březina pbrez...@redhat.com wrote:
On 05/05/2015 10:53 AM, Martin Kosek wrote:
On 05/05/2015 03:37 AM, Megan . wrote:
Good Evening!
I'm running 3.0.0-42 on Centos 6.6.
I setup a number of sudo commands today with regular expressions
On 05/05/2015 10:53 AM, Martin Kosek wrote:
On 05/05/2015 03:37 AM, Megan . wrote:
Good Evening!
I'm running 3.0.0-42 on Centos 6.6.
I setup a number of sudo commands today with regular expressions and
now users seem to be having issues running any sudo command. Are
there any known issues
I'm a little confused by that.
If I add the AD dc, will my client try to contact AD directly to get a
ticket?
Doesn't it have to do get the ticket through FreeIPA by proxy somehow?
And to confirm what you meant by add the AD dc and realm, it would be like
this ?
SUB.ADDOMAIN.NET = {
kdc =
Hi,
I tried migrate to newest version IPA, but result is quite unstable and
removing old replicas ends with RUV which cannot be decoded (it stucked in
queue forever):
ipa-replica-manage del ipa-master-dmz002.test.com -fc
Cleaning a master is irreversible.
This should not normally be require, so
30 matches
Mail list logo