Re: [Freeipa-users] FreeIPA web UI Freezing up

On Fri, 05 Jun 2015, Nathan Peters wrote: I had originally set this up with AD trust but when we found out that our alternative UPNs were not supported we switched to ad sync. I removed the trust relationship from the webui by deleting all trusts showing in the ui. I then set it up for sync.

Re: [Freeipa-users] FreeIPA web UI Freezing up

I had originally set this up with AD trust but when we found out that our alternative UPNs were not supported we switched to ad sync. I removed the trust relationship from the webui by deleting all trusts showing in the ui. I then set it up for sync. Do I need to remove the trust from the com

Re: [Freeipa-users] FreeIPA web UI Freezing up

On Fri, 05 Jun 2015, nat...@nathanpeters.com wrote: I have noticed that happen a couple times in the last few days. FreeIPA server 4.1.3 on CentOS 7 with a sync relationship to a Windows server 2008R2 domain controller. The web ui will stop working and just show a blank page. When I try to do

Re: [Freeipa-users] Successful Install on VB...

By default, fedora has all the ports blocked via "firewalld" You need to either enable the ports, or disable the firewall. PORTS='80 443 389 636 88 464' for PORT in $PORTS; do firewall-cmd --permanent --zone=public --add-port=$PORT/tcp; done PORTS='88 464 123' for PORT in $PORTS; do

Re: [Freeipa-users] FreeIPA web UI Freezing up

On 06/05/2015 03:31 PM, nat...@nathanpeters.com wrote: I have noticed that happen a couple times in the last few days. FreeIPA server 4.1.3 on CentOS 7 with a sync relationship to a Windows server 2008R2 domain controller. The web ui will stop working and just show a blank page. When I try to

Re: [Freeipa-users] FreeIPA web UI Freezing up

> I have noticed that happen a couple times in the last few days. FreeIPA > server 4.1.3 on CentOS 7 with a sync relationship to a Windows server > 2008R2 domain controller. > > The web ui will stop working and just show a blank page. > > When I try to do a ipactl status the command just freezes a

[Freeipa-users] FreeIPA web UI Freezing up

I have noticed that happen a couple times in the last few days. FreeIPA server 4.1.3 on CentOS 7 with a sync relationship to a Windows server 2008R2 domain controller. The web ui will stop working and just show a blank page. When I try to do a ipactl status the command just freezes and does noth

Re: [Freeipa-users] Certificate renewal issues for dogtag GUI (9443/9444/9445 ports)

On 5/19/2015 3:54 AM, Thibaut Pouzet wrote: Hi, It appeared that the NSS DB had fips enabled due to the troubleshooting of an old problem : # modutil -dbdir /var/lib/pki-ca/alias/ -list Listing of PKCS #11 Modules --- 1. NSS Internal F

[Freeipa-users] Successful Install on VB...

Dear all, I recently install Fedora Server 22 on a virtualbox with the ethernet bridged (can successfully ping it, ssh, etc) and I can do a kinit admin and ipa user-add as the instructions detail in the next steps, however, I cannot access the webui. Has anyone else ran into this issue? I've

Re: [Freeipa-users] Certificate expired/renew problems

Thank you John. I had tried that but you did give me some things to look at. I was able to get 2 of the certificates to renew by setting the date back in time, a services restart, and issuing 'ipa-getcert resubmit -i ' This renewed the following 'Server-Cert' and 'ipaCert' but did not 'auditSig

Re: [Freeipa-users] Fw: ssh problem with migrated FreeIPA client on EL7.1 -->Solved

I had faced a similar issue a month ago, for which I had created a ticket. https://fedorahosted.org/freeipa/ticket/4956 On Fri, Jun 5, 2015 at 7:30 AM, Alexander Bokovoy wrote: > On Fri, 05 Jun 2015, Christopher Lamb wrote: > >> Hi Martin >> >> Thanks for updating the documenation! >> >> The sug

Re: [Freeipa-users] Certificate expired/renew problems

Marc, I experienced a similar issue earlier this year. Try restarting certmonger after temporarily changing the date back on the master. In our case that service had failed miserably and it didn't allow FreeIPA to renew the certificates properly. Our replicas however were hit with a bug [1] dur

[Freeipa-users] Certificate expired/renew problems

hello, I've got a problem with expired certificates in my ipa/IdM setup. I believe the root issue to be from the fact that when everything was first setup about a year ago and everything was replicated from a first ipa server which no longer exists. There are currently 3 ipa servers but none of

Re: [Freeipa-users] ipa spamming radius with otp token?

On Thu, 2015-06-04 at 21:48 +, Bahmer, Eric Vaughn wrote: > Someone higher up decided that there was no time for me to resolve > this > and I’ve been forced to implement a different method for now. > > I can still continue to work on this, I'll just need to find > different > hardware to tro

Re: [Freeipa-users] Fw: ssh problem with migrated FreeIPA client on EL7.1 -->Solved

On Fri, 05 Jun 2015, Christopher Lamb wrote: Hi Martin Thanks for updating the documenation! The suggested solution works not only my test servers, but also "in the real world". This morning I migrated the last production server (ipa host) to the new FreeIPA KDC. Just out of idle curiosity, w

Re: [Freeipa-users] Fw: ssh problem with migrated FreeIPA client on EL7.1 -->Solved

Hi Martin Thanks for updating the documenation! The suggested solution works not only my test servers, but also "in the real world". This morning I migrated the last production server (ipa host) to the new FreeIPA KDC. Just out of idle curiosity, why is the rm -f /var/lib/sss/db/* step required

Re: [Freeipa-users] ns-slapd started crashing suddenly

On (05/06/15 07:35), Rich Megginson wrote: >On 06/05/2015 03:40 AM, Dawid Rabiega wrote: >>Hi, >>One of my ipa server on fedora 19 since yesterday started to crash, with >>following message to dmesg: >> >>$ dmesg | tail -n 20 >>[6706148.291648] ns-slapd[3212]: segfault at 0 ip 7f6fc9a84421 sp >

Re: [Freeipa-users] ns-slapd started crashing suddenly

On 06/05/2015 03:40 AM, Dawid Rabiega wrote: Hi, One of my ipa server on fedora 19 since yesterday started to crash, with following message to dmesg: $ dmesg | tail -n 20 [6706148.291648] ns-slapd[3212]: segfault at 0 ip 7f6fc9a84421 sp 7f6f8f7eb928 error 4 in libc-2.17.so

[Freeipa-users] Is It OK to mix RHEL7 and CentOS 7 IPA domain servers?

Hi Due to our subscriptions running out, I'm forced to have to use CentOS7 in our domain as IPA replica servers to join our existing RHEL7 server. Is this OK, or are there any issues I should be aware of? Thanks in advance. -- Manage your subscription for the Freeipa-users mailing list: https:

Re: [Freeipa-users] Sudo hangs after reenrollment of some servers in fresh IPA domain

Odd, sssd sudo up and started working properly after I added debug to the clients I was interested in. I didnt see any errors in the logs at all. Very strange. Thanks everyone. On Thu, Jun 4, 2015 at 7:36 PM, Pavel Brezina wrote: > Hi, > please put the following line to /etc/sudo.conf to obtain

Re: [Freeipa-users] AD trust problem

On Fri, 05 Jun 2015, Alexander Frolushkin wrote: 1. Thank you for this information, but "offline domain" this is only a correlation fact - real problem is that a number of user groups of AD account missing. wbinfo has nothing to do with the actual system state because we don't use winbindd in RH

Re: [Freeipa-users] AD trust problem

1. Thank you for this information, but "offline domain" this is only a correlation fact - real problem is that a number of user groups of AD account missing. 2. sssd in debug mode showing only Doman Users group on hbac stage. Am I understanding correctly that currently on ipa server there is no

Re: [Freeipa-users] AD trust problem

On Fri, 05 Jun 2015, Alexander Frolushkin wrote: Hello! We have 17 IPA servers and AD trusts with user accounts from AD used to ssh linux servers, with IPA's HBAC and SUDO. Today on 4 of IPA servers we got "wbinfo --online-status" showing AD domain "offline" and AD users missing some groups memb

[Freeipa-users] AD trust problem

Hello! We have 17 IPA servers and AD trusts with user accounts from AD used to ssh linux servers, with IPA's HBAC and SUDO. Today on 4 of IPA servers we got "wbinfo --online-status" showing AD domain "offline" and AD users missing some groups membership. Is there some way to debug this issue? WBR

[Freeipa-users] ns-slapd started crashing suddenly

Hi, One of my ipa server on fedora 19 since yesterday started to crash, with following message to dmesg: $ dmesg | tail -n 20 [6706148.291648] ns-slapd[3212]: segfault at 0 ip 7f6fc9a84421 sp 7f6f8f7eb928 error 4 in libc-2.17.so[7f6fc99fe000+1b6000] [6706170.887926] ns-slapd[3359]: segfaul

Re: [Freeipa-users] IPA v3 Certificate not renewed

Hi Rob and guys, i delete the server with centos 6.6 and give the ipa (centos6.4) with the new certificate the same ip in my network. Then I get on ipa webgui a lot of "unknown option no_members" error. After I upgrade ipa centos 6.4 to centos 6.6 (because all other clients run centos6.6) Now ev

Re: [Freeipa-users] Could not update DNSSSHFP records when joining domain

On 5.6.2015 08:27, Martin Kosek wrote: > On 06/05/2015 12:27 AM, nat...@nathanpeters.com wrote: I am running FreeIPA 4.1.3 on CentOS7. I am attempting to join a CentOS 6.5 client using ipa-client 3.0.0-42. The client hostname is ipaclient.login.mydomain.net. The F

Re: [Freeipa-users] How to handle users with multiple homedirs on different machines?

On Thu, Jun 04, 2015 at 05:06:03PM -0600, swartz wrote: > On Wed, Jun 3, 2015 at 12:29 AM, Lukas Slebodnik > wrote: > > > However sssd is available just on linux (or FreeBSD) > > I'm not sure which clients do you use on Solaris or other > > Solaris would be configured via LDAP. RedHat appears to