[Freeipa-users] Problem with replica

Hello, I'm trying to setup a partial replica of the LDAP tree stored in 389-ds by FreeIPA 4.1 (under CentOS 7), so that legacy systems have a local copy of the data needed to authenticate. Those systems have already OpenLDAP installed, so I 'm trying to enable syncrepl from DS to OL. I followed

Re: [Freeipa-users] How to turn off RC4 in 389ds???

Hello Michael, It is possible that this problem comes from obsolete package in the mkosek/freeipa COPR repo, which was fixed in Fedora/RHEL, but not there. Can you please try to update the 389-ds-base from https://copr.fedoraproject.org/coprs/mkosek/freeipa/ ? I rebuilt the latest F21

Re: [Freeipa-users] SSSD client (amazon linux) + IPA server (Redhat)

Unfortunately sudo package included in amzn linux does not work with sudo rules provided via SSS however it is in the feature requests list. To workaround this you can replace it with the CentOS one: http://mirror.centos.org/centos/6.7/os/x86_64/Packages/sudo-1.8.6p3-19.el6.x86_64.rpm

Re: [Freeipa-users] Problem with replica

Hi, can you try to get a core dump: http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debug_crashes and open a ticket for 389 DS: https://fedorahosted.org/389/newticket Ludwig On 09/24/2015 09:08 AM, Nicola Canepa wrote: Hello, I'm trying to setup a partial replica of the LDAP tree

Re: [Freeipa-users] V6 and v4

On 09/23/2015 10:05 PM, Janelle wrote: > On 9/13/15 11:46 PM, Alexander Bokovoy wrote: >> On Sun, 13 Sep 2015, Janelle wrote: >>> Hello, >>> >>> I read something recently that if ip v6 is disable on a server this >>> hurts performance in some way? Is there more info on this or did I >>> misread

Re: [Freeipa-users] When changing passwords gui displays Login screen is showing

On 09/23/2015 05:27 PM, Andrew Holway wrote: > Hi, > > When a user changes their password the ipa gui briefly redirects to a login > page. The user often has an impulse to click on the login button which, on > occasion, can seem to cause a mess with the password change. > > Anyone else aware of

Re: [Freeipa-users] rhel 6.7 upgrade - sssd/sudo

Hello Andy, I understand that you run sssd-1.12.4-47.el6.x86_64 on ipa client, right? What version of SSSD do you run on ipa server? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on

Re: [Freeipa-users] User, keytab, password and ldap

On 09/23/2015 04:32 PM, bahan w wrote: > Hello ! > > I'm using IPA 3.0.0 and I have a problem with one of the user I created. > user3 > > I created this user with the command ipa user-add without specifying any > password. > Then I performed an ipa-getkeytab command with the -P option to have a

Re: [Freeipa-users] Generic preauthentication failure while getting initial credentials using kinit -k -t

On Thu, 2015-09-24 at 08:23 +0300, Alexander Bokovoy wrote: > You need to explain what are you trying to achieve first. Sure. It is entirely likely that I am misunderstanding what I should be doing. A system service needs to be able to authenticate to the service imap/linux.example.com as a

Re: [Freeipa-users] rhel 6.7 upgrade - sssd/sudo

On 09/24/2015 02:50 PM, Andy Thompson wrote: -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users- boun...@redhat.com] On Behalf Of Pavel Reichl Sent: Thursday, September 24, 2015 5:18 AM To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] rhel 6.7

Re: [Freeipa-users] V6 and v4

On Thu, 24 Sep 2015, Janelle wrote: On 9/24/15 12:57 AM, Martin Kosek wrote: On 09/23/2015 10:05 PM, Janelle wrote: On 9/13/15 11:46 PM, Alexander Bokovoy wrote: On Sun, 13 Sep 2015, Janelle wrote: Hello, I read something recently that if ip v6 is disable on a server this hurts performance

Re: [Freeipa-users] rhel 6.7 upgrade - sssd/sudo

> -Original Message- > From: freeipa-users-boun...@redhat.com [mailto:freeipa-users- > boun...@redhat.com] On Behalf Of Pavel Reichl > Sent: Thursday, September 24, 2015 5:18 AM > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] rhel 6.7 upgrade - sssd/sudo > > Hello Andy, > >

Re: [Freeipa-users] IPA server failover

On Thu, 24 Sep 2015, Andy Thompson wrote: -Original Message- From: Alexander Bokovoy [mailto:aboko...@redhat.com] Sent: Thursday, September 24, 2015 1:17 AM To: Andy Thompson Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] IPA server failover On Wed,

Re: [Freeipa-users] IPA server failover

On 24.9.2015 15:29, Alexander Bokovoy wrote: > On Thu, 24 Sep 2015, Andy Thompson wrote: >>> -Original Message- >>> From: Alexander Bokovoy [mailto:aboko...@redhat.com] >>> Sent: Thursday, September 24, 2015 1:17 AM >>> To: Andy Thompson >>> Cc:

Re: [Freeipa-users] sssd public socket error

> -Original Message- > From: freeipa-users-boun...@redhat.com [mailto:freeipa-users- > boun...@redhat.com] On Behalf Of Jakub Hrozek > Sent: Wednesday, September 23, 2015 4:54 PM > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] sssd public socket error > > On Wed, Sep 23,

Re: [Freeipa-users] IPA server failover

> -Original Message- > From: Alexander Bokovoy [mailto:aboko...@redhat.com] > Sent: Thursday, September 24, 2015 1:17 AM > To: Andy Thompson > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] IPA server failover > > On Wed, 23 Sep 2015, Andy Thompson

Re: [Freeipa-users] V6 and v4

On 9/24/15 12:57 AM, Martin Kosek wrote: On 09/23/2015 10:05 PM, Janelle wrote: On 9/13/15 11:46 PM, Alexander Bokovoy wrote: On Sun, 13 Sep 2015, Janelle wrote: Hello, I read something recently that if ip v6 is disable on a server this hurts performance in some way? Is there more info on

Re: [Freeipa-users] rhel 6.7 upgrade - sssd/sudo

Ok it will take me a while to get my test environment setup to match what I have in prod currently and I can do some testing at that point in time. -andy From: Pavel Reichl Sent: Thursday, September 24, 2015 9:43 AM To: Andy

[Freeipa-users] sudo options/sss_cache

Hi I have 3 problems/questions with ipa and sudo... 1. How to make a GLOBAL sudo rule with all the options what I want to have? (e.g. !authenticate). I have tried to make a sudo rule for all users on all hosts whom all users but without command and it doesnt work... Do I need to set it for

Re: [Freeipa-users] DNS Replication Validation

On 09/24/2015 08:32 AM, Aric Wilisch wrote: I need a way to validate that both the primary and the redundant FreeIPA server’s DNS zones are in sync. What’s the simplest way for me to do this? Do a DNS query to confirm that the SOA record for the primary is identical to the SOA for the

Re: [Freeipa-users] IPA server failover

> -Original Message- > From: freeipa-users-boun...@redhat.com [mailto:freeipa-users- > boun...@redhat.com] On Behalf Of Petr Spacek > Sent: Thursday, September 24, 2015 9:50 AM > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] IPA server failover > > On 24.9.2015 15:29,

Re: [Freeipa-users] DNS Replication Validation

On 09/24/2015 04:43 PM, Rich Megginson wrote: On 09/24/2015 08:32 AM, Aric Wilisch wrote: I need a way to validate that both the primary and the redundant FreeIPA server’s DNS zones are in sync. What’s the simplest way for me to do this? Do a DNS query to confirm that the SOA record for

[Freeipa-users] DNS Replication Validation

I need a way to validate that both the primary and the redundant FreeIPA server’s DNS zones are in sync. What’s the simplest way for me to do this? My boss won’t let me continue with an upgrade until he’s sure the primary and redundant servers have the same DNS records and are in sync. I’ve

Re: [Freeipa-users] DNS Replication Validation

On 09/24/2015 08:53 AM, Martin Basti wrote: On 09/24/2015 04:43 PM, Rich Megginson wrote: On 09/24/2015 08:32 AM, Aric Wilisch wrote: I need a way to validate that both the primary and the redundant FreeIPA server’s DNS zones are in sync. What’s the simplest way for me to do this? Do a

Re: [Freeipa-users] DNS Replication Validation

On 09/24/2015 09:24 AM, Aric Wilisch wrote: Is there a way of exporting the DNS information out of Freeipa? Then I could just do a diff on the export from master and replica. That's what Martin was suggesting you use dnspython to do. On Sep 24, 2015, at 11:13 AM, Martin Basti

Re: [Freeipa-users] DNS Replication Validation

On 09/24/2015 05:02 PM, Rich Megginson wrote: On 09/24/2015 08:53 AM, Martin Basti wrote: On 09/24/2015 04:43 PM, Rich Megginson wrote: On 09/24/2015 08:32 AM, Aric Wilisch wrote: I need a way to validate that both the primary and the redundant FreeIPA server’s DNS zones are in sync.

Re: [Freeipa-users] DNS Replication Validation

Is there a way of exporting the DNS information out of Freeipa? Then I could just do a diff on the export from master and replica. > On Sep 24, 2015, at 11:13 AM, Martin Basti wrote: > > > > On 09/24/2015 05:02 PM, Rich Megginson wrote: >> On 09/24/2015 08:53 AM, Martin