Re: [Freeipa-users] mixed DNS subnets for FreeIPA and M$ AD

2015-12-09 Thread Alexander Bokovoy
On Wed, 09 Dec 2015, Harald Dunkel wrote: On 12/08/2015 03:08 PM, Petr Spacek wrote: Does https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/prerequisites.html#dns-reqs and

Re: [Freeipa-users] HBAC access denied, all AD groups not detected

2015-12-09 Thread Jakub Hrozek
On Tue, Dec 08, 2015 at 04:10:42PM -0600, Sauls, Jeff wrote: > > Jakub Hrozek wrote: > > > > On Mon, Dec 07, 2015 at 02:04:26PM -0600, Sauls, Jeff wrote: > > > > Jakub Hrozek wrote: > > > > > > > > On Fri, Dec 04, 2015 at 02:03:04PM -0600, Sauls, Jeff wrote: > > > > > Hello, > > > > > > > > > >

[Freeipa-users] Certificate Profile - Policy Set Not Found

2015-12-09 Thread wouter.hummelink
Hello, Im trying to import and use a certificate profile in IPAv4.2 on RHEL. I've exported the default caIPAServiceCert profile and did the following modification: < profileId=caIPAserviceCert --- > profileId=KPNWebhostingAEM 87c87 <

[Freeipa-users] Trusted Domain Users - entry_cache_timeout

2015-12-09 Thread Winfried de Heiden
Hi all, Using entry_cache_timeout to set different cache timeout for sssd works well. However, it doesn't seem to work for Trusted Domain Users (using AD trust) I made some changes, cleaned the cache but expiry will stay on a (too long) 10

[Freeipa-users] FreeRadius and FreeIPA

2015-12-09 Thread Randy Morgan
Hello, We are setting up our wireless to authenticate against FreeRadius and FreeIPA. I am looking for any instructions on how to integrate radius with IPA. We can get them talking via kerberos, but when we have a wireless client attempt to authenticate against them, the password gets

[Freeipa-users] FreeIPA DNSSEC NSEC3PARAM record

2015-12-09 Thread Günther J . Niederwimmer
Hello, I like to create a NSEC3PARAM Record but my tests are not working :-(. Is there a documentation for this Problem I can't found a DOCU My test is I make a "Salt" with this head -c 512 /dev/random | sha1sum | cut -b 1-16 x... afterward i make with ldns-nsec3-hash -t 10 -s

Re: [Freeipa-users] yum update today broke ipa

2015-12-09 Thread Prasun Gera
Thanks! That worked. The command passed, and I don't see any other odd behaviour yet. I'll wait for a new fixed errata before upgrading the other node. That should be OK right ? i.e. Running replicas on slightly different versions. On Wed, Dec 9, 2015 at 8:22 AM, Martin Basti

[Freeipa-users] yum update today broke ipa

2015-12-09 Thread Prasun Gera
Ran yum update today. Pulled in https://rhn.redhat.com/errata/RHBA-2015-2562.html. Seeing this error: 2015-12-09T15:21:02Z DEBUG The ipa-server-upgrade command failed, exception: ScriptError: ("Unable to execute IPA upgrade: data are in newer version than IPA (data version '4.2.0-15.el7', IPA

Re: [Freeipa-users] yum update today broke ipa

2015-12-09 Thread Martin Basti
You can safely upgrade all machines, this is just version check error. On 09.12.2015 17:30, Prasun Gera wrote: Thanks! That worked. The command passed, and I don't see any other odd behaviour yet. I'll wait for a new fixed errata before upgrading the other node. That should be OK right ? i.e.

[Freeipa-users] Add "mkhomedir" after install

2015-12-09 Thread Ranbir
Hello Everyone, I installed a replica without passing the "mkhomedir" option to the install command. Sure enough, when I login to the replica, my home dir isn't created. I _could_ create it manually, but it would be nice if the first login triggered the creation. I've been trying to find an

Re: [Freeipa-users] Certificate Profile - Policy Set Not Found

2015-12-09 Thread Fraser Tweedale
On Thu, Dec 10, 2015 at 09:48:35AM +1000, Fraser Tweedale wrote: > On Wed, Dec 09, 2015 at 10:46:06AM +, wouter.hummel...@kpn.com wrote: > > Hello, > > > > Im trying to import and use a certificate profile in IPAv4.2 on RHEL. > > > > I've exported the default caIPAServiceCert profile and did

Re: [Freeipa-users] Certificate Profile - Policy Set Not Found

2015-12-09 Thread wouter.hummelink
I'll send the log as soon as I get a chance. After the mail I also tried fetching a cert on another server cent7.1 that never had a cert issued. This resulted in a cert conformant With caIpaServiceCert Verzonden vanaf mijn Samsung-apparaat Oorspronkelijk bericht Van: Fraser

Re: [Freeipa-users] Certificate Profile - Policy Set Not Found

2015-12-09 Thread Fraser Tweedale
On Thu, Dec 10, 2015 at 12:58:05PM +1000, Fraser Tweedale wrote: > On Thu, Dec 10, 2015 at 09:48:35AM +1000, Fraser Tweedale wrote: > > On Wed, Dec 09, 2015 at 10:46:06AM +, wouter.hummel...@kpn.com wrote: > > > Hello, > > > > > > Im trying to import and use a certificate profile in IPAv4.2

Re: [Freeipa-users] Add "mkhomedir" after install

2015-12-09 Thread Joshua Doll
I usually just run authconfig --enablemkhomedir --Joshua D Doll On Wed, Dec 9, 2015 at 1:46 PM Ranbir wrote: > Hello Everyone, > > I installed a replica without passing the "mkhomedir" option to the > install command. Sure enough, when I login to the replica, my

Re: [Freeipa-users] Add "mkhomedir" after install

2015-12-09 Thread Ranbir
On 2015-12-09 14:01, Craig White wrote: You can enable it at any time... authconfig --enablemkhomedir --update Crap! I didn't even consider doing it that way. For some reason I thought there was some ipa command I had to run. The ipa install does this too, I guess. :) Thanks for the