On Sep 26, 2016, at 4:07 PM, Timothy Geier
> wrote:
On Sep 26, 2016, at 2:17 PM, Timothy Geier
> wrote:
This issue started when trying to remove a user; ipa user-del showed “operation
failed”
hi,
after our upgrade from centos 6.8 to 7.2, when I renew a certificate using
ipa-getcert resubmit -i xx the certificate is properly renewed, but the
info on ipa host-show still shows the old certificate info. Is this normal?
$ sudo getcert list | grep expires
expires: 2018-09-27
This issue started when trying to remove a user; ipa user-del showed “operation
failed” and the user was not removed. The same ipa user-del command was
performed on a replica and completed successfully, but it was then immediately
apparent that this change did not replicate anywhere else. All
On ma, 26 syys 2016, Matthew Sellers wrote:
Hi Martin,
Thank you for clarification. In my example I am configuring
'unprivileged' service users. Specifically, I wrote a script to pull
data from IPA from its wonderful REST interface that will run on a
group of hosts. Since this has to run
Hi Martin,
Thank you for clarification. In my example I am configuring
'unprivileged' service users. Specifically, I wrote a script to pull
data from IPA from its wonderful REST interface that will run on a
group of hosts. Since this has to run non-interactively I would like
to use a keytab.
you should only remove agreements to no longer existing servers, eg where:
nsDS5ReplicaHost: kdc01.unix.iriszorg.nl
the other one should remain, not sure why it cannot contact the server
On 09/26/2016 03:35 PM, Natxo Asenjo wrote:
hi,
or do I need to remove:
dn:
hi,
or do I need to remove:
dn:
cn=cloneAgreement1-kdc03.unix.iriszorg.nl-pki-tomcat,cn=replica,cn=o\3Dipa
ca,cn=mapping tree,cn=config
because it has this:
nsds5replicaLastUpdateStatus: -1 Unable to acquire replicaLDAP error: Can't
co
ntact LDAP server
nsds5replicaUpdateInProgress: FALSE
hi,
On Mon, Sep 26, 2016 at 3:06 PM, Ludwig Krispenz
wrote:
>
> On 09/26/2016 02:56 PM, Natxo Asenjo wrote:
>
>
> so the command has not been successful in the kdc03. in the dirsrv errors
> log I see:
>
> [26/Sep/2016:14:50:54 +0200] NSMMReplicationPlugin - CleanAllRUV
On 09/26/2016 02:56 PM, Natxo Asenjo wrote:
On Mon, Sep 26, 2016 at 1:54 PM, Natxo Asenjo > wrote:
On Mon, Sep 26, 2016 at 1:50 PM, Ludwig Krispenz
> wrote:
On
On Mon, Sep 26, 2016 at 1:54 PM, Natxo Asenjo
wrote:
>
>
>
> On Mon, Sep 26, 2016 at 1:50 PM, Ludwig Krispenz
> wrote:
>
>>
>> On 09/26/2016 01:36 PM, Natxo Asenjo wrote:
>>
>> And in my example, the replica id would be 66, 96, 71 and 97, correct?
>>
- On Sep 26, 2016, at 1:30 PM, Sumit Bose sb...@redhat.com wrote:
>
> Do you see and log messages in the krb5kdc.log on the IPA server? If it
> is not the firewall I would suggest to record the IP traffic of the AD
> client and check what it tries to do after the AD DC send the
>
On Mon, Sep 26, 2016 at 1:50 PM, Ludwig Krispenz
wrote:
>
> On 09/26/2016 01:36 PM, Natxo Asenjo wrote:
>
> hi,
>
> I recently upgraded a centos 6.8 realm to centos 7.2 and it almost went
> correctly.
>
> Now I see some errors in /var/log/dirsrv/slapd-INSTANCENAME/errors
>
>
On 09/26/2016 01:36 PM, Natxo Asenjo wrote:
hi,
I recently upgraded a centos 6.8 realm to centos 7.2 and it almost
went correctly.
Now I see some errors in /var/log/dirsrv/slapd-INSTANCENAME/errors
26/Sep/2016:13:20:15 +0200] attrlist_replace - attr_replace
(nsslapd-referral,
hi,
I recently upgraded a centos 6.8 realm to centos 7.2 and it almost went
correctly.
Now I see some errors in /var/log/dirsrv/slapd-INSTANCENAME/errors
26/Sep/2016:13:20:15 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://kdc03.unix.iriszorg.nl:389/o%3Dipaca) failed
and
On Mon, Sep 26, 2016 at 01:11:49PM +0200, Troels Hansen wrote:
>
>
> - On Sep 26, 2016, at 10:18 AM, Sumit Bose sb...@redhat.com wrote:
>
> >
> > Have you checked the firewalls? AD clients must be able to talk to the
> > KDC port (88 udp and tcp) on the IPA servers to get service tickets
On ma, 26 syys 2016, Troels Hansen wrote:
- On Sep 26, 2016, at 10:18 AM, Sumit Bose sb...@redhat.com wrote:
Have you checked the firewalls? AD clients must be able to talk to the
KDC port (88 udp and tcp) on the IPA servers to get service tickets for
IPA hosts.
KDC ports seems to
On 09/24/2016 02:37 PM, Günther J. Niederwimmer wrote:
Hello,
what is the best way to test a new installed 3rd Party certificate ?
I hope i have now install (with big problems) the new certificate on clients
and servers.
But now is the big question is this all working correct together (?), or
On Mon, Sep 26, 2016 at 09:25:46AM +0200, Troels Hansen wrote:
> After we installed a new set of IPA servers for prod, and joined AD using
> username and password to have AD create a correct suffix routing everythin
> seems to work, and the suffix routing is created correctly on AD.
>
>
Hi All,
Can i have my IPA server pre-configured with RSA and public key authentication
enabled (passwordauthentication no) for its users and at the same time have
users to automatically register with their ssh key pair during first time login
process so that they can login with the keys? i am
On 09/25/2016 09:35 PM, Youenn PIOLET wrote:
Hi there,
Same issue for me in a my 15 ipa-servers multi-master grid just after
the update.
The replication is completely broken except on 3/15 nodes.
This is the second time I have to fully reinitialize the whole cluster
for similar reason. I
After we installed a new set of IPA servers for prod, and joined AD using
username and password to have AD create a correct suffix routing everythin
seems to work, and the suffix routing is created correctly on AD.
However, trying to SSH from Windows using Putty and kerberos fails:
Putty log
21 matches
Mail list logo