On Thu, 2016-11-17 at 15:53 -0500, William Muriithi wrote:
> Afternoon.
>
> I just noticed that I used inappropriate way of setting up my hosts
> files and I am planning to make a fix. I am however worried this may
> break Kerberos. Should this change be of concern and have anyone made
> the
Hello,
My existing FreeIPA 3.0 (CentOS 6) setup is as follows:
Kerberos Realm: test.com
I have several DNS zones
test.com
dev.test.com
stage.test.com
qa.test.com
prod.test.com
mgmt.test.com
ipa01.mgmt.test.com - FreeIPA 3.0 Master
ipa02.mgmt.test.com - FreeIPA 3.0 Replica
The FreeIPA servers
Would like to establish valid sudo usage windows with sudonotbefore and
sudonotafter options. However, I did not see an easy way to set this up
other than via an sudo options text entry line. Is there another
menu-driven way that shows a schedule of allowed times?
Bob Kleinberg
Lead System
Looking at FreeIPA 4.2 under CentOS 7: I find that LDAP simple binds
succeed even for DNs whose krbPasswordExpiration time has passed. Is
this fixed, or is it possible to change this?
The reason I ask is because some applications use LDAP bind as a
password validation oracle: for example, if
Morgan Marodin wrote:
> What do you mean with backup database?
>
> Updating again the mod_nss RPM, Apache doesn't start ... so, this is the
> problem.
You said "and restoring the original /etc/httpd/alias/ folder". Original
from what, where did that come from?
So merely updating mod_nss breaks
Got it working, after uninstalling and reinstalling the replica. Not sure
why it did not work at the first place...
On Fri, Nov 18, 2016 at 7:15 PM, deepak dimri
wrote:
> Hello All,
>
> I have IPA Master deployed in AWS US West region and replica in US East
> region.
Morgan Marodin wrote:
> It works!
> Thanks for your support.
>
> Anyway, I will try to update againt mod_nss package! :D
Glad it's working for you. I'm curious what the backup database was for.
Did you create that?
rob
> Bye!
>
>
> 2016-11-18 15:21 GMT+01:00 Morgan Marodin
It works!
Thanks for your support.
Anyway, I will try to update againt mod_nss package! :D
Bye!
2016-11-18 15:21 GMT+01:00 Morgan Marodin :
> A little good news.
>
> Downgrading the *mod_nss* RPM package, and restoring the original
> */etc/httpd/alias* folder,
A little good news.
Downgrading the *mod_nss* RPM package, and restoring the original
*/etc/httpd/alias* folder, *ipa-server-upgrade* procedure has finished well:
*# ipa-server-upgradeUpgrading IPA: [1/10]:
Martin,
Yes, this is the exact scenario. My lab started with a RHEL 7.2 master/replica
with 'domain level' set to 0.
I raised the 'domain level' to 1, and now I'm trying to introduce a new replica
into the environment.
I will check on 'nsds5replicabinddn' and report back.
Thanks,
Josh
Hello All,
I have IPA Master deployed in AWS US West region and replica in US East
region. The replication installation went successfully however when i am
trying to access the replication web UI (after making proxypass changes
etc..) i am getting Error. I have ProxyPassReverseCookieDomain set
On Fri, Nov 18, 2016 at 12:09:41PM +0100, rajat gupta wrote:
> Hi,
>
>
> I removed the pam_winbind module. User are able to login now. But some time
> they are not. Below are logs when user are not able to login. Also SSH
see comment at the end of the email.
> login is very slow for AD user.
I've tried to add it to a new test folder, with a new certificate nickname,
and then to replace it to *nss.conf*.
But the problem persists:
*# certutil -V -u V -d /etc/httpd/test -n ipa01certcertutil: certificate is
valid*
*# tail -f /var/log/httpd/error_log*
*[Fri Nov 18
Hi,
I removed the pam_winbind module. User are able to login now. But some time
they are not. Below are logs when user are not able to login. Also SSH
login is very slow for AD user. I am using sssd 1.4
=
rpm -qa | grep sssd
sssd-krb5-common-1.14.0-43.el7.x86_64
On 11/18/2016 09:16 AM, Martin Babinsky wrote:
On 11/17/2016 03:51 PM, Baird, Josh wrote:
Hi all,
In my IPA 4.4 lab (RHEL 7.3), I'm trying to install/configure a new
replica, and I seem to be hitting something similar to #5412 [1].
The 'ipa-replica-install' is getting stuck on:
[4/26]:
On 11/18/2016 10:04 AM, Morgan Marodin wrote:
Hi Florence.
I've tried to configure the wrong certificate in nss.conf (/ipaCert/),
and with this Apache started.
So I think the problem is in the /Server-Cert/ stored in
//etc/httpd/alias/, even if all manul checks are ok.
These are logs with the
Hi Florence.
I've tried to configure the wrong certificate in nss.conf (*ipaCert*), and
with this Apache started.
So I think the problem is in the *Server-Cert* stored in */etc/httpd/alias*,
even if all manul checks are ok.
These are logs with the wrong certificate test:
*# tail -f
On 11/17/2016 03:51 PM, Baird, Josh wrote:
Hi all,
In my IPA 4.4 lab (RHEL 7.3), I'm trying to install/configure a new replica,
and I seem to be hitting something similar to #5412 [1].
The 'ipa-replica-install' is getting stuck on:
[4/26]: creating installation admin user
Dirsrv error
18 matches
Mail list logo