Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

On 21.12.2016 21:36, Brian J. Murrell wrote: > Some additional information. I can't seem to use the CLI either. > Perhaps that is expected: > > # kinit admin > Password for ad...@example.com: > > # klist > Ticket cache: KEYRING:persistent:0:krb_ccache_3jm4X9m > Default principal:

Re: [Freeipa-users] Windows 7 Authentication Failed with FreeIPA

On ke, 21 joulu 2016, Jaril Nambiar wrote: Hi Concern, This email is regarding an issue while using a workgroup Windows-7 client is trying to login the freeIPA realm. It is showing 'There are currently no log on server available to service the logon request' . The guide is to setup for

[Freeipa-users] backing up and starting over...

I'm running a small instance of freeipa on CentOS 7 in our lab, for about 20 machines. Since CentOS 7.3 came out and upgraded from 4.2 to 4.4, things have gotten flaky. e.g. clicking on a user get the spinning 'Working' dialog and can take 3-5 minutes to load the page. But often it will die with

Re: [Freeipa-users] (trust domain AD)

Hi Youenn, thanks for your quick response. Actually I need to create a trust domain with an AD for disable NTLM auth and take advantage of FreeIPA. I thought to use Kerberos instead NTLM. It is possible to create a trust domain with AD and authenticate users with LDAP (FreeIPA)? - Mensaje

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

Some additional information. I can't seem to use the CLI either. Perhaps that is expected: # kinit admin Password for ad...@example.com: # klist Ticket cache: KEYRING:persistent:0:krb_ccache_3jm4X9m Default principal: ad...@example.com Valid starting ExpiresService principal

[Freeipa-users] Ipa cert automatic renew Failing.

Hello guys, I'm having some trouble with, whats is happening with my server is that i'm hiting an old BUG (https://bugzilla.redhat.com/show_bug.cgi?id=1033273). Talking to mbasti over irc he oriented me to send this to the email list. The problem is, i got on CA Master, so because of this

Re: [Freeipa-users] Failed ipa-client-install with IPA Replica

Hi Flo, First of all, thanks a lot for taking your time to reproduced the issue from your end, you have been very helpful and you are the best! Here're the what I observed after some more tests: 1. In this case I used Entrust(www.entrust.com) certificate service, and they provided root-G2-L1K

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

On Wed, 2016-12-21 at 17:50 +0100, Petr Spacek wrote: > Okay, I believe that this is the problem: > > On 21.12.2016 15:53, Brian J. Murrell wrote: > > [21/Dec/2016:09:39:12.003351818 -0500] conn=77028 fd=107 slot=107 > > connection from local to /var/run/slapd-EXAMPLE.COM.socket > > ... > >

Re: [Freeipa-users] (no subject)

Hi Adrian, You can use basic_ldap_auth to connect to FreeIPA using LDAP instead of negotiate_kerberos_auth : auth_param basic program /usr/lib/squid3/basic_ldap_auth -R \ -b "cn=accounts,dc=example,dc=com" \ -f uid=%s -h -ZZ auth_param basic children 10 auth_param basic realm

[Freeipa-users] (no subject)

Hi folks, I need authenticate my users against a squid proxy server using FreeIPA. I know is possible (https://www.freeipa.org/page/Squid_Integration_with_FreeIPA_using_Single_Sign_On) but my users are not necessarily authenticated in a FreeIPA domain, so my question is if it's possible to

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

Okay, I believe that this is the problem: On 21.12.2016 15:53, Brian J. Murrell wrote: > [21/Dec/2016:09:39:12.003351818 -0500] conn=77028 fd=107 slot=107 connection > from local to /var/run/slapd-EXAMPLE.COM.socket ... > [21/Dec/2016:09:39:12.064476101 -0500] conn=77028 op=0 BIND dn=""

Re: [Freeipa-users] DNS reverse zone is not managed by this server

Hello all :) On 20.12.2016 01:33, Maciej Drobniuch wrote: Hi All! I get the following message while adding a new hostname. "The host was added but the DNS update failed with: DNS reverse zone in-addr.arpa. for IP address 10.0.0.165 is not managed by this server" IPA failed to get correct

Re: [Freeipa-users] Failed to promote ipa client to ipa replica

On 20.12.2016 20:27, fay wang wrote: Hi, I have no luck in promoting ipa client to ipa replica. In my replica system where ipa client is installed: certutil -L -d /etc/dirsrv/slapd- does not have Server-Cert. Please help! Thanks, fay Which commands did you used to promote

Re: [Freeipa-users] modify schema - add group email and display attribute

That would be perfect solution. How do i do it? ldapmodify: dn: cn=schema changetype: modify add: objectclasses objectclasses: ( NAME 'googleGroup' SUP groupofnames STRUCTURAL MAY ( mail $ displayname ) X-ORIGIN 'Extending FreeIPA' ) What to use for ? Then i just ipa config-mod

Re: [Freeipa-users] Asking for help with crashed freeIPA istance

Daniel Schimpfoessl wrote: > Thanks for getting back to me. > > getcert list | grep expires shows dates years in the future for all > certificates > Inline-Bild 1 > > ipactl start --force > > Eventually the system started with: > Forced start, ignoring pki-tomcatd Service, continuing

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

On Wed, 2016-12-21 at 15:04 +0100, Petr Spacek wrote: > > I'm really curious what you will find out :-) It seems to be like this, over and over again: [21/Dec/2016:09:39:02.124732240 -0500] conn=77025 fd=107 slot=107 connection from 10.75.22.1 to 10.75.22.247 [21/Dec/2016:09:39:02.125630906

[Freeipa-users] Failed to promote ipa client to ipa replica

Hi, I have no luck in promoting ipa client to ipa replica. In my replica system where ipa client is installed: certutil -L -d /etc/dirsrv/slapd- does not have Server-Cert. Please help! Thanks, fay -- Manage your subscription for the Freeipa-users mailing list:

[Freeipa-users] IPA Services

Hi All, I am looking to find out all the services which FreeIPA has installed and which must be up and running as part of normal operations. I am clear on the various systems which have been installed on the master server (we run no replicas) however I'm not sure what resource I should refer to

Re: [Freeipa-users] modify schema - add group email and display attribute

On 12/21/2016 02:07 PM, Sandor Juhasz wrote: Hi, i would like to modify schema to have group objects extended with email and display name attribute. The reason is that we are trying to sync our ldap to our google apps. I don't know how much this doc

[Freeipa-users] modify schema - add group email and display attribute

Hi, i would like to modify schema to have group objects extended with email and display name attribute. The reason is that we are trying to sync our ldap to our google apps. I don't know how much this doc http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf can be applied to

Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

On Wed, 2016-12-21 at 08:24 +0100, Petr Spacek wrote: > > You can try to add line > KRB5_TRACE=/dev/stdout > to > /etc/sysconfig/ipa-dnskeysyncd [27472] 1482320667.240500: Retrieving ipa-dnskeysyncd/server.example@example.com from FILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab (vno 0, enctype

Re: [Freeipa-users] freeipa 4.1 replication conflict resolve issue

On 12/21/2016 05:11 AM, Ian Chen wrote: hello list, I tried to search for answer, but not solution come up yet. please help. the setup with multiple nodes has IPA version: ipa-server-4.1.0-18.el7.centos.4.x86_64 after adding a replication with an old node, replicaiton conflict occured.

[Freeipa-users] [PTO] 2016-12-21 -- 2017-01-02

Merry Christmas and Happy New Year 2017 Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] FreeIPA User Authorization Guidelines Required

Hi Petr, Is there any way to automatically create .PPK and Public ssh key for new users created? Thanks, Niraj Kumar -Original Message- From: Petr Vobornik [mailto:pvobo...@redhat.com] Sent: 20 December 2016 16:40 To: Singh, NirajKumar ;