On 21.12.2016 21:36, Brian J. Murrell wrote:
> Some additional information. I can't seem to use the CLI either.
> Perhaps that is expected:
>
> # kinit admin
> Password for ad...@example.com:
>
> # klist
> Ticket cache: KEYRING:persistent:0:krb_ccache_3jm4X9m
> Default principal:
On ke, 21 joulu 2016, Jaril Nambiar wrote:
Hi Concern,
This email is regarding an issue while using a workgroup Windows-7 client is
trying to login the freeIPA realm. It is showing 'There are currently no
log on server available to service the logon request' . The guide is to
setup for
I'm running a small instance of freeipa on CentOS 7 in our lab, for about 20
machines. Since CentOS 7.3 came out and upgraded from 4.2 to 4.4, things
have gotten flaky. e.g. clicking on a user get the spinning 'Working'
dialog and can take 3-5 minutes to load the page. But often it will die
with
Hi Youenn, thanks for your quick response. Actually I need to create a trust
domain with an AD for disable NTLM auth and take advantage of FreeIPA. I
thought to use Kerberos instead NTLM. It is possible to create a trust domain
with AD and authenticate users with LDAP (FreeIPA)?
- Mensaje
Some additional information. I can't seem to use the CLI either.
Perhaps that is expected:
# kinit admin
Password for ad...@example.com:
# klist
Ticket cache: KEYRING:persistent:0:krb_ccache_3jm4X9m
Default principal: ad...@example.com
Valid starting ExpiresService principal
Hello guys,
I'm having some trouble with, whats is happening with my server is that i'm
hiting an old BUG (https://bugzilla.redhat.com/show_bug.cgi?id=1033273).
Talking to mbasti over irc he oriented me to send this to the email list.
The problem is, i got on CA Master, so because of this
Hi Flo,
First of all, thanks a lot for taking your time to reproduced the issue
from your end, you have been very helpful and you are the best!
Here're the what I observed after some more tests:
1. In this case I used Entrust(www.entrust.com) certificate service, and
they provided root-G2-L1K
On Wed, 2016-12-21 at 17:50 +0100, Petr Spacek wrote:
> Okay, I believe that this is the problem:
>
> On 21.12.2016 15:53, Brian J. Murrell wrote:
> > [21/Dec/2016:09:39:12.003351818 -0500] conn=77028 fd=107 slot=107
> > connection from local to /var/run/slapd-EXAMPLE.COM.socket
>
> ...
> >
Hi Adrian,
You can use basic_ldap_auth to connect to FreeIPA using LDAP instead of
negotiate_kerberos_auth :
auth_param basic program /usr/lib/squid3/basic_ldap_auth -R \
-b "cn=accounts,dc=example,dc=com" \
-f uid=%s -h -ZZ
auth_param basic children 10
auth_param basic realm
Hi folks, I need authenticate my users against a squid proxy server using
FreeIPA. I know is possible
(https://www.freeipa.org/page/Squid_Integration_with_FreeIPA_using_Single_Sign_On)
but my users are not necessarily authenticated in a FreeIPA domain, so my
question is if it's possible to
Okay, I believe that this is the problem:
On 21.12.2016 15:53, Brian J. Murrell wrote:
> [21/Dec/2016:09:39:12.003351818 -0500] conn=77028 fd=107 slot=107 connection
> from local to /var/run/slapd-EXAMPLE.COM.socket
...
> [21/Dec/2016:09:39:12.064476101 -0500] conn=77028 op=0 BIND dn=""
Hello all :)
On 20.12.2016 01:33, Maciej Drobniuch wrote:
Hi All!
I get the following message while adding a new hostname.
"The host was added but the DNS update failed with: DNS reverse zone
in-addr.arpa. for IP address 10.0.0.165 is not managed by this server"
IPA failed to get correct
On 20.12.2016 20:27, fay wang wrote:
Hi, I have no luck in promoting ipa client to ipa replica. In my
replica system where ipa client is installed:
certutil -L -d /etc/dirsrv/slapd-
does not have Server-Cert.
Please help!
Thanks,
fay
Which commands did you used to promote
That would be perfect solution.
How do i do it?
ldapmodify:
dn: cn=schema
changetype: modify
add: objectclasses
objectclasses: (
NAME 'googleGroup' SUP groupofnames
STRUCTURAL
MAY ( mail $ displayname )
X-ORIGIN 'Extending FreeIPA' )
What to use for ?
Then i just
ipa config-mod
Daniel Schimpfoessl wrote:
> Thanks for getting back to me.
>
> getcert list | grep expires shows dates years in the future for all
> certificates
> Inline-Bild 1
>
> ipactl start --force
>
> Eventually the system started with:
> Forced start, ignoring pki-tomcatd Service, continuing
On Wed, 2016-12-21 at 15:04 +0100, Petr Spacek wrote:
>
> I'm really curious what you will find out :-)
It seems to be like this, over and over again:
[21/Dec/2016:09:39:02.124732240 -0500] conn=77025 fd=107 slot=107 connection
from 10.75.22.1 to 10.75.22.247
[21/Dec/2016:09:39:02.125630906
Hi, I have no luck in promoting ipa client to ipa replica. In my replica
system where ipa client is installed:
certutil -L -d /etc/dirsrv/slapd-
does not have Server-Cert.
Please help!
Thanks,
fay
--
Manage your subscription for the Freeipa-users mailing list:
Hi All,
I am looking to find out all the services which FreeIPA has installed and
which must be up and running as part of normal operations. I am clear on
the various systems which have been installed on the master server (we run
no replicas) however I'm not sure what resource I should refer to
On 12/21/2016 02:07 PM, Sandor Juhasz wrote:
Hi,
i would like to modify schema to have group objects extended with
email and display name attribute.
The reason is that we are trying to sync our ldap to our google apps.
I don't know how much this
doc
Hi,
i would like to modify schema to have group objects extended with email and
display name attribute.
The reason is that we are trying to sync our ldap to our google apps.
I don't know how much this doc
http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
can be applied to
On Wed, 2016-12-21 at 08:24 +0100, Petr Spacek wrote:
>
> You can try to add line
> KRB5_TRACE=/dev/stdout
> to
> /etc/sysconfig/ipa-dnskeysyncd
[27472] 1482320667.240500: Retrieving
ipa-dnskeysyncd/server.example@example.com from
FILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab (vno 0, enctype
On 12/21/2016 05:11 AM, Ian Chen wrote:
hello list,
I tried to search for answer, but not solution come up yet. please help.
the setup with multiple nodes has IPA version:
ipa-server-4.1.0-18.el7.centos.4.x86_64
after adding a replication with an old node, replicaiton conflict occured.
Merry Christmas and Happy New Year 2017
Martin
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hi Petr,
Is there any way to automatically create .PPK and Public ssh key for new users
created?
Thanks,
Niraj Kumar
-Original Message-
From: Petr Vobornik [mailto:pvobo...@redhat.com]
Sent: 20 December 2016 16:40
To: Singh, NirajKumar ;
24 matches
Mail list logo