list members,
i am using bind-dyndb-ldap without freeipa, and i consistently get the
below errors in my logs:
update_zone (syncrepl) failed for master zone DN
'idnsName=24.168.192.in-addr.arpa.,cn=dns,ou=Daemons,dc=bpk2,dc=com'.
Zones can be outdated, run `rndc reload`: unexpected error
On 03/02/2017 08:43 AM, Kees Bakker wrote:
On 02-03-17 13:34, Brendan Kearney wrote:
On 03/02/2017 05:40 AM, Kees Bakker wrote:
On 24-02-17 14:38, Brendan Kearney wrote:
On 02/24/2017 03:33 AM, Kees Bakker wrote:
On 23-02-17 15:39, Brendan Kearney wrote:
On 02/23/2017 09:11 AM, Kees Bakker
On 03/02/2017 05:40 AM, Kees Bakker wrote:
On 24-02-17 14:38, Brendan Kearney wrote:
On 02/24/2017 03:33 AM, Kees Bakker wrote:
On 23-02-17 15:39, Brendan Kearney wrote:
On 02/23/2017 09:11 AM, Kees Bakker wrote:
On 23-02-17 13:51, Brendan Kearney wrote:
On 02/23/2017 07:32 AM, Kees Bakker
On 02/24/2017 03:33 AM, Kees Bakker wrote:
On 23-02-17 15:39, Brendan Kearney wrote:
On 02/23/2017 09:11 AM, Kees Bakker wrote:
On 23-02-17 13:51, Brendan Kearney wrote:
On 02/23/2017 07:32 AM, Kees Bakker wrote:
On 22-02-17 17:33, Brendan Kearney wrote:
On 02/22/2017 10:26 AM, Kees Bakker
On 02/23/2017 09:43 AM, Auerbach, Steven wrote:
sudo vgs >> statresults.txt
should be sudo /sbin/vgs >> statresults.txt since that is what sudo
allows. its almost like exact match for strings.
--
Manage your subscription for the Freeipa-users mailing list:
On 02/23/2017 09:11 AM, Kees Bakker wrote:
On 23-02-17 13:51, Brendan Kearney wrote:
On 02/23/2017 07:32 AM, Kees Bakker wrote:
On 22-02-17 17:33, Brendan Kearney wrote:
On 02/22/2017 10:26 AM, Kees Bakker wrote:
On 22-02-17 14:05, Brendan Kearney wrote:
On 02/22/2017 05:23 AM, Kees Bakker
On 02/23/2017 07:32 AM, Kees Bakker wrote:
On 22-02-17 17:33, Brendan Kearney wrote:
On 02/22/2017 10:26 AM, Kees Bakker wrote:
On 22-02-17 14:05, Brendan Kearney wrote:
On 02/22/2017 05:23 AM, Kees Bakker wrote:
On 21-02-17 19:49, Brendan Kearney wrote:
On 02/21/2017 10:57 AM, Kees Bakker
On 02/22/2017 10:26 AM, Kees Bakker wrote:
On 22-02-17 14:05, Brendan Kearney wrote:
On 02/22/2017 05:23 AM, Kees Bakker wrote:
On 21-02-17 19:49, Brendan Kearney wrote:
On 02/21/2017 10:57 AM, Kees Bakker wrote:
Hey,
Maybe one of the NFS users on this list could give me a hint what
could
On 02/22/2017 05:23 AM, Kees Bakker wrote:
On 21-02-17 19:49, Brendan Kearney wrote:
On 02/21/2017 10:57 AM, Kees Bakker wrote:
Hey,
Maybe one of the NFS users on this list could give me a hint what
could be wrong. I'm not sure if it has any relation with FreeIPA/Kerberos.
I've set up an NFS
On 02/21/2017 10:57 AM, Kees Bakker wrote:
Hey,
Maybe one of the NFS users on this list could give me a hint what
could be wrong. I'm not sure if it has any relation with FreeIPA/Kerberos.
I've set up an NFS server and I can mount the NFS directory on my client. So,
I'm
guessing that setting
are not known right now.
thanks,
brendan kearney
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
d.
Petr^2 Spacek
On 11.10.2016 20:41, Brendan Kearney wrote:
i am using bind-dyndb-ldap on fedora 24 without FreeIPA, and continue to have
my logs swamped with errors about "check failed" from settings.c and fwd.c. i
am completely up to date with every package, so the latest ve
i am using bind-dyndb-ldap on fedora 24 without FreeIPA, and continue to
have my logs swamped with errors about "check failed" from settings.c
and fwd.c. i am completely up to date with every package, so the latest
versions of everything are installed.
[settings.c : 420:
-doctoring-3zones.html
Let me know if either of those will solve your problem. If not, I might have a
misunderstanding of what you are asking.
Dan
On Jul 17, 2016, at 3:36 PM, Brendan Kearney <bpk...@gmail.com> wrote:
i am looking to setup a VPN in order to access some resources, an
i am looking to setup a VPN in order to access some resources, and want
to point my clients at this resource via DNS. the resource i am
accessing is internet resolvable, but i am accessing it via the VPN, and
using a NAT for the VPN (full 1-to-1 or static NAT). i want to have a
record in my
On 10/06/2015 07:42 AM, Petr Spacek wrote:
On 6.10.2015 03:40, Brendan Kearney wrote:
i have two bind instances in somewhat of a multi-master server arrangement,
where they share the same ldap backend via bind-dyndb-ldap. currently, they
are authoritative and recursive servers, and i want
i have two bind instances in somewhat of a multi-master server
arrangement, where they share the same ldap backend via
bind-dyndb-ldap. currently, they are authoritative and recursive
servers, and i want to change things up a bit. i want to move the
recursive function to a third device. for
On 08/30/2015 12:49 PM, Marin Bernard wrote:
Hi,
I followed the instructions from freeipa.org (
https://www.freeipa.org/page/Libvirt_with_VNC_Consoles) to make libvirt
and VNC use GSSAPI authentication with FreeIPA. The libvirt part works
fine: I'm able to SSO the KVM host using TCP + SASL.
i am wondering if bind-dyndb-ldap supports stub zones. below would be a
use case for me.
say i have a network with a lot of external client connectivity (over
leased line, MPLS, VPN, etc). the clients connections are used for
inbound, outbound or bi-directional traffic (file transfers, web
On Tue, 2015-03-31 at 11:07 -0400, Dmitri Pal wrote:
On 03/31/2015 10:38 AM, Matt . wrote:
True, but we have some extra later between which does the cli command
not usable (at least for the moment)
I already know how to share the key's among all servers, that works
fine,
but through it (NAT) or should it go by/next to it ?
I think we can get this fixed :)
Thanks!
Matt
2015-03-31 17:41 GMT+02:00 Brendan Kearney bpk...@gmail.com:
On Tue, 2015-03-31 at 11:07 -0400, Dmitri Pal wrote:
On 03/31/2015 10:38 AM, Matt . wrote:
True, but we have some extra later
On Tue, 2015-03-31 at 13:54 -0400, Simo Sorce wrote:
On Tue, 2015-03-31 at 13:50 -0400, Simo Sorce wrote:
But IPA is more complex and some operations will be performed directly
against the specific server name, so you need to keep 2 sets of keys
(one for the server name and one for the load
On Tue, 2015-03-31 at 19:36 +0200, Matt . wrote:
OK, but as I say, without the loadbalancer, same domain it works.
All the more reason to capture the session and review it in wireshark.
My IPA server also sees the client name and ptr as I do nat.
So you create a keytab for your host you
On Tue, 2015-03-17 at 18:07 +0100, Natxo Asenjo wrote:
On Tue, Mar 17, 2015 at 4:19 PM, Tevfik Ceydeliler
tevfik.ceydeli...@astron.yasar.com.tr wrote:
Hi,
Altough I have this configuration in client .conf:
##
Can someone up-channel an issue with getfedora.org? The site changed URLs,
and the cert was not amended to include the new URL as a Subject
Alternative Name and now cert mismatches are occurring.
--
Manage your subscription for the Freeipa-users mailing list:
OpenAFS?
On Jan 12, 2015 11:04 AM, Craig White cwh...@skytouchtechnology.com
wrote:
*From:* freeipa-users-boun...@redhat.com [mailto:
freeipa-users-boun...@redhat.com] *On Behalf Of *Dale Macartney
*Sent:* Sunday, January 11, 2015 2:16 PM
*To:* freeipa-users@redhat.com
*Subject:*
On Fri, 2015-01-02 at 15:19 +, Chris Card wrote:
I have existing machines running CentOS 6.3 which I want to include in
a freeipa domain.
The domain controller machine is running Fedora 21 and
freeipa-server-4.1.1-2 while the latest version of ipa I can find that
runs on CentOS 6.3 is
On Wed, 2014-12-31 at 19:06 +0100, Jan Pazdziora wrote:
On Mon, Dec 29, 2014 at 07:12:26PM -0500, Brendan Kearney wrote:
On Mon, 2014-12-29 at 16:53 -0500, Dmitri Pal wrote:
bind-dyndb-ldap isa back end driver for BIND to get data from an LDAP
storage.
The updates are done by BIND
where can i find howto info around setting up bind-dyndb-ldap to accept
ddns updates from dhcp? usually, i have a shared key defined in dns and
dhcp, and the updates are authenticated. where are the docs for setting
this up in bind-dyndb-ldap?
--
Manage your subscription for the Freeipa-users
systemctl stop firewalld
systemctl disable firewalld
systemctl stop iptables
systemctl disable iptables
sudo iptables -nvL
This is not a recommended config, as a firewall will save your bacon
without you realizing it. Fwbuilder is a great package in the fedora repos
that will write excellent
Kerberos is dependent on A records in dns. The instance (as in
principal/instance@REALM) should match the A record in dns.
There is absolutely no Kerberos dependency on hostnames being fully
qualified. I have all my devices named with short names and I have no
issues with Kerberos ticketing.
Correction, its primary/instance@REALM
On Aug 8, 2014 10:57 AM, brendan kearney bpk...@gmail.com wrote:
Kerberos is dependent on A records in dns. The instance (as in
principal/instance@REALM) should match the A record in dns.
There is absolutely no Kerberos dependency on hostnames being
Arent all of those lookups done in dns? Wouldnt that mean hostnames being
fqdn's is irrelevant?
On Aug 8, 2014 12:11 PM, Rich Megginson rmegg...@redhat.com wrote:
On 08/08/2014 08:57 AM, brendan kearney wrote:
Kerberos is dependent on A records in dns. The instance (as in
principal
Megginson rmegg...@redhat.com wrote:
On 08/08/2014 10:56 AM, brendan kearney wrote:
Arent all of those lookups done in dns?
Yes.
Wouldnt that mean hostnames being fqdn's is irrelevant?
Not sure what you mean.
I guess if you issued your server certs with a subject DN of
cn=hostname, instead
a dependency on
fully qualified hostnames, when there is no reason to require it. In fact,
it may even break somethings or even violate some rfc.
On Aug 8, 2014 1:43 PM, Rich Megginson rmegg...@redhat.com wrote:
On 08/08/2014 11:17 AM, brendan kearney wrote:
The cert should have the fqdn, just like
...@redhat.com wrote:
On 08/08/2014 12:21 PM, brendan kearney wrote:
Double check your example. -h means the hostname of the ldap server to
connect to and issue your query to. Man page calls it ldaphost.
Yes.
I have not run across a client that does cert validation using ldap
On Tue, 2014-06-03 at 00:42 +, Steven Jones wrote:
Hi,
I'll raise a request for this to be added then.
Its a bit of an enterprise requirement feature that is of use for us.
Not having much luck with rsyslog and application logs at the moment, good
and accurate docs seem lacking for
What distribution you use? Fedora
Which distribution version you use? Fedora 20, with latest updates
Which architecture you use? x86_64 on a qemu VM
What plugin version you use? bind-dyndb-ldap-4.1-1.fc20.x86_64
Do you use bind-dyndb-ldap as part of ​FreeIPA installation? no, using
Hello!
Before I dive into details, please read about the following bug:
https://fedorahosted.org/bind-dyndb-ldap/ticket/134
I just found it, fixed it and I'm attaching patch for you so you don't need
to
wait for a new release :-)
thanks, but i am not sure how to apply patches.
Your
No, it is not.
http://port389.org/wiki/History
ok then. still, i am trying to learn the individual pieces and get them
working together.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On Tue, 2014-03-04 at 14:11 +0100, Petr Spacek wrote:
Hello,
On 3.3.2014 22:57, Brendan Kearney wrote:
Which distribution version you use? Fedora 20, with latest updates
What plugin version you use? bind-dyndb-ldap-3.5-1.fc20.x86_64
Please make sure that you read and follow
https
On Mon, 2014-03-03 at 09:33 +0100, Petr Spacek wrote:
On 1.3.2014 23:20, Brendan Kearney wrote:
i am using bind-dyndb-ldap outside of freeipa, and want to create
_tcp.my-domain.com and _udp.my-domain.com subdomains. i have tried, but
seem to come up short and nslookup fails for the records
i am using bind-dyndb-ldap outside of freeipa, and want to create
_tcp.my-domain.com and _udp.my-domain.com subdomains. i have tried, but
seem to come up short and nslookup fails for the records i try to create
in the subdomains. some googling and searching in the wiki have not
provided me with
Do you plan to use FreeIPA command line interface or not?
With FreeIPA, you can create equivalent records with this set of commands:
$ ipa dnszone-add bpk2.com
$ ipa dnsrecord-add bpk2.com _kerberos --txt-rec=...
etc.
Those commands allow you to create almost equivalent data in LDAP.
or should a bug be filed for this
missing functionality?
thank you,
brendan kearney
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
my config uses bind and bind-dyndb-ldap to host zone data in ldap. i am
trying to achieve the equivalent directives and configuration of bind
+bind-dyndb-ldap that i have in straight bind.
attached is my forward zone (frozen before copying data, so that the jnl
entries were written out).
the
46 matches
Mail list logo