On Sun, Jan 12, 2014 at 11:01 PM, Dmitri Pal d...@redhat.com wrote:
On 01/11/2014 09:20 AM, Charlie Derwent wrote:
Hi
I'm experiencing an issue trying to use ipa-getcert on my IPA clients.
When I run a command similar to this
ipa-getcert request -K principal/`hostname` -D `hostname
Hi
I'm experiencing an issue trying to use ipa-getcert on my IPA clients.
When I run a command similar to this
ipa-getcert request -K principal/`hostname` -D `hostname` \
-k /var/lib/ssl/private_keys/`hostname`.pem \
-f /var/lib/ssl/certs/`hostname`.pem
Sometimes it will work, but 9 times out
On Tue, Sep 3, 2013 at 4:50 PM, Dmitri Pal d...@redhat.com wrote:
On 09/03/2013 04:21 AM, Innes, Duncan wrote:
Hi folks,
I've got a question about kickstart enrollment with a one-time password.
Namely, is there any way that it can be done *without* the one-time
password. We're
On Mon, Sep 16, 2013 at 3:21 PM, Rob Crittenden rcrit...@redhat.com wrote:
Rich Megginson wrote:
On 09/16/2013 03:21 AM, Charlie Derwent wrote:
Hi
Update on the errors
kinit charlesd
kinit: Generic error (see e-text) while getting initial credentials
krb5kdc.log - LOOKING_UP_CLIENT
schema-compat-plugin.
dna-plugin, ipalockout_preop/postop all complaining in one way or another
about being unable to retrieve entries or no entries being set up.
Cheers,
Charlie
On Fri, Sep 13, 2013 at 2:49 PM, Rich Megginson rmegg...@redhat.com wrote:
On 09/12/2013 08:04 PM, Charlie Derwent
On Mon, Sep 9, 2013 at 5:32 PM, Rich Megginson rmegg...@redhat.com wrote:
On 09/09/2013 10:20 AM, Charlie Derwent wrote:
Hi,
2 questions, some of our automation accounts are needlessly querying the
IPA server every time they call a command via sudo. This is generating a
lot of noise
Hi,
2 questions, some of our automation accounts are needlessly querying the
IPA server every time they call a command via sudo. This is generating a
lot of noise in our access logs. Is there any way to ensure certain system
accounts don't call out to the IPA server for additional groups or sudo
On Mon, Sep 9, 2013 at 5:32 PM, Rich Megginson rmegg...@redhat.com wrote:
On 09/09/2013 10:20 AM, Charlie Derwent wrote:
Hi,
2 questions, some of our automation accounts are needlessly querying the
IPA server every time they call a command via sudo. This is generating a
lot of noise
On Fri, Feb 15, 2013 at 6:56 PM, Rob Crittenden rcrit...@redhat.com wrote:
Charlie Derwent wrote:
Hi
So there's nothing I can see in the access logs.
However, I get the following message in the KDC log
Feb 15 14:05:49 ipa.example.com http://ipa.example.com/
krb5kdc[1749](info): AS_REQ (12
Bit late to the conversation here, but if you want another example of a
quasi-system account within IPA, there is the need for a user to handle
automated enrollment/re-enrollment of servers.
Charlie
On Fri, Feb 15, 2013 at 11:32 PM, Brian Cook bc...@redhat.com wrote:
On Feb 15, 2013, at 3:11
On Sun, Feb 10, 2013 at 1:48 AM, Rob Crittenden rcrit...@redhat.com wrote:
Charlie Derwent wrote:
Hi
Whenever I attempt an unattended installation with a principal and
password. The installation fails.
I'm using the following syntax for my command
ipa-client-install --domain=example.com
Yes the times on the ipa server and ipa client are in sync with our NTP
source
Thanks
Charlie
On Sat, Feb 9, 2013 at 1:07 AM, Dmitri Pal d...@redhat.com wrote:
On 02/08/2013 07:47 PM, Charlie Derwent wrote:
Hi
Whenever I attempt an unattended installation with a principal and
password
Hi Matthew,
Yes, as said earlier ipa disable-host fqdn; ipa host-mod fqdn
--password=foo works flawlessly. The issue lies with attempting to reuse
foo as the password, the IPA sever prevents that (and rightly so) which
complicates automation hence the RFE.
Charlie.
On Thu, Jan 24, 2013 at 4:34
Hi Fred
Little unsure about what you mean here. What is it you're trying to do
exactly? Do you mean you can't run IPA commands on your satellite server?
Do you just need to install ipa-admin-tools?
Do you mean IPA commands don't work on a IPA client until the client is
enrolled? That would make
PM, Dmitri Pal d...@redhat.com wrote:
On 12/07/2012 10:15 PM, Charlie Derwent wrote:
Sorry for the extremely late reply, rebuilds of clients, keytab and
configuration primarily but certs too would be nice.
What we currently do during our provisioning process is disable the host
and reset
documentation on what files you would need to back
up)
I prefer option 2 :-)
Thanks,
Charlie
On Tue, Sep 18, 2012 at 3:41 PM, Dmitri Pal d...@redhat.com wrote:
On 09/18/2012 07:34 AM, Charlie Derwent wrote:
Hi
I've used ipa host-disable ${HOST}; ipa host-mod --password=${PASS}
${HOST
Hi
I've used ipa host-disable ${HOST}; ipa host-mod --password=${PASS}
${HOST} In the past and that seems to work quite well. The ideal for me
would be a situation where the IPA information could persist between
rebuilds.
Cheers,
Charlie
On Tue, Sep 18, 2012 at 12:05 PM, Innes, Duncan
Hi
I've been testing our potential new IPA server before roll out and while
setting up a replica with ipa-server-2.1.3-9 I encountered the following
issues during installation
[root@ipa2 ~]# ipa-replica-install --setup-dns --no-forwarders --no-ntp
/var/lib/ipa/replica-info-ipa2.test.net.gpg
Hi
I've got 5 different IPA servers at 5 differents labs around the country
that are all replicas of one another. In order to keep the the cross-site
network traffic to a minimum I want the IPA clients at Site A to only
communicate to IPA Server A, B to B, C to C etc. except in the
case of the
Sounds sort of related to the bug you mentioned in your release notes but
this was a clean install not an upgrade.
Regards
Charlie
--
FYI
SELinux is
Hi
Really simple question, is it possible to create a F15 2.1.3 replica from my
F14 2.0.0.rc3 IPA Server and then could I rebuild that 2.0.0.rc3 IPA server
as a 2.1.3 server based on the new 2.1.3 replica? I would've thought it
should be but I seem to remember hearing that something changed in
On Mon, Jun 27, 2011 at 2:07 PM, Adam Young ayo...@redhat.com wrote:
**
On 06/26/2011 08:35 AM, Charlie Derwent wrote:
On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden rcrit...@redhat.comwrote:
Charlie Derwent wrote:
On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden rcrit...@redhat.com
On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden rcrit...@redhat.comwrote:
Charlie Derwent wrote:
Hi
I'm running FreeIPA server on F14 and connecting to a F14 client. When I
run ipa-client-install (via kickstart or after the client has installed)
I'm getting the following error message
On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden rcrit...@redhat.com wrote:
Charlie Derwent wrote:
On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Charlie Derwent wrote:
Hi
I'm running FreeIPA server on F14
file:/var/log/dirsrv/slapd-TEST-NET/access
Which is funny cause somehow it still managed to write the error into the
error log.
On Fri, May 13, 2011 at 4:37 PM, Adam Young ayo...@redhat.com wrote:
On 05/13/2011 06:11 AM, Charlie Derwent wrote:
Hi
First time posting on the mailing list so go
Hi
First time posting on the mailing list so go easy on me :-)
I've installed freeipa on our network and noticed that no real user owns the
folders /var/log/dirsrv/slapd-PKI-IPA and /var/log/dirsrv/slapd-TEST-NET.
Isn't this going to cause logrotate errors? I have a feeling this came about
26 matches
Mail list logo