resolution API
| |
|
But not sure if I am looking in the right place.
Many thanks,James Harrison
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hi,Was there any out-come to this?
I running: sudo1.8.12-1ubuntu3, which is well behind up to date releases.
Many thanks,James Harrison
From: James Harrison
To: "freeipa-users@redhat.com" ;
"pbrez...@redhat.com"
Cc: "pbrez...@redhat.com"
Sent: Monday,
All,debian 1.8.19-1 doesnt work, but Ubuntu 1.8.12-1ubuntu3 does.
James
From: Lukas Slebodnik
To: James Harrison
Cc: "freeipa-users@redhat.com"
Sent: Saturday, 7 January 2017, 15:34
Subject: Re: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
version 1.13.4-
All,1.8.19-1 from Debian does not appear to work too.
James
From: Lukas Slebodnik
To: James Harrison
Cc: "freeipa-users@redhat.com"
Sent: Saturday, 7 January 2017, 15:34
Subject: Re: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
version 1.13.4-1ubuntu1.1
Any ideas?
From: James Harrison
To: "freeipa-users@redhat.com"
Sent: Thursday, 5 January 2017, 13:36
Subject: FreeIPA sudo not working on ububtu xenial sssd version
1.13.4-1ubuntu1.1
Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
I can authenticate
Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
I can authenticate OK, I get a kerberos ticket, but cannot run sudo.
I get 1 rule returned, which I expect.
Many thanks,James Harrison
(Thu Jan 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event
0x1c11e30
s
it supported or will they just be over-written by Freeipa?
I've been hunting for an answer online, but found nothing about this.
Many thanks,James Harrison
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freei
dynamically loading authorized user keys. Public key authentication of IPA
users will not be available.
From: James Harrison
To: "freeipa-users@redhat.com"
Sent: Wednesday, 14 December 2016, 15:18
Subject: Free IPA Openssh client install error
Hi,I installed the freeipa
Is there a fix?
Best regards,James Harrison
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hi,From this URL: https://launchpad.net/~sssd/+archive/ubuntu/updates
i updated sssd on Trusty and I can now ssh to it using a FreeIPA user's
credentials. AD Still doesn't work.
Thanks
From: Lukas Slebodnik
To: James Harrison
Cc: "freeipa-users@redhat.com"
Sent:
I tried to clone the git repos and I got access right errors
James
From: Lukas Slebodnik
To: James Harrison
Cc: "freeipa-users@redhat.com"
Sent: Thursday, 8 December 2016, 11:22
Subject: Re: [Freeipa-users] Problem with Free IPA Client Ubuntu Precise
(12.04) authenticati
(x_james.harrison@ad.domain.local)
groups=1039812876(x_james.harrison@ad.domain.locall)
However auth issues still the same as Precise. Doesnt accept the ssh public key
stored with the IPA user or the Trust ID view user.
Xenial has no problems.
Regards,James Harrison
From: James Harrison
To
tions
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
/etc/sssd/sssd.conf.deleted
SSSD service could not be stopped
Client uninstall complete.
From: Lukas Slebodnik
To: James Harrison
Cc: "freeipa-users@redhat.com"
Sent: Thursday, 8 December 2016, 11:22
Subject: Re
seem to
authenticate against the public ssh key from the id override user.
I appreciate any help you can send my way.
Best regards,
James Harrison
Below is more information
root@jamesprecise:~# kinit x_james.harrison@AD.DOMAIN.LOCAL
Password for x_james.harrison@AD.DOMAIN.LOCAL:
root
n 5.5) allows me to do
what? Am I supposed to get a synchronised list of Domain Admin users in Free
IPA?
I can log in to a Linux client using AD credentials, regardless of the AD users
external map (The user I'm logging is with is a member of the AD Domain Admins
group).
Many thanks,Jame
accomplish the same
goal: to get AD user accounts? Which one is preferred?
Best regards,James Harrison
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hello.Thanks for your help Martin that worked.
James Harrison
On Thu, 10 Nov, 2016 at 12:15, Martin Basti wrote:
On 10.11.2016 13:00, James Harrison wrote:
Hi All, We use port 2234 for all sshd connections on our systems.
It looks loke ipa-conncheck uses port 22.
Can this
ur network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck
parameter.
From: James Harrison
To: "freeipa-users@redhat.com"
Sent: Thursday, 10 November 2016, 12:00
Subject: Specify different ssh port for ipa-con
Hi All,We use port 2234 for all sshd connections on our systems.
It looks loke ipa-conncheck uses port 22.
Can this be changed to use 2234? This would be for replicas and clients I
presume.
This is quite urgent.
Many thanks,James Harrison
--
Manage your subscription for the Freeipa-users
https://www.redhat.com/archives/freeipa-users/2016-November/msg00031.html
On 07.11.2016 12:05, James Harrison wrote:
Anyone ?
Sent from Yahoo Mail on Android
On Fri, 4 Nov, 2016 at 11:04, James Harrison
wrote: Hello,
I've installed FreeIPA 4.2 master using Centos and I have a Wind
Anyone ?
Sent from Yahoo Mail on Android
On Fri, 4 Nov, 2016 at 11:04, James Harrison
wrote: Hello,
I've installed FreeIPA 4.2 master using Centos and I have a Windows 2012R2 with
its AD schema emulating a Windows 2012 system
I have established a trust between the two and it appea
only way to ssh to the master IPA server is like this:
ssh "x_@IPAWIN.LOCAL"@10.10.10.10
Another example is using kinit:
I have to do the following to get a credential:kinit x_@IPAWIN.LOCAL
Ideally I would not need or use the "@IPAWIN.LOCAL".
Can anyone help?
Be
Hello all,
That is really good to know. Thank you for helping me out with this.
James
From: Rob Crittenden
To: "jamesaharriso...@yahoo.co.uk" ; Martin
Babinsky ; "freeipa-users@redhat.com"
Sent: Friday, 21 October 2016, 14:18
Subject: Re: [Freeipa-users] Pro
y get to use 4.2
of FreeIPA, but the Ubuntu version is 4.4.2. Is there 4.4.2 for CentOS?
Best regardsJames Harrison From: Rob Crittenden
To: James Harrison ; Martin Babinsky
; "freeipa-users@redhat.com"
Sent: Wednesday, 19 October 2016, 14:28
Subject: Re: [Freeipa-users] Promote CA-
"replica"
run the ipa-replica-prepare script once ipa-replica-install has been
successfully run?
Thank you for any help.Best regards,James Harrison
From: Martin Babinsky
To: freeipa-users@redhat.com
Sent: Wednesday, 19 October 2016, 11:01
Subject: Re: [Freeipa-users] Promote
a CA. Our CA is Comodo and we have configured FreeIPA to use
a certificate, key and interim certificates from Comodo. using the options:
--http_pkcs12=--http_pin=
--dirsrv_pkcs12=...
--dirsrv_pin=
Hope someone can help. Quite urgent.
Regards,
James Harrison
--
Manage your
ed, Mar 23, 2016 at 4:31 PM, Petr Vobornik wrote:
> On 03/23/2016 03:50 PM, Sam James wrote:
>
>> Hello everyone,
>>
>> I've been banging my head against the wall for a few days now trying to
>> resolve
>> an issue with PKI and I'm hoping I might get som
Hello everyone,
I've been banging my head against the wall for a few days now trying to
resolve an issue with PKI and I'm hoping I might get some help. First some
context.
About a week ago I was alerted that all of our replicas were offline due to
pki-tomcatd not starting. Futher investigation
Wed, 2016-01-13 at 18:10 -0500, James Kinney wrote:
> I need to upgrade from IPA3.0 to IPA4.2 (from centos 6.7 to 7.2) and
> the replica process is failing to install on the new system:
>
> 2016-01-13T17:27:46Z DEBUG Starting external process
> 2016-01-13T17:27:46Z DEBUG args=
I need to upgrade from IPA3.0 to IPA4.2 (from centos 6.7 to 7.2) and
the replica process is failing to install on the new system:
2016-01-13T17:27:46Z DEBUG Starting external process
2016-01-13T17:27:46Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f'
'/tmp/tmpjklK4o'
2016-01-13T17:28:19Z DEBUG Pro
in IPA 4.1.
We do more than 10 installs of IPA per day as part of CI, I think now
we're back to a working configuration again.
Hopefully this will help others who come along this path.
James M
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
On 12/11/15 15:21, Rob Crittenden wrote:
James Masson wrote:
On 30/10/15 13:52, Rob Crittenden wrote:
James Masson wrote:
On 26/10/15 16:11, Martin Kosek wrote:
On 10/26/2015 04:05 PM, James Masson wrote:
On 19/10/15 21:06, Rob Crittenden wrote:
James Masson wrote:
Hi list,
I
On 30/10/15 13:52, Rob Crittenden wrote:
James Masson wrote:
On 26/10/15 16:11, Martin Kosek wrote:
On 10/26/2015 04:05 PM, James Masson wrote:
On 19/10/15 21:06, Rob Crittenden wrote:
James Masson wrote:
Hi list,
I successfully have IPA working with CA certs signed by an upstream
On 26/10/15 16:11, Martin Kosek wrote:
On 10/26/2015 04:05 PM, James Masson wrote:
On 19/10/15 21:06, Rob Crittenden wrote:
James Masson wrote:
Hi list,
I successfully have IPA working with CA certs signed by an upstream Dogtag.
Now I'm trying to use a CA cert signed by a diff
On 19/10/15 21:06, Rob Crittenden wrote:
James Masson wrote:
Hi list,
I successfully have IPA working with CA certs signed by an upstream Dogtag.
Now I'm trying to use a CA cert signed by a different type of CA - Vault.
Setup fails, using the same 2 step IPA setup process as used
ype option.
Likely, IPA doesn't like the certificate - however, I can't pinpoint why.
Errors below.
thanks
James M
###
-BEGIN CERTIFICATE-
MIIDdzCCAl+gAwIBAgIUTKucjDpTMZ/oPmgnxR1MznVhktkwDQYJKoZIhvcNAQEL
BQAwVjEZMBcGA1UEAxMQbXljYS5leGFtcGxlLmNvbTE5
On 24/09/15 01:20, Fraser Tweedale wrote:
On Wed, Sep 23, 2015 at 11:16:27AM +0100, James Masson wrote:
On 23/09/15 11:03, Fraser Tweedale wrote:
On Wed, Sep 23, 2015 at 09:09:25AM +0200, David Kupka wrote:
On 22/09/15 17:02, James Masson wrote:
Hi,
we're building IPAs in an auto
On 23/09/15 11:03, Fraser Tweedale wrote:
On Wed, Sep 23, 2015 at 09:09:25AM +0200, David Kupka wrote:
On 22/09/15 17:02, James Masson wrote:
Hi,
we're building IPAs in an automated fashion, for environments that get
created and destroyed a lot. At the moment, the CA certs used inside
7;m hoping to avoid the need to have
to use/send this automatically generated CSR every time.
thanks
James M
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
ails, due to either the PKI-CAD service failing or the
timeout. Sorry for the wall of text.
James Cassidy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
This is a virtual machine, rng-tools-5-4.fc22.x86_64 is installed ...
I did just try to create a gpg key and it seemed to have entropy
issues... I did however run the command
$ rngd -W 4096
$ cat /proc/sys/kernel/random/entropy_avail
to fill the entropy up again (previously reporting around 30
Freeipa 4.1.4
On 06/18/2015 10:28 AM, Simo Sorce wrote:
On Thu, 2015-06-18 at 10:08 -0500, James Benson wrote:
Hi all,
I'm a fairly advanced user, however, having issues with setting up
freeIPA. I've started with Fedora 22 server (both with minimal install
and basic install), mo
o
increase the timeout value, but no luck.
Suggestions?
Thanks,
James
smime.p7s
Description: S/MIME Cryptographic Signature
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
dera server
as authentication, but I can't tie it to our domain since I'm not in
charge of it and frankly I tried and just goes to oblivion since I'm
inside the firewall and the domain is outside and not going to punch
those holes.
Anyone else have thoughts?
James
On 06/12/201
Hi all,
I'm trying to duplicate freeIPA on a local host but I keep on getting
errors, primarily a RuntimeError('CA did not start in %%ss' %timeout).
Has anyone tried this before and succeeded or have suggestions?
Thanks
James
smime.p7s
Description: S/MIME Cryptographic Signa
:56 GMT+02:00 thierry bordaz :
> Hi,
>
> Would you update your master to 389-ds-base-1.2.11.15-56.el6, before
> attempting the upgrade to 7 ?
>
> thanks
> thierry
>
> On 06/08/2015 12:30 PM, James James wrote:
>
> My master version is 389-ds-base-1.2.11
My master version is 389-ds-base-1.2.11.15-50.el6_6.x86_64 .
Thanks.
2015-06-08 10:25 GMT+02:00 thierry bordaz :
> Hello James,
>
> The fact that the master is more powerfull than the replica increase the
> possibility to hit that bug.
> The bug fix is on the master side. The
machine for the replica ?
How can I limit the cpu/memory in the physical machine (with cgroups ??).
Any hints will be appreciated ..
Regards
James
2015-05-18 14:04 GMT+02:00 thierry bordaz :
> On 05/15/2015 05:11 PM, James James wrote:
>
> ok Rob. Thanks for your help. I will wai
27;ve
tried to check the services, however, they don't seem to want to start
(no errors, just don't see them in the service status menu) Any help
would be great as I would greatly like to use the website over commands
if possible.
Thank you,
James
smime.p7s
Description: S/MIM
ok Rob. Thanks for your help. I will wait for the Scientific Linux 6.7 .
Best.
James
2015-05-15 16:58 GMT+02:00 Rich Megginson :
> On 05/15/2015 08:46 AM, James James wrote:
>
> [root@ipa ~]# rpm -q 389-ds-base
> 389-ds-base-1.2.11.15-50.el6_6.x86_64
>
>
> Ok. Looks li
[root@ipa ~]# rpm -q 389-ds-base
389-ds-base-1.2.11.15-50.el6_6.x86_64
2015-05-15 16:32 GMT+02:00 Rich Megginson :
> On 05/15/2015 08:22 AM, James James wrote:
>
> I think that :
>
> Starting replication, please wait until this has completed.
> Update in progress, 1
:55 AM, James James wrote:
>
> Is it possible to change the nsds5ReplicaTimeout value to get rid of this
> timeout error ?
>
>
> What timeout error?
>
>
> 2015-04-17 4:52 GMT+02:00 Rich Megginson :
>
>> On 04/15/2015 10:44 PM, James James wrote:
>>
>
Is it possible to change the nsds5ReplicaTimeout value to get rid of this
timeout error ?
2015-04-17 4:52 GMT+02:00 Rich Megginson :
> On 04/15/2015 10:44 PM, James James wrote:
>
> The ipareplica-install.log file in attachment ...
>
>
> Here are the pertinent bits:
>
&
The ipareplica-install.log file in attachment ...
2015-04-16 2:22 GMT+02:00 Rob Crittenden :
> Rich Megginson wrote:
> > On 04/15/2015 02:58 PM, James James wrote:
> >> Nothing on the replica .. maybye a process on the master. How can I
> >> check that ?
> >
Nothing on the replica .. maybye a process on the master. How can I check
that ?
2015-04-15 21:37 GMT+02:00 Rich Megginson :
> On 04/15/2015 12:43 PM, James James wrote:
>
> Here the log
>
> 2015-04-15 18:58 GMT+02:00 Rich Megginson :
>
>> On 04/15/2015 09:
all the CA I've got this message :
[root@ipa-devel-centos7 system]# ipa-ca-install --password=mypassorwd -U
CA is already installed.
Should I have to promote the replica to a standalone master before
installing the CA ?
Any hints will be appreciated...
James
2015-04-08 7:27 GMT+02:00 Jan Ch
le to
migrate my ipa-master CA system from an external CA to a CA-less or
self-signed CA ?
Thanks.
2015-04-07 13:48 GMT+02:00 Martin Kosek :
> On 04/07/2015 01:44 PM, James James wrote:
> > ok.
> >
> > Is there a way to migrate from an external CA to a CA-less or a
> self-sign
ok.
Is there a way to migrate from an external CA to a CA-less or a self-signed
CA ?
2015-04-07 12:51 GMT+02:00 Martin Kosek :
> On 04/03/2015 11:39 AM, James James wrote:
> > Hello,
> >
> > I want to initialize a new replica with an external CA. My Certificate
> >
--subject="O=orga,C=FR,OU=MyOU"
Does somebody knows how to do ?
Best.
James
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Hello,
I want to initialize a new replica with an external CA. My Certificate
Authority wants a CSR with the field emailAddress in the subject like :
/C=FR/O=TESTO/OU=TESTOU/CN=*.example.com/emailAddress=n...@none.com
How can I do with the ipa-server-install command ? I have been trying for
f
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Dmitri Pal [d...@redhat.com]
Sent: Saturday, March 21, 2015 10:42 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Password entry through Trust not correct
On 03/20/2015 08:56 PM, McEvoy, James
option
--enablerfc2307bis when I run authconfig.
from a freeipa client:
$ getent passwd jemce...@enas.net
jemce...@enas.net:*:10001:10004::/home/enas.net/jemcevoy:
from the ipa server:
[root@ipa ~]# getent passwd jemce...@enas.net
jemce...@enas.net:*:10001:10004:James McEvoy:/home/enas.net
Hi FreeIPA Users:
I can only get my new Fedora 21 freeipa to server to setup a trust with Active
Directory if I turn off the firewall on the ipa server. I have looked through
all the doc on which ports to open but have had no luck getting the join to
work with firewalld running... Can someon
Hello,
I am with a ipa 3.3 server on centos 7.
I want to customize the web ui user add page (to include
krbprincipalexpiration field with a jquery calendar... ). I have read
http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf ,
https://pvoborni.fedorapeople.org/api/#!/guide/Phases
; client install with ansible or puppet. Currently just trying to get it
> > working with simple sssd/ldap only auth.
>
> I would recommend against enrolling clients in any other way than with
> ipa-client-install.
>
> I've CC-ed James Shubin, who worked on automating client
ion to detail, sponsored them for me before I got upload rights,
> and most importantly stuck around all this time :)
>
>
> --
> t
>
> --
Awesome news! If someone is willing to test, I'm willing to write the
patches to puppet-ipa [1] so that it works on Debian.
Let m
On 13 October 2014 18:18, Dmitri Pal wrote:
> On 10/12/2014 08:07 PM, James wrote:
>>
>> On 12 October 2014 19:55, Janelle wrote:
>>>
>>> Hi again,
>>>
>>> I was wondering if there were any suggestions for performance of IPA and
>>> s
; masters/replicas. Are there any formulas to follow?
>
> thanks
If you get an answer to this, or if you know of any other performance
tuning params, let me know and I'll build it in to puppet-ipa.
Thanks,
James
--
Manage your subscription for the Freeipa-users mailing list:
https://ww
On 7 October 2014 21:55, Fraser Tweedale wrote:
> This is great. Can we use the GNOME project's experience as a story
> or case study in promoting FreeIPA to other projects/communities?
> IMO we need a couple of examples like this on the freeipa.org front
> page.
I would recommend waiting a lit
On 7 October 2014 19:54, Dmitri Pal wrote:
> On 10/07/2014 09:27 AM, James wrote:
>>
>> On 7 October 2014 05:58, Alexander Bokovoy wrote:
>>>
>>> Hi!
>>>
>>> As Andrea Veri describes in the blog[1], GNOME Project's infrastructure
>>&
e accepted.
"Shape" means how do I algorithmically define who is neighbours with who.
The two provided are "flat" and "ring":
[1]
https://github.com/purpleidea/puppet-ipa/blob/master/DOCUMENTATION.md#topology
[2]
https://github.com/purpleidea/puppet-ipa/tree/master/lib/puppet/
On 7 October 2014 05:58, Alexander Bokovoy wrote:
> Hi!
>
> As Andrea Veri describes in the blog[1], GNOME Project's infrastructure
> is now powered by FreeIPA. While GNOME was already using SSSD since very
> early days of SSSD project, move to FreeIPA on the server side took more
> time.
Yup :)
Hi Alexandre,
Thanks for your effort. I am facing some issues with the numeezy freeipa
debian client.
1 ) When I use ipa-client-install I can't specify the ca-cert path and I
have to import my CA cert in /etc/pki/nssdb
2 ) When I try to make ipa-client-automount, the rpc.idmapd, rpc.gssd
deamons
SOLVED.
realm-proxy has to be indirect member of :
memberofindirect: cn=manage host
keytab,cn=privileges,cn=pbac,dc=example,dc=com
Thanks for your help.
2014-09-09 16:59 GMT+02:00 Rob Crittenden :
> James James wrote:
> > My user : realm-proxy is in a group (Smart Proxy Host Manageme
My IPA version is 3.0.0 .
Thanks
2014-09-09 1:22 GMT+02:00 Dmitri Pal :
> On 09/08/2014 06:52 PM, James James wrote:
>
> Hi everybody,
>
> I want a user to be able to do ipa-getkeytab to retrieve the keys from
> any host in the realm.
>
> How can I do this ?
>
Hi everybody,
I want a user to be able to do ipa-getkeytab to retrieve the keys from any
host in the realm.
How can I do this ?
Where I can find an ACI example (
https://www.redhat.com/archives/freeipa-users/2010-July/msg00024.html)
which can helps me ?
Thanks for your help.
--
Manage your su
gt;> Error: Nothing to do
>
>
> Am I missing something? I remember that there was a thread about Centos 7
> and FreeIPA 4 but for the life of me I can't find it.
>
> Thanks
Just a guess but it's probably called ipa-server.
You can use yum search too.
Eg: 'yum se
:
https://github.com/purpleidea/puppet-ipa/tree/feat/yamldata
I'll rebase this branch as new patches are added, and I'll usually keep
it current against git master. Once someone ACK's that it is working
against another OS or version, then I'll maintain it in git master.
Thank
umentation too confusing to follow at 1 am -
> will be a project for another day.
There is the python ipa API, not sure how stable or official it is,
but if you look in my code I use it occasionally.
>
> Thanks for your help.
Cheers,
James
--
Manage your subscription for the Freeipa-use
is a winning module, in the same way that rails
saved ruby, so I would take a closer look) you can at least use it as
a reference architecture when writing a salt module. That;s the beauty
of Free Software!
Good luck! HTH,
James
--
Manage your subscription for the Freeipa-users mailing list:
g to make is that the puppet module I linked you
to does all of this automatically for you.
HTH,
James
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
On Thu, Aug 14, 2014 at 4:23 PM, Michael Lasevich
wrote:
> I am not all too comfortable to run this as admin user and not quite ready
> to set up the orchestration needed to pre-join the host.
Re: orchestration,
https://github.com/purpleidea/puppet-ipa
Does this help?
--
Manage your subscript
Thanks a lot for your answer. I will switch to RHEL 7 to use 3.3 ..
Best regards.
James
2014-08-11 17:05 GMT+02:00 Martin Kosek :
> On 08/10/2014 01:58 PM, James James wrote:
> > Hello,
> >
> >
> > Is there a way to patch my ipa .3.0.0 with this patch:
> > htt
Hello,
Is there a way to patch my ipa .3.0.0 with this patch:
https://www.mail-archive.com/freeipa-devel@redhat.com/msg20528.html ?
The DateTime data type will be very useful !
Regards
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freei
, you can consider using puppet
instead, or start porting it to chef. A lot of the code can be
re-used, since my module contains a good amount of puppet.
HTH,
James
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
OK. Maybe this should be precised in the documentation.
By the way, thanks your help.
Best regards.
2014-07-24 15:22 GMT+02:00 Jakub Hrozek :
> On Thu, Jul 24, 2014 at 10:48:44AM +0200, James James wrote:
> > The problem is solved.
> >
> > I had to explicity provides th
The problem is solved.
I had to explicity provides the location in the ipa-client-automount
command like this :
ipa-client-automount --server=ipa.lix.polytechnique.fr --location=server1 -U
Thanks again.
2014-07-24 10:22 GMT+02:00 James James :
> The files are in attachment.
>
> T
The files are in attachment.
Thanks for you help.
2014-07-24 9:41 GMT+02:00 Jakub Hrozek :
> On Wed, Jul 23, 2014 at 11:45:28PM +0200, James James wrote:
> > HI guy, I've been struggling for a while tom make sssd works with
> autofs .
> > I have a freeipa server t
HI guy, I've been struggling for a while tom make sssd works with autofs .
I have a freeipa server that serves maps. When a client is enrolled and I
make in a terminal
root@host ~# ipa-client-automount -U
everything is ok
but i've got :
root@host ~# automount -fd -vvv
Starting automounter ver
On Thu, Jul 3, 2014 at 3:39 AM, Simo Sorce wrote:
> Option TWO is preferable if you have the CA only on A.
> You should be able to run the connect command on any administrative host
> IIRC.
Thanks for the reply!
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat
ected to the two peers we want to connect?
Thanks again!
James
signature.asc
Description: This is a digitally signed message part
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
should be well with the world again.
Thanks for your help and guidance on this. Your level of support is
better than I could have expected.
On 1/6/14 11:01 AM, Rob Crittenden wrote:
James Scollard wrote:
That makes absolute perfect sense. Thanks for the clarification.
Unfortunately I have an
-converter.html
I need the server's private key file to convert from pkcs7 to pkcs12,
but cant find it anywhere. Is there a command to export it or does it
live in /var/lib or /etc somewhere?
Thanks.
On 1/6/14 4:09 AM, Jan Cholasta wrote:
ipa-server-install --dirsrv_pkcs
--
James E. Scollar
, Rob Crittenden wrote:
James Scollard wrote:
When attempting to run the second part of the installation with an
external CA (Globalsign) using my signed certificate and CA certificate
chain I get the following;
[root@ldapm6x00 ~]# ipa-server-install
--external_cert_file=/root/ldapm6x00.sun.weather.co
certificate.
I did nto see this problem with Network Solutions wildcard certificates
though. Any suggestions would be appreciated.
Thanks.
--
James E. Scollard III
Senior Cloud Systems Architect
c: 615.730.4387
www.weather.com
View my profile on LinkedIn
works" or at least mostly, feel free to ping me somehow.
HTH,
James
[1] https://github.com/purpleidea/puppet-ipa
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On 1 August 2013 15:55, Rob Crittenden wrote:
> James Hogarth wrote:
>
>>
>>
>>
>> On 1 August 2013 09:36, Martin Kosek > <mailto:mko...@redhat.com>> wrote:
>>
>>
>> The patch for this would do basically this:
>> - rem
e ldif (delegation.ldif and replica-acis.ldif) with the new
role/privilege/permission and acis in install/share for the new installs
and add an appropriate entry (not quite ldif) in install/updates to update
the default schema of those updating in future, given no new attributes -
right?
Cheers,
James
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
ades due to schema differences - so was
hoping to remain within the IPA command side of things...
1) Is this even possible with the ipa command?
2) If I use ldapmodify to add a new permission by hand via ldif for "Read
Replication Agreements" will this likely bre
ndb-ldap also doesn't
need any of the per RRtype stuff so avoids complexity there...
> Thank you for your time and passion!
>
>
Well it's about time the linux world had something like this (rather than
the old mish-mash of kerberos, openldap, etc and associated scripts to sort
of glue users together that was the previous situation) so I champion it
wherever I can!
James
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
1 - 100 of 229 matches
Mail list logo