On 09/12/2015 02:57 PM, Brian J. Murrell wrote:
> Due to the bug in mod_nss that prevents SNI from functioning (i.e.
> limits a port to a single certificate) I need to add SANs
> (SubjectAltName) to the certificate that freeipa created for the
> webserver (Server-Cert) so that I can add more
On 09/12/2015 09:51 AM, Natxo Asenjo wrote:
> On Sat, Sep 12, 2015 at 9:43 AM, Natxo Asenjo
> wrote:
>
>> hi,
>>
>> In a test network I followed the procedure especified in
>>
On 09/13/2015 04:33 PM, Janelle wrote:
> Hello,
>
> I read something recently that if ip v6 is disable on a server this hurts
> performance in some way? Is there more info on this or did I misread it?
>
> Thank you
> ~J
The only area where I recall disabled IPv6 causing trouble is
On 09/11/2015 03:29 PM, Rob Crittenden wrote:
> Craig White wrote:
>> Following instructions from here…
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html
>>
>>
>>
>> RHEL6 server
>>
>>
On 09/08/2015 08:13 PM, Ian Pilcher wrote:
> Now that I'm actually using IPA authentication for a few services within
> my house, I'm going to set up a simple "start page" with a few links,
> including a link to IPA web UI for password changes. I'd like to use
> the FreeIPA logo, but I've only
On 09/09/2015 09:50 PM, Janelle wrote:
> Hello,
>
> I was wondering if anyone has played with thee extended logging of IPA and
> specifically SSSD and the kibana dashboards they put together.
> https://www.freeipa.org/page/Centralized_Logging
>
> I can't seem to get "clients" to send the login
On 09/08/2015 04:23 PM, Martin Kosek wrote:
> On 09/06/2015 10:45 PM, Steven Jones wrote:
>>
>> Martin Kosek wrote:
>>> On 09/04/2015 12:00 AM, Rob Crittenden wrote:
>>>> Steven Jones wrote:
>>>>> I have a 3 node IPA cluster, I have replaced
On 09/06/2015 10:45 PM, Steven Jones wrote:
>
> Martin Kosek wrote:
>> On 09/04/2015 12:00 AM, Rob Crittenden wrote:
>>> Steven Jones wrote:
>>>> I have a 3 node IPA cluster, I have replaced the 2 "slaves" however when I
>>>> try and re
On 09/04/2015 12:00 AM, Rob Crittenden wrote:
> Steven Jones wrote:
>> I have a 3 node IPA cluster, I have replaced the 2 "slaves" however when I
>> try and remove the last one the master? it says,
>>
>> "[root@vuwunicoipam001 thing]# ipa-replica-manage del
>> vuwunicoipam002.
>>
On 08/26/2015 05:31 PM, Simo Sorce wrote:
On Wed, 2015-08-26 at 06:36 -0700, Janelle wrote:
Hello all,
My biggest problem is losing replicas and then trying to delete the
entries and rebuild them. Here is a perfect example, I simply can't get
rid of these (see below). I have tried (of
On 08/21/2015 07:17 PM, Benjamin Reed wrote:
I recently upgraded my CentOS7 machine to the latest el7.1 updates, and
had oomkiller trigger in the middle of yum upgrade.
I managed to recover by doing a number of things including restoring
dirsrv's data/config from backup and re-running
On 08/23/2015 07:04 PM, Ian Pilcher wrote:
Is it possible to add name- or port-based virtual servers to IPA's
Apache server (without interfering with any of the IPA functions)?
FreeIPA can play well with other stuff running on the same Apache as long as
you do not break it's Apache
On 08/20/2015 11:57 AM, Detlev Habicht wrote:
Hi all,
i am new using IPA and learning IPA i am also learning some
other things new for me.
Migrating our system to IPA i found some problems with private groups.
We don’t used it up to now.
Trying to disable this feature with
On 08/15/2015 07:05 PM, Natxo Asenjo wrote:
On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
sipazzo wrote:
and my users are able to authenticate to the directory but the hbac
rules are not being applied. Any user
On 08/07/2015 03:25 PM, Marcelo Roccasalva wrote:
Hi,
I need to migrate an ldap tree from openldap 2 (including qmail schema). Which
would be the shortest path?
I see there was no reply to the mail. I would suggest including more details
about what you are trying to achieve. FreeIPA does not
On 08/13/2015 05:11 PM, David Kupka wrote:
On 13/08/15 17:01, Marcelo Roccasalva wrote:
Hello,
I've installed freeIPA 4.1.0 under CentOS 7 and I need to restric
authentication to one or more time ranges but I failed to find such a
configuration...
TIA
Hello,
you're probably looking for
On 08/10/2015 10:05 PM, Burke Rosen wrote:
Hello,
I'm running two replicated freeIPA servers. One of them spontaneously failed.
After taking the misbehaving server down, the remaining replicant handled
everything fine. I restored the system to its original working state by
uninstalling
On 08/17/2015 01:15 PM, Ramy Allam wrote:
Hello,
I'm running ipa-server-4.1.0-18.el7.centos.4.x86_64 on a CentoOS 7 machine. And
need to setup ipa-4.1.0 on a CentOS *6* machine.
CentOS 6 repo has ipa-client-3 available. Where can i find v4 for CentOS 6
please ?
The reason i need to setup
On 08/04/2015 03:10 PM, Thomas Lau wrote:
Does anyone know how could I check if client enrolled or not?
trying to automate enrollment process by using generic tool since I am
using Ubuntu, only ipa-client-install available.
Hello Thomas,
I am not aware of some general API/CLI for that.
When this command failed for me, it usually was a problem with SSSD on the
master. The service was down, offline or simply something wrong was with it.
On the master, I would try:
$ id admin
$ ssh admin@localhost # (with password)
If that works, try manual
$ ssh admin@ipa.master.server # with
On 07/30/2015 05:28 PM, Orion Poplawski wrote:
On 07/28/2015 11:09 PM, Jan Cholasta wrote:
Dne 20.7.2015 v 19:52 Orion Poplawski napsal(a):
On 07/20/2015 12:57 AM, Jan Cholasta wrote:
Dne 15.7.2015 v 20:57 Orion Poplawski napsal(a):
On 07/14/2015 11:53 PM, Jan Cholasta wrote:
#
On 07/31/2015 10:10 AM, Natxo Asenjo wrote:
Hi,
Maybe just one more redirect if people come directly to https://freeipa.org?
Right, this is the last missing part. I did not implement it yet as I would
first need to set up some own redirecting machine that I could trust and upload
FreeIPA
wrote:
On Wed, Jul 29, 2015 at 04:32:42PM +0200, Martin Kosek wrote:
On 07/29/2015 03:22 PM, Dewangga Bachrul Alam wrote:
Hello!
I'm using FreeIPA 4.1.x on CentOS 7, Is there any delay after
applied some rules to specified user?
[root@ipa ~]# ipa sudorule-show Rule name: wheel Rule name:
Wheel
Hello Jorgen,
Given you ask on this list, I assume you are asking if this CVE is fixed in
FreeIPA DNS feature which utilizes BIND.
The answer is - it depends :-) As the bug itself is in BIND, it depends if
the patch made it for given downstream platform. As for Fedora and/or RHEL, I
checked with
On 07/29/2015 03:22 PM, Dewangga Bachrul Alam wrote:
Hello!
I'm using FreeIPA 4.1.x on CentOS 7, Is there any delay after applied
some rules to specified user?
[root@ipa ~]# ipa sudorule-show
Rule name: wheel
Rule name: Wheel
Enabled: TRUE
Host category: all
Command category:
On 07/10/2015 04:36 PM, Natxo Asenjo wrote:
hi,
earlier today I was reading a post about the new freeipa version on my mobile
device and got plenty of warnings about an invalid certificate. On a fedora
laptop no warnings, but this is the problem:
$ curl -LIv https://www.freeipa.org
* Rebuilt
On 07/14/2015 02:47 PM, Sina Owolabi wrote:
Hi
Please, I would really need some help in troubleshooting one of my
domain servers which I restarted the IPA services.
Its an CentOS 7.1 server running ipa-4.1.0
[root@dc01 ~]# ipactl start
Existing service file detected!
Assuming stale, cleaning
On 07/16/2015 06:58 PM, Bendl, Kurt wrote:
I'm planning our implementation of IdM/IPA, and I'm unclear about how I can
implement IPA's OTP for privileged access.
I need to be able to set up systems so:
* accounts can auth using traditional userid/password
* privileged access (sudo)
On 07/22/2015 03:52 PM, Andrew E. Bruno wrote:
On Wed, Jul 22, 2015 at 04:48:33PM +0300, Alexander Bokovoy wrote:
On Wed, 22 Jul 2015, Andrew E. Bruno wrote:
Apologies if this has been answered before but we're interested in
dnssec support in FreeIPA. Running Centos 7.1.1503, ipa-server
On 07/09/2015 11:09 AM, Rudolf Gabler wrote:
Hi,
we are dealing with a huge number of mail aliases which are not purely user
aliases but distribution-lists, actions on distribution-list and so on
(mailman).
There was a former sendmail.schema in fedora-ds (we are using fds 21 at the
moment),
On 07/08/2015 10:11 AM, ilaria cianci wrote:
Hi All,
I am a new user and I have a question about FreeIPA authentication methods.
Can FreeIPA select different auth methods (i.e. otp, password, etc) for the
same user based on the service he wants to access? I mean using this user
should use
On 07/09/2015 01:25 PM, Joseph, Matthew (EXP) wrote:
Hello,
We are currently in the process of replacing our IdM 3.x server with 4.x.
There are going to be some major directory changes during the upgrade so I need
to keep both the old and new IdM servers up and running separately.
This
On 07/10/2015 02:56 AM, Janelle wrote:
Hello,
I see 4.2 is released today with lots of cool new features. I think I
understand the new Vault, but am not familiar with KRA? Wondering if there
might be some information on what this is?
~Janelle
KRA (or DRM) is the Dogtag subsystem we use for
RHEL guide has
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-topology.html#repl-tools
Does that help?
On 07/07/2015 03:06 PM, John Stein wrote:
Thanks for the reply.
Maybe this should be added to
On 07/05/2015 01:08 AM, Matt . wrote:
Hi Guys,
I created a bug where no response is on yet for a week, so I thought
to ask the mailinglist if someone has seen this behaviour.
Hi Matt,
Sorry for the delay in the answer in Bugzilla, most of the team is now very
busy with FreeIPA 4.2
On 07/03/2015 05:45 PM, nat...@nathanpeters.com wrote:
I have been trying to create accounts in FreeIPA that have the same level
of permission as the built-in administrator account. Basically, I want to
do the equivalent of what you can do in Active Directory by adding someone
to the Domain
On 06/15/2015 02:19 PM, Henry Hofmann wrote:
Hi,
I have a question about using IPA (v.4) with an AD (2012) Trust.
Is it possible to login with a user from the Active Directory Domain to an
Web-Service (like redmine) which is configured to the IPA LDAP?
I have understand this by read this
On 06/12/2015 05:40 PM, James Benson wrote:
Hi all,
I'm trying to duplicate freeIPA on a local host but I keep on getting errors,
primarily a RuntimeError('CA did not start in %%ss' %timeout). Has anyone
tried
this before and succeeded or have suggestions?
Thanks
James
What do you mean
Hi List,
This is a problem that has surfaced after a reboot of this system in
particular. It is being really, really slow. In terms of hardware
usage issues, there are none. It is taking 3-5 minutes to list users
in the gui. Running commands like ipa-replica-manage list is taking
between
On 06/12/2015 01:30 AM, Christopher Young wrote:
I'm trying to develop a process in Ansible to enroll new hosts (as well as
check beforehand to see if the host is already enrolled). I was wondering a
couple of things:
#1. Has anyone else worked out a process for doing this using a non 'admin'
0m0.073s
user0m0.012s
sys 0m0.006s
time kinit
kinit: Cannot contact any KDC for realm 'FOO.ORG' while getting
initial credentials
real0m27.049s
user0m0.013s
sys 0m0.004s
^^^ has been something I have been seeing intermittently
On 6/12/15 12:11 AM, Martin Kosek wrote:
Hi List
, Záhony utca 7, Budapest, Hungary, H-1031
Cell: +36704258964
From: Martin Kosek mko...@redhat.com
To: Christopher Lamb christopher.l...@ch.ibm.com,
freeipa-users@redhat.com
Sent: Wednesday, June 10, 2015 9:22:03 AM
Subject: Re: [Freeipa-users] LDAP authentication for JIRA using FreeIPA
On 06/10/2015 03:18 PM, Tamas Papp wrote:
hi,
Currently there are CentOS 6.5 servers and IPA 3.0.
The goal is migrating users to CentOS 7.1 and IPA 4.1.
This is the command I use:
$ ipa migrate-ds ldap://ipa11 --user-container=cn=users,cn=accounts,dc=foo
On 06/10/2015 03:32 PM, Christopher Lamb wrote:
Hi Tamas
I think the general advice is to replicate rather than to migrate. I am
sure Martin K will jump in on this.
Yes :-)
However some weeks ago, when doing a very similar move to yours, we chose
to migrate (we were misled by some very
On 06/05/2015 03:16 PM, Sina Owolabi wrote:
Hi
Due to our subscriptions running out,
OT: time to renew! :-)
I'm forced to have to use
CentOS7 in our domain as IPA replica servers to join our existing
RHEL7 server.
Is this OK, or are there any issues I should be aware of?
Thanks in
JFTR, this is the respective section in the guide:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/prerequisites.html#prereq-ports
It should have those ports covered as well.
On 06/05/2015 11:49 PM, Janelle
On 06/05/2015 12:27 AM, nat...@nathanpeters.com wrote:
I am running FreeIPA 4.1.3 on CentOS7.
I am attempting to join a CentOS 6.5 client using ipa-client 3.0.0-42.
The client hostname is ipaclient.login.mydomain.net.
The FreeIPA domain is mydomain.net.
This post here :
#Cannot_authenticate_on_client
Cheers
Chris
From: Martin Kosek mko...@redhat.com
To: Christopher Lamb/Switzerland/IBM@IBMCH,
freeipa-users@redhat.com
Cc: Jakub Hrozek jhro...@redhat.com, Rob Crittenden
rcrit...@redhat.com
Date: 03.06.2015 10:39
Subject
On 06/04/2015 05:06 PM, Cory Carlton wrote:
I would check for DNS resolution from the machine executing the sudo, to
the IPA server.
I would also suggest cleaning SSSD caches, since you reinstalled against the
same domain, but actually different server (/var/lib/sss/db/)
On Thu, Jun 4, 2015
On 06/02/2015 10:10 PM, Chris Tobey wrote:
Hi everyone,
This is my first time posting here - please be gentle.
Ok :-)
I currently have ~40 CentOS 6.6 servers authenticating against my FreeIPA
server running on another CentOS 6.6 server.
(ipa-server-3.0.0-42.el6.centos.x86_64 and
, Martin, Alexander et al for their help and
suggestions so far.
Chris
Thanks for the background. The pain you are getting is exactly the reason why
migration via replication to RHEL-7.1 is a better choice :-) Please let us know
the result, I am curious how this works out.
From: Martin
On Wed, Jun 3, 2015 at 10:05 AM, bahan w bahanw042...@gmail.com wrote:
Hello Martin.
Unfortunately for me, I cannot migrate OS so I need to make it work with
RHEL 6.4. :-(
Best regards.
Le 3 juin 2015 09:39, Martin Kosek mko...@redhat.com a écrit :
On 06/02/2015 06:27 PM, bahan w wrote
On 06/02/2015 06:27 PM, bahan w wrote:
Hello !
I send you this mail because I have a problem linked with SSH and FreeIPA.
I have multiple servers :
- One with FreeIPA server 3.0.0-26
- The others with FreeIPA client 3.0.0-26
They are running on RHEL 6.4.
I configured a root user on
On 06/02/2015 06:15 PM, Christopher Lamb wrote:
Hi
Earlier today I setup 2 throwaway EL7.1 VMs to help narrow down the cause
of this problem. Let's call them HOST09 and HOST10
Both are mimimum installs of EL7.1, with NTPD installed and configured.
HOST09 had ipa-client 4.1 installed
On 05/29/2015 01:59 PM, s...@zy.io wrote:
Afternoon,
I'm currently attempting to set up an existing vsphere environment to use
freeipa 4.1.0 for authentication, following this guide:
http://www.freeipa.org/page/HowTo/vsphere5_integration
I've followed it all through, and for the purposes for
On 06/01/2015 07:50 PM, Tamas Papp wrote:
hi All,
I'm stuck:
$ kinit admin
Password for admin@CXCLIENTS:
kinit: Password incorrect while getting initial credentials
[root@ipa-clients1 ~]$ kinit admin
Password for admin@CXCLIENTS:
Password expired. You must change it now.
Enter new password:
On 06/02/2015 03:11 AM, Janelle wrote:
I have a duplicate user.
Same exact name, but different UID's. But there does not seem to be a way to do
ipa user-del on anything other than username, which ends up returning:
# ipa user-del another_username
ipa: ERROR: The search criteria was not
, Záhony utca 7, Budapest, Hungary, H-1031
Cell: +36704258964
---
*From: *Martin Kosek mko...@redhat.com
*To: *Tamas Papp tom...@martos.bme.hu, freeipa-users@redhat.com
*Sent: *Tuesday, June 2, 2015 9:54:43 AM
*Subject: *Re
On 06/02/2015 11:42 AM, Tamas Papp wrote:
On 06/02/2015 10:35 AM, Martin Kosek wrote:
You would need to do the modifications as Directory Manager or other user in
adminsgroup.
To resolve this, you would need manually fix admin entry attribute
krbPasswordExpiration to some future date
Kosek wrote:
On 05/27/2015 10:08 AM, Alexander Bokovoy wrote:
On Wed, 27 May 2015, Martin Kosek wrote:
On 05/26/2015 07:36 PM, Carlos Raúl Laguna wrote:
Hello Martin,
The email
On 05/29/2015 01:27 AM, David Lin wrote:
Hi,
When I try to add multiple hosts, on the web UI, when I go to the host tab, I
get
Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key
database is in an old, unsupported format.
What does this mean?
That's strange. CCIng
On 05/29/2015 07:48 AM, Christoph Kaminski wrote:
Hi
I have had a defect entries in ldap for a replica and deleted them. But now the
dirsrv keytab (/etc/dirsrv/ds.keytab) doesnt work anymore (revoked). The
replica starts but it cant connect other replicas (but other replicas can
connect to it).
On 05/28/2015 11:00 PM, Timothy Worman wrote:
On May 28, 2015, at 12:26 PM, Martin Kosek mko...@redhat.com wrote:
On 05/28/2015 07:10 PM, Timothy Worman wrote:
On Mar 26, 2015, at 3:08 PM, Dmitri Pal d...@redhat.com wrote:
On 03/26/2015 03:19 PM, Timothy Worman wrote:
On Mar 26, 2015, at 11
On 05/28/2015 07:10 PM, Timothy Worman wrote:
On Mar 26, 2015, at 3:08 PM, Dmitri Pal d...@redhat.com wrote:
On 03/26/2015 03:19 PM, Timothy Worman wrote:
On Mar 26, 2015, at 11:42 AM, Martin Kosek mko...@redhat.com wrote:
On 03/26/2015 07:37 PM, Timothy Worman wrote:
Thanks everyone
On 05/28/2015 11:47 AM, David Lin wrote:
Hi,
I am try to migrate from openldap to freeipa. Everything seems to be working
except the password. I understand that when migrating from openldap, the
hashed
form the the passwords are migrated, but a Kerberos hash is not generated
until
the
On 05/27/2015 10:08 AM, Alexander Bokovoy wrote:
On Wed, 27 May 2015, Martin Kosek wrote:
On 05/26/2015 07:36 PM, Carlos Raúl Laguna wrote:
Hello Martin,
The email deployment it is a groupware in this scenario Kolab, kolab use
389 ad as main backend and it require some kolab ldap specific
On 05/27/2015 04:14 AM, Thomas Lau wrote:
Hi All,
I was reading this page but seems very confusing:
https://www.freeipa.org/page/V3/Backup_and_Restore#Data_Backup_.26_Restore_Process_.28online.29
We also have this:
https://www.freeipa.org/page/Backup_and_Restore
ipa-backup and ipa-restore
Ok. If you upgrade to CentOS 7.1/FreeIPA 4.1+, you will have the command
available.
On 05/27/2015 12:16 PM, Thomas Lau wrote:
CentOS Linux release 7.0.1406 (Core) - this is the version we are using
now.
On Wed, May 27, 2015 at 5:54 PM, Martin Kosek mko...@redhat.com wrote:
On 05/27/2015
On 05/27/2015 08:04 AM, Lukas Slebodnik wrote:
On (25/05/15 10:00), Bob Hinton wrote:
Hi Martin,
Yes. This fixes the problem on a newly recreated ipamaster - it didn't
work on the one I'd been playing around with.
So the complete rebuild sequence was...
1) On old ipamaster VM ipa004 (did
On 05/26/2015 07:36 PM, Carlos Raúl Laguna wrote:
Hello Martin,
The email deployment it is a groupware in this scenario Kolab, kolab use
389 ad as main backend and it require some kolab ldap specific attribute to
work properly, this is not a problem in fact is quite easy to use freeipa
as
On 05/25/2015 05:46 PM, Sina Owolabi wrote:
Hi!
Please how do I restore data to a freshly reinstalled IPA server from
an existing CA-less replica that has had replication agreements
removed?
By restore, you mean actually migrate? We have a pending RFE for this:
On 05/25/2015 04:27 PM, Striker Leggette wrote:
Is it possible to restore deleted RBAC rules that were deleted from
Permissions and Privileges?
Hello Striker,
Only if you did a data backup. I do not know about other way...
More information and ideas about Backup and Restore in FreeIPA:
On 05/26/2015 12:21 AM, Carlos Raúl Laguna wrote:
Any ideas how to overcome this? Winsync may be a better approach for us instead
of cross-trust.Regards
2015-05-25 13:06 GMT-04:00 Carlos Raúl Laguna carlosla1...@gmail.com
mailto:carlosla1...@gmail.com:
How i can use a single backend for a
On 05/26/2015 12:20 AM, Janelle wrote:
On 5/24/15 3:12 AM, Janelle wrote:
And just like that, my haunted servers have all returned.
I am going to just put a gun to my head and be done with it. :-(
Why do things run perfectly and then suddenly ???
Logs show little to nothing, mostly because the
On 05/23/2015 10:21 PM, Janelle wrote:
I have a question regarding passwords.
It seems IPA does a very nice job of generating random passwords.
Thanks!
Is there a
way to use that feature without actually setting it on a user? Something akin
to pwgen?
Thank you
~Janelle
There is no
On 05/25/2015 12:45 AM, Bill Graboyes wrote:
Hi List,
I have been digging around on this system that hung for the past hour or two
trying to figure out why dirserv seemed to be hung. It was not using
resources, nor was there any information in any of the log files (dirserv,
sssd, etc), it
On 05/23/2015 01:51 PM, Bob Hinton wrote:
Hello,
I've been trying to rebuild an ipamaster by using ipa-backup, destroying
and recreating the ipamaster VM then using ipa-restore on the rebuilt
master.
Most functions of the newly built master work. Logging-in via ssh with
keys works but
start sssd
Many thanks
Bob
On 25/05/2015 07:10, Martin Kosek wrote:
On 05/23/2015 01:51 PM, Bob Hinton wrote:
Hello,
I've been trying to rebuild an ipamaster by using ipa-backup, destroying
and recreating the ipamaster VM then using ipa-restore on the rebuilt
master.
Most functions
On 05/20/2015 11:54 AM, Dewangga Bachrul Alam wrote:
Hello!
I've tried to setup my IPA server to work on multiple domain env, for
the example, I have 20 instance/servers using mydomain.co.id then I have
another 10 instance/servers using mydomain.com, I want to manage both of
them on same
On 05/20/2015 12:38 PM, Dewangga Bachrul Alam wrote:
Hello!
On 05/20/2015 05:30 PM, Martin Kosek wrote:
On 05/20/2015 11:54 AM, Dewangga Bachrul Alam wrote:
Hello!
I've tried to setup my IPA server to work on multiple domain env, for
the example, I have 20 instance/servers using
On 05/20/2015 12:56 PM, Dewangga Bachrul Alam wrote:
Thanks Martin,
Better I leave the configuration as is :D
So, If I want to add another domain, I just add and point them to master
IPA Server, right?
Right, after FreeIPA 3.2 (https://fedorahosted.org/freeipa/ticket/3544),
dnszone-add
On 05/20/2015 04:01 PM, Boyce, George Robert. (GSFC-762.0)[NICS] wrote:
This worked for me:
$ ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=cm
(|(uid=admin)(name=admin)) dn
SASL/GSSAPI authentication started
SASL username: ad...@example.com
SASL SSF: 56
SASL data
?
No, I do not see a problem with this setup. Clients will just simply use the
capabilities they can do. We still tend to backport client features to
RHEL-6.x, so it keeps getting the selected functionality (server does not).
On 05/19/2015 08:14 PM, Martin Kosek wrote:
On 05/19/2015 10:53 AM
On 05/19/2015 12:34 PM, marcin kowalski wrote:
Hi, all. I am trying to integrate certmonger with dogtag instance, and so
far i've stumbled on one odd problem. Hopefully this is the right list.
I've generated some random cert with getcert request, it has communicated
with dogtag, and i
servers.
Most directions are specific here
http://www.freeipa.org/page/Troubleshooting
We need to know first what specific error you are dealing with right now, to
point you to right direction.
Martin
On Mon, May 18, 2015 at 10:15 AM, Martin Kosek mko...@redhat.com wrote:
On 05/16/2015 12:19 PM
On 05/18/2015 04:50 PM, Andy Thompson wrote:
-Original Message-
From: Lukas Slebodnik [mailto:lsleb...@redhat.com]
Sent: Monday, May 18, 2015 10:33 AM
To: Andy Thompson
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] trusted user groups
On (18/05/15 13:55), Andy Thompson
.
Martin
On May 18, 2015, at 4:10 PM, Martin Kosek mko...@redhat.com wrote:
On 05/15/2015 01:33 PM, Brian Topping wrote:
In the (apparently) first message to the list in 2014,
https://www.redhat.com/archives/freeipa-users/2014-January/msg0.html
https://www.redhat.com/archives/freeipa
On 05/19/2015 03:23 AM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the product was more
stable, it is so much potential and yet.
Servers running for 6 days no issues. No new accounts or changes (maybe a few
users changing passwords) and again, 5 out of 16 servers
On 05/19/2015 04:04 AM, Dewangga Bachrul Alam wrote:
Hello!
I'm trying to reinstall ipa client, but have a problem with old/existing
ca.crt in `/etc/ipa/ca.crt`. Should I remove it manually? Since the IPA
server still on development and always reinstalled, I need to reproduce
any possible
On 05/16/2015 12:19 PM, Sina Owolabi wrote:
Please help me. I am in dire straits, this is the linchpin of our
network and we are suffering.
I am sorry for delay in answering, but not many people here show up on the
weekend. Comments below.
On Sat, May 16, 2015 at 6:00 AM, Sina Owolabi
On 05/15/2015 01:33 PM, Brian Topping wrote:
In the (apparently) first message to the list in 2014,
https://www.redhat.com/archives/freeipa-users/2014-January/msg0.html
https://www.redhat.com/archives/freeipa-users/2014-January/msg0.html
addressed questions about securing IPA and I
On 05/18/2015 01:49 AM, Janelle wrote:
On 4/28/15 6:44 AM, Nathaniel McCallum wrote:
On Fri, 2015-04-17 at 20:21 -0700, Janelle wrote:
On 4/17/15 5:59 PM, Dmitri Pal wrote:
On 04/17/2015 08:07 PM, Janelle wrote:
On Apr 17, 2015, at 16:36, Dmitri Pal d...@redhat.com wrote:
snip for
On 04/27/2015 04:15 PM, Simo Sorce wrote:
On Mon, 2015-04-27 at 12:51 +0200, Martin Kosek wrote:
On 04/26/2015 08:23 AM, Alexander Bokovoy wrote:
- Original Message -
Hi Rob and Dimitri
Migrating via Replica is the obvious way that I would have gone, had the
FreeIPA /RedHat
On 05/15/2015 09:22 AM, Fraser Tweedale wrote:
On Fri, May 15, 2015 at 07:59:27AM +0200, Jan Cholasta wrote:
Hi,
Dne 5.5.2015 v 10:43 Martin Kosek napsal(a):
On 05/04/2015 01:19 PM, Harald Dunkel wrote:
Hi folks,
Instead of a self-signed certificate I would like to use an external
CA
On 05/14/2015 04:58 AM, nat...@nathanpeters.com wrote:
I have tried to setup synchronization between a FreeIPA domain and an AD
domain. The certificates are in the right place.
[root@ipadc1 ~]# ipa-replica-manage connect --winsync --binddn cn=sync
On 05/12/2015 10:48 PM, Gould, Joshua wrote:
Hopefully I¹m missing something simple.
For an IPA user:
$ ldapsearch -x ³((uid=ipa_user)(objectclass=posixAccount))² -b
dc=ipa,dc=example,dc=com
This returns a match.
For an AD user:
$ ldapsearch -x
On 05/11/2015 05:14 PM, Thibaut Pouzet wrote:
Hi !
I am running into a weird problem with my IPA Server, and the
certificates management. My setup is :
CentOS 6.6
pki-ca-9.0.3-38.el6_6.noarch
ipa-server-3.0.0-42.el6.centos.x86_64
Linux ipa_server 2.6.32-504.16.2.el6.x86_64 #1 SMP Wed Apr
On 05/06/2015 08:24 AM, Kamal Perera wrote:
Dear All,
How is the revocation of issuing CA certificates are handled? We are using
OCSP responders for revocation checking of certificates issued by the
Issuing CAs. So do we have to setup another OCSP or CRL distribution point
to let the
On 05/05/2015 04:49 PM, Mark Reynolds wrote:
On 05/05/2015 07:49 AM, Ludwig Krispenz wrote:
On 05/05/2015 01:27 PM, Martin Kosek wrote:
On 05/05/2015 12:38 PM, Vaclav Adamec wrote:
Hi,
I tried migrate to newest version IPA, but result is quite unstable and
removing old replicas ends
On 05/06/2015 07:48 AM, Christoph Kaminski wrote:
Hi
we have some undefinably problems here with IPA inside a VM (rhev/kvm). We
has often zombie processes (defunct) with certmonger and dirsrv and
segfaults (dmesg)... We have 8 IPA servers, 4 Hardware and 4 VM's with
same Install
201 - 300 of 867 matches
Mail list logo