On 05/05/2015 12:38 PM, Vaclav Adamec wrote:
Hi,
I tried migrate to newest version IPA, but result is quite unstable and
removing old replicas ends with RUV which cannot be decoded (it stucked in
queue forever):
ipa-replica-manage del ipa-master-dmz002.test.com -fc
Cleaning a master is
On 05/02/2015 05:03 PM, Alexander Bokovoy wrote:
- Original Message -
Do we have any plans to implement in future?
Yes, once we get everything ready for fully working AD trusts support
(i.e. IPA users being able to login to Windows machines). The reason for that
is because we will
On 05/04/2015 01:19 PM, Harald Dunkel wrote:
Hi folks,
Instead of a self-signed certificate I would like to use an external
CA to sign freeipa's CSR (ipa-server-install --external-ca).
Question:
Is pathlen:0, e.g.
basicConstraints=critical,CA:TRUE, pathlen:0
sufficient for
On 05/05/2015 03:37 AM, Megan . wrote:
Good Evening!
I'm running 3.0.0-42 on Centos 6.6.
I setup a number of sudo commands today with regular expressions and
now users seem to be having issues running any sudo command. Are
there any known issues with having regex in sudo commands within
On 04/30/2015 05:30 AM, Janelle wrote:
Hi all,
Just wondering if anyone has put together a guide for integrating PWM with
IPA?
I know there is a section on 389-ds, but that is kind of raw-389 and not the
highly modified-for-IPA 389-ds. I would like to set this up for my users, but
really
On 04/30/2015 02:56 PM, Aric Wilisch wrote:
Is there a trick to getting a users SSH key that’s attached to their FreeIPA
account to work on RHEL 5 servers? users can ssh into the RHEL 6 clients with
no issues but they still get prompted for their passwords on the RHEL 5
server, so it’s not
On 04/29/2015 12:57 PM, Andy Thompson wrote:
In the environment I'm working on currently we have a single trusted AD
domain and will never have any additional domain trusts in place. Is there
a way to allow users to login without using @ad_domain in their username?
We use DB2 in the
On 04/28/2015 11:53 PM, Dmitri Pal wrote:
On 04/28/2015 05:39 PM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 04/28/2015 05:11 PM, Christopher Lamb wrote:
HI All
I have just tested with the FreeIPA Web UI public demo
https://ipa.demo1.freeipa.org/ipa/ui/
Using the public demo, when I log
On 04/29/2015 01:26 PM, Andy Thompson wrote:
I'm trying to delete an IPA account and I get a generic operations error
when trying to remove it. It looks like something is messed up with the
group object. The user doesn't show up in the ipausers group and there also
isn't a group object
On 04/29/2015 06:31 PM, Christopher Lamb wrote:
Hi all
@Craig, and using the WebUI for that purpose is much more user friendly
then doing the same via a ssh terminal session.
@Simo, as requested I have opened a ticket on this issue
https://fedorahosted.org/freeipa/ticket/5010
As this my first
On 04/27/2015 06:09 PM, Christopher Lamb wrote:
Hi All
I may have found a possible cause of our instance of the Your session has
expired Web UI error on our new FreeIPA 4.1.0 Server
By chance I checked the date on the server hosting FreeIPA 4.1.0. To my
surprise, despite running ntpd
On 04/26/2015 08:23 AM, Alexander Bokovoy wrote:
- Original Message -
Hi Rob and Dimitri
Migrating via Replica is the obvious way that I would have gone, had the
FreeIPA /RedHat documentation not suggested the replicas must have the same
version.
I think the link that put me
On 04/22/2015 04:57 PM, Jesse Johnson wrote:
ALL,
I'm attempting to complete a replica install and the system is bombing out on
the gssapi portion of the SSH key configuration. I can ssh and selinux is
permissive.
You mean right before beginning of the installation in the connection
On 04/21/2015 01:26 AM, Janelle wrote:
Hello,
When I was working with OpenLDAP, and AD - and did not deal with RUVs the
way
I am with 389-ds and IPA.
I am trying to understand what is normal for values. If I am looking at this
(and seem to have no replication problems):
On 04/14/2015 03:51 AM, Brian Topping wrote:
On Apr 13, 2015, at 1:33 PM, Martin Kosek mko...@redhat.com wrote:
On 04/12/2015 05:27 AM, Brian Topping wrote:
Hi all, trying to figure out if I may have contaminated my ACIs in the
process of upgrading my replicated deployment. I didn't
You do not need to uninstall the 4 server, you just need to install the CA
component on it:
# ipa-ca-install /path/to/replica.file
... and make it CRL/renewal master. See step 8 and later in
/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/users.html#home-directories
not the Synology DSM5 specific information/HOWTO - members of this list will
have more experience in that.
I'm happy to proof read as well
On 14 Apr 2015, at 09:55, Martin Kosek mko
On 04/11/2015 11:34 AM, Christoph Kaminski wrote:
Hi All
with the cmd:
ipa-replica-manage -v list myipaserver
I can see the status of the replication... But I dont understand the field
'last update ended'. What shows the field? The last SUCCESSFULLY update?
The last TRY to update?
On 04/11/2015 09:51 PM, Traiano Welcome wrote:
Hi
I got this error while installing an IPA replica of my primary master
IDM server:
.LDAPUpdate: ERRORAdd failure missing required attribute objectclass
Replica add command:
ipa-replica-install --setup-ca --setup-dns
On 04/07/2015 11:29 PM, Dmitri Pal wrote:
On 04/07/2015 03:04 PM, Natxo Asenjo wrote:
hi,
On Fri, Apr 3, 2015 at 4:41 PM, Dmitri Pal d...@redhat.com
mailto:d...@redhat.com wrote:
On 04/03/2015 09:46 AM, Brian Topping wrote:
On Apr 3, 2015, at 6:48 AM, Tamas Papptom...@martos.bme.hu
On 04/08/2015 01:40 PM, Alexander Frolushkin wrote:
-Original Message-
From: Jakub Hrozek [mailto:jhro...@redhat.com]
Sent: Wednesday, April 08, 2015 5:12 PM
To: Alexander Frolushkin (SIB)
Cc: 'Martin Kosek'; freeipa-users@redhat.com; Ludwig Krispenz; Thierry Bordaz
Subject: Re
On 04/08/2015 12:12 PM, Alexander Frolushkin wrote:
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Wednesday, April 08, 2015 4:04 PM
To: Alexander Frolushkin (SIB); freeipa-users@redhat.com; Ludwig Krispenz;
Thierry Bordaz
Subject: Re: [Freeipa-users
On 04/08/2015 11:52 AM, Alexander Frolushkin wrote:
Hello!
We used have a geo-replicated IPA with RHEL 7.0, and on one site ipa servers
was upgraded by mistake to RHEL 7.1 (ipa-server-4.1.0-18.el7_1.3.x86_64).
Now it is broken globally, in logs I see these:
[08/Apr/2015:13:06:47 +0600]
On 04/08/2015 07:57 AM, Markus Roth wrote:
Endi Sukma Dewata edew...@redhat.com hat am 1. April 2015 um 23:56
geschrieben:
On 4/1/2015 4:29 PM, Markus Roth wrote:
Am Mittwoch, 1. April 2015, 16:04:54 schrieben Sie:
On 4/1/2015 11:56 AM, Endi Sukma Dewata wrote:
On 03/31/2015 01:54 PM,
On 04/09/2015 05:59 AM, Alexander Frolushkin wrote:
-Original Message-
From: thierry bordaz [mailto:tbor...@redhat.com]
Sent: Wednesday, April 08, 2015 6:36 PM
To: Alexander Frolushkin (SIB)
Cc: 'Ludwig Krispenz'; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users
On 04/03/2015 03:36 PM, Brian Topping wrote:
On Apr 3, 2015, at 6:17 AM, Dmitri Pal d...@redhat.com wrote:
On 04/03/2015 01:51 AM, Brian Topping wrote:
Great work on 4.1.0! As a CentOS user, I am able to convey the 3.x -
4.1.0 upgrade went smoothly via the CentOS 7.0 - 7.1 upgrade on my
On 04/03/2015 11:39 AM, James James wrote:
Hello,
I want to initialize a new replica with an external CA. My Certificate
Authority wants a CSR with the field emailAddress in the subject like :
/C=FR/O=TESTO/OU=TESTOU/CN=*.example.com/emailAddress=n...@none.com
I am not a bit confused. Do
On 04/03/2015 04:45 PM, Tamas Papp wrote:
On 04/03/2015 03:46 PM, Brian Topping wrote:
On Apr 3, 2015, at 6:48 AM, Tamas Papp tom...@martos.bme.hu wrote:
hi All,
I have CentOS 6.6 server and want to upgrade to 7.1.
What is the upgrade path, can I do it directly or first I need to make
On 04/03/2015 08:25 PM, Dmitri Pal wrote:
On 04/03/2015 02:03 PM, James James wrote:
Hi everybody, sorry to repost my original question but this time my problem
is better described.
I want to install a ipa sever on centos 6 with an external ca. My problem is
to add emailAddress in the
On 04/05/2015 08:03 PM, Dmitri Pal wrote:
On 04/05/2015 12:51 PM, Janelle wrote:
Hello,
Trying to find a way on a multi-homed server to force IPA and its related
apps to listen on a specific interface. I can find all kinds of info saying
the services listen on all interfaces by default so
/CA_certificate_renewal
(Although I am still not sure about your use case and if this would help you)
2015-04-07 12:51 GMT+02:00 Martin Kosek mko...@redhat.com:
On 04/03/2015 11:39 AM, James James wrote:
Hello,
I want to initialize a new replica with an external CA. My Certificate
Authority
))
If it is not possible to add emailAddress in the subject, is it possible to
migrate my ipa-master CA system from an external CA to a CA-less or
self-signed CA ?
It is, with ipa-cacert-manage - see links below.
Thanks.
2015-04-07 13:48 GMT+02:00 Martin Kosek mko...@redhat.com:
On 04/07/2015 01:44 PM
On 03/31/2015 04:50 PM, Janelle wrote:
On 3/31/15 6:49 AM, Dmitri Pal wrote:
On 03/31/2015 09:38 AM, Janelle wrote:
Hello again,
Is this a feature or a bug?
Migration mode - works fine the first time. However, if you need to run it a
second time because someone added either new users
On 03/31/2015 07:58 PM, Dmitri Pal wrote:
On 03/31/2015 01:54 PM, Markus Roth wrote:
Hi all,
I want setup freeipa 4.1.3 on a fresh installed fedora 21.
The ipa-server-install shows the following output:
configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
On 04/01/2015 07:09 AM, Prashant Bapat wrote:
Hi ,
Is there a way of making the nsAccountLock attribute (User enable/disable)
to be anonymously readable ?
I'm trying to implement a SSH key lookup sshd authorized key command
script. Based on this attribute the user will be allowed to
Hmm, really? The port 8443 is already checked in FreeIPA 4.0.4 or later, based
on this ticket:
https://fedorahosted.org/freeipa/ticket/4564
If your installation crashed because port 8443 was occupied, the fix 4564 is
either incomplete or non-functional and we should fix it.
On 04/01/2015 01:38
On 04/01/2015 06:52 PM, Janelle wrote:
On 4/1/15 9:32 AM, Ben .T.George wrote:
Hi
I have re-installed verything from RHEL 7.1 DVD and current ipa version is 4.0.1
everything is working including AD trust.
but my web interface always giving Your session has expired. Please re-login.
i faced
On 04/01/2015 07:46 PM, Ben .T.George wrote:
everything is default.
but now the issue solved after many restart,kinit ipactl restart
don't still don't know how it got fixed
We collected all known potential issues that can have this behavior on this
page:
On 03/30/2015 04:23 AM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 03/29/2015 06:35 AM, Peter Fern wrote:
On 29/03/15 05:46, Rob Crittenden wrote:
Should be back up now.
rob
Appears to be dead again.
It is in fact down again.
The quote is exceeded in the openshift gear. I cleaned up
that you would like to share?
Any feedback is highly welcome! Thanks for help.
--
Martin Kosek mko...@redhat.com
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa
You are doing it correctly. However, the DNS SubjectAltName only works with
FreeIPA 4.0+. The CA profile before this version does not allow them.
This is the upstream ticket:
https://fedorahosted.org/freeipa/ticket/3977
On 03/26/2015 07:09 PM, Steve Neuharth wrote:
I'm trying to specify a
On 03/27/2015 06:23 AM, Janelle wrote:
Hi again,
I can't seem to find it. Is there a way to create a new user with a
non-expired
PW?
No clean way, by design. You can check our reasoning on this page:
https://www.freeipa.org/page/New_Passwords_Expired
There is a way (setting some DN as
On 03/27/2015 01:52 PM, Janelle wrote:
Hi all,
Found an odd issue and a question. If you change user pw with ipa user-mod
-password and the client is configured for LDAP, then the user is not forced
to change the pw on initial login.
This is something we would like to fix eventually,
. At that point I'll start a new thread.
Ok :-)
Martin
thx
anthony
On Thu, Mar 26, 2015 at 9:31 AM, Martin Kosek mko...@redhat.com wrote:
I am not sure what you mean. So are you saying that kinit USER done on
server
fails? With what error?
On 03/26/2015 05:28 PM, Anthony Lanni wrote
into a client machine
without a password. Going the other way works fine, however.
thx
anthony
On Thu, Mar 26, 2015 at 7:14 AM, Martin Kosek mko...@redhat.com wrote:
Ok, thanks for reaching back. BTW, next RHEL-6 minor release should have
the
keyutils dependency fixed anyway :-)
Martin
, just note that this still means LDAP interface a need to talk in LDAP
protocol.
Tim
On Mar 24, 2015, at 12:58 AM, Martin Kosek mko...@redhat.com wrote:
On 03/24/2015 01:29 AM, Dmitri Pal wrote:
On 03/23/2015 05:56 PM, Timothy Worman wrote:
I have an existing web app built with java/WebObjects
-install again, and this
time it completed without error.
Thanks very much, Martin and Dmitri!
thx
anthony
On Wed, Mar 25, 2015 at 5:34 AM, Martin Kosek mko...@redhat.com wrote:
On 03/25/2015 04:11 AM, Dmitri Pal wrote:
On 03/24/2015 09:17 PM, Anthony Lanni wrote:
While running ipa-server
On 03/25/2015 04:11 AM, Dmitri Pal wrote:
On 03/24/2015 09:17 PM, Anthony Lanni wrote:
While running ipa-server-install, it's failing out at the end with an error
regarding the client install on the server. This happens regardless of how I
input the options, but here's the latest command:
yks0...@gmail.com | Web: www.initd.in
http://www.initd.in*
RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] http://in.linkedin.com/in/yks
On Wed, Mar 25, 2015 at 6:10 PM, Martin Kosek mko...@redhat.com wrote:
On 03/25/2015 07:46 AM, Yogesh Sharma wrote:
Hi,
We
] http://in.linkedin.com/in/yks
On Wed, Mar 25, 2015 at 6:43 PM, Martin Kosek mko...@redhat.com wrote:
Ah, may be. This is an issue we fixed in FreeIPA 4.0.2. Upstream ticket:
https://fedorahosted.org/freeipa/ticket/
Please let us know if the DNS update fixed the error.
Martin
On 03/25/2015 02:03 PM, Rob Crittenden wrote:
Steve (st33v) Neuharth wrote:
Hello,
I hope this is an easy question to answer and forgive me if it has been
answered before. I’ve read through the documentation on how to request an
ssl cert and I cannot seem to find a process to request a
Good ones. Also Ccing PetrS and MartinB, who were directly involved in these
features and original thread, for reference
On 03/25/2015 11:46 AM, John Obaterspok wrote:
Hi Jan,
See:
https://www.redhat.com/archives/freeipa-users/2015-February/msg00131.html
On 03/25/2015 07:46 AM, Yogesh Sharma wrote:
Hi,
We are getting below error while we are installing IPA Server
(ipa-server-install --no-ntp).
**
*Configuration of client side components failed!*
*ipa-client-install returned: Command '/usr/sbin/ipa-client-install
--on-master
On 03/24/2015 03:18 PM, thierry bordaz wrote:
Hello,
Sorry for the late answer.
Those entries are named RUV.
host25.x1.net RUV contains
nscpentrywsi: nsds50ruv: {replicageneration} 550feb150060
nscpentrywsi: nsds50ruv: {replica 96 ldap://host25.x1.net:389}
On 03/24/2015 01:29 AM, Dmitri Pal wrote:
On 03/23/2015 05:56 PM, Timothy Worman wrote:
I have an existing web app built with java/WebObjects that currently handles
some user/groups tasks with our current directory server (Open Directory). We
are investigating a move to FreeIPA for our
This may mean that Dogtag is not up. Can you please check with ipactl status
that it (pki-ca) is up and running and that there are no related SELinux AVCs?
On 03/23/2015 04:52 AM, Michael Pawlak wrote:
Does anybody have any thoughts on this?
*Michael Pawlak*
Web Systems Administrator |
On 03/23/2015 10:19 AM, Prashant Bapat wrote:
Hi,
I'm trying to add a custom attribute to user object. Below is the ldif i'm
using.
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (2.16.840.1.113730.3.8.11.31.1 NAME 'ipaSshSigTimestamp'
DESC 'SSH public key
On 03/23/2015 04:07 AM, Janelle wrote:
Hello
Starting to see a lot of these and wondering what I am dealign with?
attrlist_replace - attr_replace (nsslapd-referral,
ldap://ipa1.example.com:389/o%3Dipaca) failed.
Hm, I do not met this error yet. This looks like error from 389-ds-base, it
On 03/20/2015 09:59 PM, McEvoy, James wrote:
Hi FreeIPA Users:
I can only get my new Fedora 21 freeipa to server to setup a trust with
Active Directory if I turn off the firewall on the ipa server. I have
looked through all the doc on which ports to open but have had no luck
getting
:
Martin,
Thanks!
Let me double check.
Yes I was referring to the exact same pdf.
Regards.
--Prashant
On 23 March 2015 at 16:49, Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com wrote:
On 03/23/2015 10:19 AM, Prashant Bapat wrote:
Hi
On 03/19/2015 02:36 PM, Rob Crittenden wrote:
Giedrius Tuminauskas wrote:
Hi,
I am curious, Is there a possibility to add email address for the
admin user in the IPA web UI?
In my current configuration admin user is a Linux system user and also
used by IPA.
I think there should be
Looks like a bug, yes. I am just not sure whether in missing Saltstack SELinux
module or the actual SELinux policy. You can try filing a bug to SELinux policy.
Looking at SaltStack Troubleshooting guide, would switching to rpm_script_t
help?
Joshua or Erinn, can either of you please help us improve the docs and file a
bug for the Windows integration guide, about the section you are concerned with?
This is a direct link:
On 03/17/2015 04:27 PM, Benjamin Reed wrote:
On 3/17/15 7:33 AM, Martin Kosek wrote:
# ipa config-mod --enable-migration=true
# echo Secret123 | ipa migrate-ds --bind-dn=cn=Directory Manager
--user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts
--group-objectclass
On 03/17/2015 05:16 PM, Benjamin Reed wrote:
On 3/17/15 12:09 PM, Martin Kosek wrote:
I would still wished we fixed the original root cause why replication was
failing for you - as this is the obviously expected way of upgrading to
RHEL/CentOS 7.1 from RHEL-6 environment and I think/hope
On 03/17/2015 11:14 AM, Andreas Skarmutsos Lindh wrote:
Quick update: I think that I have solved it, by just deleting the entries
holding nsuniqueid additional string. I went forward using a gui
application for browsing LDAP structures.
I guess a script for tackling this issue in a slightly
On 03/17/2015 04:35 PM, Janelle wrote:
Hello,
I have a server - a master (has CA) - and it does not want to restart after it
has been running sometime. pki-tomcatd keeps failing. It starts up with these
errors, then adds a lot more. Maybe this might point you to something that is
know or a
On 03/15/2015 09:31 AM, Ben .T.George wrote:
HI
i am using free ipa 4.1.2 on centos 7.
from root user, i can able to switch to IPA user : su ben
but from any other user if i try that, it's asking for password. if i gave
the correct passord also, its not accepting .This is what i am
I think you should now check dirsrv errors logs on both server and the replica.
It should have more info what went wrong with starting the replication.
Please also check
# systemctl status dirsrv@YOUR-REALM.service
to check there are no SASL buffer related error messages.
On 03/10/2015 12:58
On 03/10/2015 03:06 PM, Alexander Bokovoy wrote:
On Tue, 10 Mar 2015, Benjamin Reed wrote:
On 3/10/15 9:31 AM, Alexander Bokovoy wrote:
Are you following these instructions?
On 03/11/2015 06:46 PM, Dmitri Pal wrote:
On 03/11/2015 01:13 PM, Andrew Holway wrote:
Hi,
We have a mix of Centos 6 and Centos 7 machines which we would like to manage
with FreeIPA.
I remember that setting up freeipa on Centos 6 can be a bit tricky although I
found this method which
On 03/12/2015 07:24 PM, Erinn Looney-Triggs wrote:
On 03/12/2015 02:10 AM, Jan Cholasta wrote:
Dne 12.3.2015 v 08:25 Martin Kosek napsal(a):
On 03/11/2015 09:05 PM, Dmitri Pal wrote:
On 03/11/2015 03:15 PM, Erinn Looney-Triggs wrote:
...
Third, there appears to be a behavior change from
On 03/12/2015 12:17 AM, Dmitri Pal wrote:
On 03/11/2015 04:37 PM, Steven Jones wrote:
==
[root@vuwunicoipam004 ipa-certs]# ipa-replica-install --setup-dns
--forwarder=10.100.32.31 -U replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg
--skip-conncheck
Checking forwarders, please wait ...
On 03/11/2015 06:33 PM, Gould, Joshua wrote:
We’re trying to setup RHEL7 with the latest updates. Our ipa-server shows
ipa-server-4.1.0-18.el7.x86_64.
On 3/11/15, 12:39 PM, Dmitri Pal d...@redhat.com wrote:
On 03/11/2015 11:13 AM, Gould, Joshua wrote:
We¹re trying to setup IPA with it acting
this issue.
the issue has been solved by kdestroy and re-initiate the ticket.
after that restarted ipa service, it got worked
Regards,
ben
On Mon, Mar 9, 2015 at 10:57 AM, Martin Kosek mko...@redhat.com wrote:
Thanks for all the data. So it looks like your browser properly forward
Thanks for all the data. So it looks like your browser properly forward the
session cookie, but it is not recognized on the server even though it was
stored before.
Especially these lines are strange:
[Sun Mar 08 13:16:29.909637 2015] [:error] [pid 3004] ipa: DEBUG: store
session:
On 03/06/2015 09:34 AM, Andrew Holway wrote:
Hi,
Were using rabbitmq to shunt bits of data around various systems to provide
better security we would like all of our acmq connections to be authenticated
and encrypted.
I'm looking for appropriate documentation or some friendly guidance of how
not working for me, always get this error
Error: Idm client exception: control not found
and also try using this:
http://www.freeipa.org/page/HowTo/vsphere5_integration#Permission_Update
On 3/6/15 7:49 PM, Martin Kosek wrote:
I am glad you have it working. However, I would like to discourage from
This is the directory on FreeIPA server that the vCenter is authenticating
useres against.
On 03/06/2015 02:40 PM, Herwono W Wijaya wrote:
there is no directory /var/log/dirsrv/ in 5.5u2b version
On 3/6/15 8:34 PM, Gianluca Cecchi wrote:
On Fri, Mar 6, 2015 at 2:12 PM, Martin Kosek mko
On 03/06/2015 01:16 PM, Dmitri Pal wrote:
On 03/06/2015 04:32 AM, Martin Kosek wrote:
On 03/06/2015 09:34 AM, Andrew Holway wrote:
Hi,
Were using rabbitmq to shunt bits of data around various systems to provide
better security we would like all of our acmq connections to be authenticated
On 03/06/2015 01:30 PM, Matt . wrote:
Hi,
I'm figuring out how to regenerate the webserver certificates so I can
use a loadbalancer in front of my ipa servers.
I see in the docs there is information about this, but not for the
webservice. Does anyone have some directions ?
Thanks.
Matt
On 03/06/2015 10:56 AM, Roberto Cornacchia wrote:
Hi there,
I'm planning to deploy freeIPA on our lan.
It's small-ish and completely based on FC21, so I expect everything to work
like a charm.
Except one detail. We have Synology NAS station, which uses DSM 5.0.
The ideal plan is to use it as
On 03/06/2015 05:59 PM, Dan Mossor wrote:
On Fri, Mar 6, 2015 at 9:43 AM, Dmitri Pal d...@redhat.com
mailto:d...@redhat.com wrote:
On 03/06/2015 10:35 AM, Dan Mossor wrote:
On Fri, Mar 6, 2015 at 9:21 AM, Dmitri Pal d...@redhat.com
mailto:d...@redhat.com wrote:
From
newbie but I thought at step two in the vsphere
integration howto I modified the groups schema to include that object class?
On 3/4/2015 at 8:32 PM, Martin Kosek mko...@redhat.com wrote:
Given that this HOWTO does not use the vanilla Schema Compatibility settings
(FreeIPA Compat Tree
On 03/06/2015 08:35 AM, Alexander Bokovoy wrote:
On Fri, 06 Mar 2015, Martin Kosek wrote:
On 03/06/2015 02:24 AM, re...@hushmail.com wrote:
Just to confirm I should restart the server after i've run the ldapmodify?
Right. It would be safer thing to do, if you modified the Schema
:44 PM, Martin Kosek mko...@redhat.com wrote:
Thanks. The configuration looks OK, I wonder why the uniqueMember
is not
generated for your compat groups - it works on my FreeIPA 4.1.3
server.
Did you restart the Directory Server after you changed the Schema
Compatibility
plugin?
On 03/05/2015 09:16
On 03/06/2015 02:38 AM, Dan Mossor wrote:
On Thu, Mar 5, 2015 at 7:21 PM, Dmitri Pal d...@redhat.com
mailto:d...@redhat.com wrote:
http://i.imgur.com/mhX86Ng.png
It should show up if you do not have a ticket. Destroy the ticket on the
client and try to access the server via
On 03/06/2015 04:38 AM, Herwono W Wijaya wrote:
Problems with FreeIPA 4.1.3 for vCenter 5.5u2b SSO, only the admin user can be
used and always get an error for other users.
You mean admin user from vCenter, not admin user from FreeIPA, right?
Did you follow this HOWTO:
On 03/04/2015 04:57 AM, Hugh wrote:
All,
We're running ipa-server-3.0.0-42/389-ds-base-1.2.11.15-48 on CentOS 6.5
and synching to AD. We're able to synch users, but can't synch groups.
When I was adding in the ntGroup objectclass, it appears that that
requires ntUserDomainId to be set.
On 03/04/2015 09:43 AM, re...@hushmail.com wrote:
Hi,I've read the thread from Nov and checked out
http://www.freeipa.org/page/HowTo/vsphere5_integration however i'm
still having trouble getting vpshere to use freeipa as an identity
source.
I've set the base DN for users and groups, the
On 03/03/2015 04:34 PM, Dmitri Pal wrote:
On 03/03/2015 07:22 AM, Martin Kosek wrote:
On 03/03/2015 05:38 AM, Jason Prouty wrote:
Is there a method to auto disable users who have logged in 90 days.
I have a security requirement to auto disable users who have not logged in
after 90 days
unconfined_u:system_r:httpd_t:s0
[Sun Mar 01 04:29:02 2015] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Sun Mar 01 04:29:03 2015] [warn] Init: (
sv2lxbdp2kfstd02.corp.equinix.com:443) You configured HTTP(80) on the
standard HTTPS(443) port!
Thanks,
Shaik
On 3 March 2015 at 20:06, Martin
On 02/28/2015 07:18 AM, Rob Crittenden wrote:
Hadoop Solutions wrote:
Hi Rob,
please find the attached log of /var/log/ipaserver-install.log
kindly let me know the solution for this..
Can you see if you have any SElinux failures?
# ausearch -m AVC -ts recent
I see some SELinux
On 02/27/2015 09:39 AM, mete bilgin wrote:
2015-02-27 10:33 GMT+02:00 Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com:
On 02/27/2015 09:30 AM, mete bilgin wrote:
Hello,
I'm trying to install ipa-server with trust (Win 2008R2).
trustdomain-find
,
ipa-replica-install --setup-ca worked as expected.
Thanks to Endi Sukma Dewata and Martin Kosek for putting me on the right track.
You are welcome. This case actually got me thinking what we can do to automate
and check this misconfiguration *before* running in such hard-to-debug problem.
I
On 02/27/2015 09:30 AM, mete bilgin wrote:
Hello,
I'm trying to install ipa-server with trust (Win 2008R2). trustdomain-find will
work but when i try to trust-fetch-domains ipa: ERROR: AD domain controller
complains about communication sequence. It may mean unsynchronized time on both
sides,
On 02/27/2015 10:01 AM, mete bilgin wrote:
2015-02-27 10:45 GMT+02:00 Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com:
On 02/27/2015 09:39 AM, mete bilgin wrote:
2015-02-27 10:33 GMT+02:00 Martin Kosek mko...@redhat.com
mailto:mko...@redhat.com
mailto:mko
On 02/25/2015 03:11 AM, Les Stott wrote:
-Original Message-
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Les Stott
Sent: Monday, 23 February 2015 8:01 PM
To: Rob Crittenden; Martin Kosek; freeipa-users@redhat.com; Endi Dewata;
Jan
On 02/21/2015 02:05 PM, Thomas Raehalme wrote:
Hi!
I am in the process of migrating FreeIPA master to another server following
the instructions on page
http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master.
In the instructions 'post-save command' should have one of two
On 02/20/2015 02:00 AM, Dan Mossor wrote:
I just installed a new server on Fedora 21 Server, using the rolekit deployment
tool. Everything was installed and configured (I hope) properly, but I'm
running into a problem. The version is freeipa-server-4.1.2-1.fc21.x86_64, and
I can connect to the
301 - 400 of 867 matches
Mail list logo